last executing test programs:

1m49.855386697s ago: executing program 4 (id=1690):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
setregid(0xffffffffffffffff, 0x0)

1m49.640107603s ago: executing program 4 (id=1692):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='P', 0x1}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000002400)=[{&(0x7f0000000140)='i', 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x4}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x5}, &(0x7f0000000240)=0x8)

1m49.32649296s ago: executing program 4 (id=1694):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000010180)=@newtfilter={0x88, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x5c, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x5, 0xd, 0x3, 0x4, 0x13, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x3, 0x2, 0x8001, 0x10}, {0x0, 0x55, 0xa9, 0x1}]}}, @TCA_U32_INDEV={0x14, 0x8, 'erspan0\x00'}]}}]}, 0x88}}, 0x24040084)

1m48.971296503s ago: executing program 4 (id=1697):
syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x200000, &(0x7f00000000c0)=ANY=[], 0xbe, 0x1e7, &(0x7f0000000200)="$eJzs201u00AYxvHHcZyUUiifG1ZILGBDAoUNO3oALsCuak1V4QIibFohIa7Bjpv0JlyglWDHCqOZuJEdJs7YwflQ/j+pzavYj99JlLE9CwvA2rph/wcKFNkqTdMv9yW9fiWp/e/+V+c9QACNSfUnBbCuwp+LHgGAxbjYDe19wFkg/fj1ef88+4s87x8udlvDYkNSLt/xzX8N7Ou9tnSey3ezQ069f/k+zD9UMX+lYv/NsfzmlFwwyg8//6MHxbxZJ21JuibpuqRtSeabvinplqP/wVj/u57jB2Zhfn0910K/Sr5Xv7+ZPW+OkviJa2M4PR9l+afuzblTyJlzh06W3/Ec76T8s5r5bpbv7b9PDhzbWzWPC/ho2flf36zzP5R+p+Pz/6V/vl0+/wGUGJycvt1LkvjjwFxsbTF6Z1IR2aKbHaFsZ3N1zL2jkhZmMeLVnaL5YsOxKSr8WpouOv/tgCrbx1y+luEL9ywuZ23zvbaThZ2SAMxJ/9Pxh/7g5PTx0fHeYXwYv9t5/uJy2W3X5f2Jq3MAK654c+4jaHZAAAAAAAAAAAAAAACgstuS7tQJ+j7gBwAAAGBplD8G9K3iw0OR5HjcqqT91hw/KgAAAAAAAAAAAAAAAAAAALDy/gYAAP//R4hAiA==")
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1m48.210881972s ago: executing program 4 (id=1705):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0103000000000000000005000000080001005d00000008000300", @ANYRES32=r2], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x20048040)
recvmsg(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

1m47.651533598s ago: executing program 4 (id=1715):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000340)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}, {@nomblk_io_submit}, {@nomblk_io_submit}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)
syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file7/file0\x00', 0x100000, 0x0, 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x2)

1m47.329786222s ago: executing program 32 (id=1715):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000340)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}, {@nomblk_io_submit}, {@nomblk_io_submit}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)
syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file7/file0\x00', 0x100000, 0x0, 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x2)

1m6.910288569s ago: executing program 0 (id=2114):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000200)={0x7, 0xfffffff6})

1m6.696974402s ago: executing program 0 (id=2117):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b1c, 0x1c09, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x408, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x9, 0x8, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x6, 0x9, 0x9}}]}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000080)='\x00')
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000480)="04")

1m4.532150828s ago: executing program 0 (id=2127):
epoll_create1(0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r0, 0x32d7, 0x0, 0x46, 0x0, 0x0)

1m3.921669353s ago: executing program 0 (id=2134):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYRES64=0x0], 0x1, 0x54f4, &(0x7f0000005600)="$eJzs3M1rI2UYAPBn2u1+uxbx4G0HFqGFTdj0Y9Fb1V38wC7Fj4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJmZ6tYvhKaNtb8fTJ6ZN2+eed5QCs9MmADOrfn0px+SuBFXImI2Iq5H5PtJueXWivBMRNyMiJnHtqQc/23gYkRcjYgb4+RFzqR865Pbo1ur37/245dfX7pw7dMvvpneqoFpezYietvF/l6viFm7iA/L8fqok8feyqiMxRu9R+VxVsS91maeYa9+OK+ex+V2MT/b3h2MY5LUG+PY7mzl49v94oSDUfswT/6Bh/Wd/LjZ2sxjZ5DlsX1Q1LV/UPxvOxgMizzNMt/7efoYDg9jMd7abxXr2X6Ux0Z/WI4XebNma38cR2UsTxeNrNvM69g8zjf93/Z6p7+7n45aO4NO1k9Xq7XnqrW7ldpO1mwNWyuVeq95dyVdaHfH0yrDVr231s6ydrdVbWS9xXSh3WhUarV04V5rs1Pvp7Vadbl6p7K6WO7dTl9+8HbabaYL4/hip7877HQH6Va2kxafWEyXqsvPL6a3aumb6xvpxhv3769vvPXuvXcevLD+6kvlpD+VlS4s3VlaqtTuVJZqi+do/R+WRU9w/XAsybQLADh79P/ANEyj/9/qTq7/D/3/RJyp/ve89/8nsH44Fv0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC59e3cZ6/kO/PF8bVy/ImIm+Ohp8rjJCJmIuKXvzAbF4/knC3zzP3N/Lk/1PBVEnmG8TkuldvViFgrt5+fPOlvAQAAAP6/Pv/g5sdFt168zE+7IE5TcdFm5vp7E8qXRMTc/HcTyjYzfnl6Qsnyv+8LsT+hbPkFrMsTSlZccrswqWz/yuyRcPmxkBRh5lTLAQAATsXRTuB0uxAAAABO00fTLoDpSOLwVubhveD8l/e/3xC8cuQIAAAAOIOSaRcAAAAAnLi8//+H5/+F5/8BAADA2Vc8/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiVnfvJSR2K4gB8Wuh7vD9GYpy7FWewDJfg0KFhAW6CJeAW3ABrwJlLMGBoS7QGE5PetpF8X9JebkN+nBIm515SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJzsZo/3l89tM3Z7tpJczcAAADAMZtiNS9fTKv5v/r6WX3pop5nEZFHxLHefRS/GpmjOqf44v3FpxqeIsqE/Wf8ro+/EXFdH6/nXX8LAAAAcLrWi+Ws6tar03ToguhTtWiT/79JlJdFRDF9SZSW70+XicLK3/c47hKllQtYk0Rh1ZLbOFXat4waw+TDkFVD3ms5AABAL5qdQL9dCAAAAH26HboAhpHFYSvzsBdc/vP+fUPwT2MGAAAA/EDZ0AUAAAAAnSv7f8//AwAAgNNWPf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALm2K1Xy9WM7a5mx37aS5GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf15R4EQCIMw2Lu+M5n7H1YaNDU1qQLh428MBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu7nNY4qDgD4d2Z2trYqxig5RETBg17sdlNbe/WgBA/+CUJItzW69Ueagy1FyMWb5NyL6FFEUOKt/0PPLfRSbz3soYJnZWZnmmkacLV0Zpt8PvD2fWcY5n3fJIR8570EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2eW8vzoqPhWmcVudu3b+2XvS39/WFGzt3lotWxEmbST8dXm0eJEvdJQIAAMDRkdX1fUTczXdXiz5dKOv/vL6mqPl/eH4a1/X8/rq/7uvav2i//3bv5QcDLUzHKW56YWM8OvVoKr0nN8v59sK/XtErn3z57iUrvyDph9svTfLyeSbf3bz5fr8Mj7WRLQDwf5ys+yqofx8q+mGXiQFwZPQahXdd/2cL3eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IbJdjxbx0lELPf24sLt+9fWD+pv7NxZrtvZ69d3mvcsbpFHxIWN8ehUi3OZd5evXP1sbTwebbYfvBYR3Y1eBR/PcE1ElxkKHjdIq+/1ecnn6Qg6/sEEAMChk1etqOvv5rurxblkMeLvHx+u/99sxDFj/X/vk7O3mmM16/9hazOcf4OtS18OLl+5+vbGpbWLo4ujz99ZGb47PH3uzJlzg/JdycAbEwAAAB5PP4no76v/08VH1/9PNOKYsf7/6vvhN82xMvX/gfYW/brOBAAA4Gh78fW//kwOOJ/0+/H12tbW5nD6WR3H5kp5vNJBqv/Zsao16/9sseusAAAAgDZMtpOH1v/PN+KYcf3/uZ9e+aV5zywijlfr/yfXvxifb286c62NPyfueo4AAAB063jVmuv/ebn/P32w5SGNiLfemMbVvwGcqf7PPvj25+ZYzf3/p9ub4lxKl6bPo+yXInpLXWcEAADAYfZM1Ypi/498d/XTX0981Lf/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBt/wQAAP//K8ZAQg==")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x1)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1m2.657499879s ago: executing program 0 (id=2140):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002300000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x40)
syz_emit_ethernet(0x52, &(0x7f0000000140)={@broadcast, @local, @val, {@mpls_mc={0x8100, {[], @ipv6=@tcp={0x9, 0x6, "2c90d7", 0x14, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, {[], {{0x4e23, 0x4e23, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x10, 0x9, 0x0, 0x3}}}}}}}}, 0x0)

1m0.75427392s ago: executing program 0 (id=2146):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000140)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000002700)=[{&(0x7f0000002280)="ed", 0x1}], 0x1}, 0x0)
recvmmsg(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000640)=""/189, 0xbd}], 0x1, &(0x7f0000000a00)=""/71, 0x47}}], 0x1, 0x40012000, 0x0)

1m0.546750753s ago: executing program 33 (id=2146):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000140)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000002700)=[{&(0x7f0000002280)="ed", 0x1}], 0x1}, 0x0)
recvmmsg(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000640)=""/189, 0xbd}], 0x1, &(0x7f0000000a00)=""/71, 0x47}}], 0x1, 0x40012000, 0x0)

5.082639054s ago: executing program 6 (id=2760):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x15f84000)
socket(0x400000000010, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)

3.984559693s ago: executing program 6 (id=2776):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00598f2f223a0a12f76404ad3bd59a04fbd75d1008c039c51a2a013e63af1c9ed7416faa1e2ea98d0f1c7337a5c81920988a4299a77054cdb12285fd7a0e5b43382d962372b73042593a5bd6b7db4a1b3721c62f11018727c29f3a1bd1e554474ea0d1da2a20b205df342a04a34b65e16a23e8e7811a984963073ebcbead85f9e4332bdef4c1ce54a1c6f7a47b75aa95b9e8cb616be40a0000b1309ee426d1803ef09abb9509846c34b9ac0bf109cedbd12c850effda9ae677566159f9c83da7ff6e247e3ac43c0a663c8c83650692e474bac2c047b238601bd5187d6bed82fe2034512ef11b74a98252198c4402bcf3165561157678e9d50831c27d1094a04d8c7607d7164033cda7a81704824d3107f232de8c24f57de3f78727828e8206403db4", @ANYRES32], 0x1, 0x4468, &(0x7f0000010780)="$eJzs3c9rG1ceAPA3spPY2SRrZxPIwsIKNrDL7mLsnHbrQB3H+WEnborbhNKLIttK4la2gi2XHnJwb4GeCj2UHkIK7cmnkEOv6Z/QSw89pKceQttDoRQKoS6SRrZmZNVKsGycfj4Hj+a9ee99re/M6I1AM5lY+dbcUnZuKZtfyJZmbiydyr5TKi7PF0JmhyTG74nH37dz49OeTuwnu73v/ZFdOXv+tWunQvhi9qsna2tra6GiO2xqqOH1zz/emWlc1mVSbSr9bt7bdnkzhHCsKa6KrhDCG5+HEIUQzsRlo/GyN4RwONTqrt15/3p2m6J58LhwOvd08u7D4ZMTq/cetv7foxA+Lv71vzfnv/9H1/A3/96m4QEAAAAAAAAAAAAAAAAA2OMuTF25+urgUHgUhe7VqOH3ur1xfbxdq9/Hrm2bv7eM8bv0j4oBAAAAAAAAAAAAAAAAAADgBbPx+/9sdDRqfl73WLwcadF+7eXOx0jnjL9yZezc4FD8/Peoqf5/cdEPZ7pC/ybPfU8///1Mqv3mz39vHud51eOrj9sXosxAYj2TGRgI4ZP4we8nooOZYmmp/J8bpeWF2W0LY89K5r92o41EduJ7b7Sb/9FU/51//v9fmvamyvr17dvFXmjJ/He13O7T96K28n821W4n8v+s3E5mQzL/3dWy3sYNRmrvViX/H3Rvnf+xVP9t5b/32eM+EkLIRpWm2cQZoDKHqZS3mq+QlMz/vmpZ4tQZv5Gtjv9fUvk/l+p/t87/K+kPIjaVzP/+allPYouN47//p/hWXb9z/J9P9b8b+a/Ev1ItnPqss2Pvfcn8H6gVdic2qb6T7Z7/LySa7u9Y/q9m4jiPRIk9YDWqlbe6Xx1Jyfz3NNVvXP9l2pr/XUy136nrv/q4fSFUr//qp/9/RbXrPzaXzH/TROzr4/GFVLvH/3iqg06f/0eq8z+eVzL/B6tlyblzX/Vvu/mfSPWfzv+3f9qeuKuzkp56/jfOJ78eqJXfN/9rSzL/cXIyjd8DrFT/Vud/0dbz/0up/ndj/lfZOVZSF/n7OxvEnpXM/6F09fHh+EUl/1+28fl/OdVB5/MfwqDv+p5bMv+HW25XPf57ts7/ZKpdp/P/zy3q059HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+a0XjZF6LMQGI9kxkYCOFsvH4iHIym87O56WJp5u2lEMbi8mw4Gt0slqbzxdzcQmm2kMsXi6WZEM7F9cdCT7RULJVz8/nb59f76o1uFfKL5elCvhxCuBCX/y0crvc1PVeez98OIVxcr/tzprR4+1Z+ITc7t/jS4ODgYBhfj6E/KrxbLiyUa6PXakOYWG/bFzUEV62+tB7Loeit0vLiQr5YLb/c0KZYmskXG9pMxnUfhv6ovLi8MJMvF3LF0s36eLtpJF6OjU+9PnV5qKn+elRbju5sWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8o0fD//8ohNBdW8uEEEbqL6LNtn/wuHA693Ty7sPhkxOr9+4/abUdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MYOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVdukYJWIgCgPwm7GJncewCklnG1FECyOCJ9BjeBg9ipfwDhYWtlaCzCxhdwLb7Fbf10zIT/IezA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs5+ZxfnoYxogUXY6Ij5fPr2V+V863y/b3J0fYkcO5vZ+vroex3HvayS/Kq+8p/6e/P6/P0Tir962ebPqUlv+uz6ere7X61jXKVverc88i5T4ippKfp5z7fnUMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W2fRtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzAoAAP//v5Ynrg==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)

3.658308868s ago: executing program 5 (id=2783):
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

3.333959115s ago: executing program 5 (id=2787):
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000351930404516080036cf000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000340)={0x60, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

3.126929839s ago: executing program 6 (id=2789):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000440)={0x0, @isdn={0x22, 0x5, 0x0, 0x0, 0x3}, @sco, @ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, 0xe073, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000400)='syzkaller0\x00', 0x3, 0x2, 0xd})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r0, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20)

2.194145281s ago: executing program 6 (id=2794):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x1, 0x0, 0x8, 0x4006})
fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x1, 0x1, 0x2, 0x7fff800000000})
fcntl$lock(r0, 0x7, &(0x7f0000000280)={0x0, 0x1, 0x7, 0x5})
fcntl$lock(r0, 0x6, &(0x7f0000000140)={0x2, 0x2, 0x8, 0xf05})

2.052437425s ago: executing program 2 (id=2795):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x3c, r1, 0x1, 0x0, 0x0, {0x54}, [{{@nsim={{0xe, 0x2}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.958464023s ago: executing program 2 (id=2797):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0x6, 0x23, 0x0, 0x1, 0x3}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

1.881898547s ago: executing program 2 (id=2799):
r0 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), r1)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000200)={0x0, 0x42, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r2, 0x1, 0x8, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0xffff8000, 0x4, 0x0, 0x80}}}}, 0x30}}, 0x2c040090)

1.85232156s ago: executing program 2 (id=2800):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_dev$sg(0x0, 0x0, 0x8002)

1.794261549s ago: executing program 2 (id=2802):
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
setreuid(0x0, 0xee01)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d4e, 0x103)

1.741265523s ago: executing program 3 (id=2803):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0}, {0x0}, {&(0x7f0000000400)=""/115, 0x73}], 0x3}}], 0x1, 0x60, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000050000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="0500330003000000080034"], 0x2c}}, 0x0)

1.678380697s ago: executing program 2 (id=2804):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)

1.678191015s ago: executing program 3 (id=2805):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x48c})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f00003bc000/0x1000)=nil)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0)

1.349437408s ago: executing program 6 (id=2807):
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f00000003c0)='./file1\x00', 0x2010008, &(0x7f0000000000)=ANY=[@ANYRES32=0x0], 0xff, 0x5a85, &(0x7f0000000480)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkcZDCrRUYJwbG14lf5RyqWc4mdAoeSyynH4mTDglZE9kqo9COATGKRA591YJedci7ByR/EhX1nW3FxZV+MQpmAOYnzLxUXH3VlU2ffYf/hK8KhMqCjXD42tTP9Zmd6p7dnZ2elBT6fkran37z59rdfv+np92Z2JwAAAPCqcPzOfaeuPvd3v/1nEy989Pf+YdftYahcK6/GCsPp8pYzlSGnU39lbW2Z7Re/9pEv/XT0ht/+1v2Dn3/x2PYLdvzwd8664cEPXXn0nr9+5PkVX3vpqaK4sT9dPLOePJOEUP3Gyb/42LHvnDNdlqyc/lk6FMLqZM0jq5NMiLFfhBC2T+cYQlibufOrL1y6Y3p5+139LeWrMvXy+nuD/v6KNt0PpzvWwVM3vyH86B1b7/jeuq/8Xd+Rpw/NVEmqTf0phJXXNT++L4QwkP4PaV8MTf0xdtotIYTBpse9uSCv13eY/8ac9fPS5bJ0OVQQJ96/PrNeytTLrkd9meVgwfYWKi+PbuqVO6izPLOePRktVF6esXx1uvx6urx4nvHL6T6Uk1BKQqWR/mQy00dC03FLQlI7ltXGeqlxbEO6/5n1JLNeyqyX+zL7Vdtu2tHKSdJaHutlyuPpuJKWX9B8bdLGe3PKX5suq+kT9cW4HrI36oZm3WjsV03M6+QcuZwOpaZzULvyxoFPD8ZQWjaUrJn1mKk24n3Htt69obztm8eHc/JI7k/S+ElX8Q9+d/XyD3758IHs63oj/nWlNH6pq/g/vurEs9cc/txnc+N/KsYvdxX/kocGn7nq0TvX57bPydg+la7ijz/12CfWnX39kdz8743xq13F33z0RP+KUw89nJv/WGyfga7iP/m2d/7ki0888HRu/BDjD3YVf9vRPZ/sHzl1UW78h2P7DHXXf547csUPRkZ+NpoX//EYf0VX8b9w6J633rfqritzj++W2D7DXcV/94UP3rH81APn5507k3s7fYUFoJ2z0musj6frXY0zp7KzFvPXNF74q9FK/Zpvefp/xYKjN8lcfE5vZ2Uv4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABACOE1b/iv7/rf7xt+ppKu96c3nizVl7F8WQjJQAhh3/7xvft37r5x9EM3Hdi7e3xydHz/6MTu/XtvHb3sN0b3TuyZHL91+t6xN15af9yakNSXyfmztj0QpqZKw61lcXv/6sIjP9rw5v/zzyGMveb7I5Xc/Dfes+u+s9v8zEg2T71914Grv3/536b7NZzmNdwmr6mpqamQk9f/ff8v7/vzkz+9KISxX5krr8ee/K1/bEmoVjATJ1XqD/WE+pPBtnk0sk7zie1V2bFzcmJs7vadfnw5Zz/+9Uee/sWOWz79y3r7VnP3o8P2Hdg8NVn6y63v/v9/eVu9oCivM3Xci9o77kXML7ZfNW3vlel+rczZr0rOft35vYef+Ma5h/MbumC/+tIO0Je8tqPtxr0bTFa3lFfT+jGR+LiN+3ft2bjv1oNv3Llr/MaJGyd2v2XTZZuuGLv8iss31vZ8Y2/2//lDYazy3LrBELf/qx3ufy/600D22Tdru6v++NDX48/O+lNrXsvm3R7TeRW3R3NGec+/wfd+7DNvuefRq+sFRf081m6cT9Ll4PRx3hSa+tvstmq3X0XHJ4Qw2q4dnn3+ynDO/9h5R9F5qPnINP/MSDZPfWf9z//2zX+z9jfrBaflPN+cUJfn+UbWM/nU2qu6Y+ftzXWXWvv2h3K6X0Nt89r0nUf77j7+z3/SyG/ZsnDL+P79ezfVfy5PM12enNc2r2xp3K91tZ/lkB7e0OimbfrrtL5Qzy97/ozVs606lN43lKxpu19Z8b5jW+/eUN72zeN5LZ3cX9/iQFhRXyavy6k5mXlguZFwu+0v1edfUf8YedfffO19X/v7y2b1j0vqP4v2K8nZr6888YXPfP7T//bve7df7/qtE8M//59/tKFesOTPK+V6Io2s03ySmfPK5MQlIRQ9/9aF9vvReP79+3KMm2bUfn+Knn/Z7czUbx9vNLM+FMpdPV8veWjwmasevXN97vP15FzP1+adva3lceWC5+tS6T/Z51dSac1j8Z5fLR0l2Tz1rY+fdeiRj245t15Q9HrZqN2uX1/awfgjZ7/+8ZofjNw0+m/+e+/OG1/6ja9e+8PxzX9aL+j+uMdcenPcq2n7VnPat5F1HHc2t++bbrhpcnu9vKidz9z1b7osGP/EU8m+Ww9+eHxycmLvvs72q9PX07idbCt3+3oaz25rCvarNGu/Fu9GJ+3V6fMt5r+96/Zqfb4NhaSr14WD3129/INfPnxgeNaj0g1dV0rjl7qK/+OrTjx7zeHPfTY3/qdi/EpX8cefeuwT686+/khu/HuTNH61q/ibj57oX3HqoYdz44/F/Ae6iv/k2975ky8+8cDTufFDjD/UVfzUz3LjP56k25m+Rgrhqy9cuqO+noS+9PkW8+hryStk15PMeimzXm5eL8VZhHQD5SRpLY/10vILmnJp5w9zyuNVWHVtffliXA/ZG3OXLzWlpnN/u/Ki61QAgFe6+P5/vAaN7/9PpBdK+TMNMKPbcdiPnztyxQ9GRn62NiduHIfNzOe0vse6No0fHx/nAUfeFMaml7eP1i/05/s+Qnw+ZOc543Yuen1rjMJ5zqna9mfNcxbNv6/PrMe86vPllaZxaGr2uKYSOph/X58JUzT/ntn94vezRj8+K63Rpnmr7PHrS2fM2n3eIbS2S2U6Ql7/yM6Lxc9zjKwMW2rb67B/ZD9HE49D9nM0cTvnZk6c3X6OJq9/DM9uh5a8Yv+I9eboH7WUi9+PnH38whztO3P82kfLHr95HO9qCP/pc3Flsd6f7cG8YdtTWifzhv1tthDv63zecHHfDzMvmRM/fYJ1MG/40qqWx53eecNYHvej0uF84vtyyns1nxhPFzGvk3PkcjqYTwReqeL4P75GTI//py/A/1+mXtE4JXvVGOPlfk6v3D6fonHH7M/pDXb1Or7t6J5P9o+cuij3OufhTj+nt6dlbbDgcz9F7bghs17YjjkTNEXjvex2ito9+7mMobCiq3b/wqF73nrfqruuzG33LfUX0uJ2/0zL2oqCdl/sz3O+/D9nYLzQNv4S/xxDp/NnZ+xzDOkHnxZrPPIHOeXzHY8MzrrR2K+apTsemXkh7W+dwAMAaCuO/xvvn6Xj//8VK6TXEUXj1osz6zFe7rg15/okb9z6++nylkz9ofQ3KuZ73fzuCx+8Y/mpB87PHbfc2+k49D+2rA0XjkMXNm7OHUds6c3nxXPHEY1x1sLGibn5N8aJCxun57xN2zROX9g4Ord9GuPo1nmAz5zoLH6cB8iN35gH6OE496WZSqdvnFswX5fZWFztdL7ujIyjV7bu56KMo9Nfn12scfR7c8rnO44emnWjsV81S3cc3VpuHA0AvFLF8X+8jIvj/0cz9Rb6PnvuuKBH1+3ZvwfSiP/4oowrZ+L36P3f4nHfYo9b88b1yaF2W4n3dj6uX+x5iZf7+7+LPS80XPsDnmn8TSs7jN/pPNkZe395qYyL040aFwMAsJTF8f9Aup4//l/Y+GTW+K2vfgk5Mz55+Y3Pm+udufF5r953Nz5vG7/T961z4i+d+a/F/ZzMq378H9fT1SnjfwAAlqA4/o+/9hj//t9/Sdezf7d+6Y3Tp9JL0kV6Hz1tD+N04/Qwxzj97Tm/7xHv73yc3uN5thi/+XMA5gFO7+fjB2bqmwcAAOBM6KuNlGb/nv0H0mX29+zzfi//mpz6NR38TdRKenl8/f69ExPXHtizfXz/xLW7b9o+se/am/fu3L9/Yne93kLHjbnjljTJvlBJ26N9vey4bVU6MbAq5+8hZOvHsOfVbsz+ewjZzQ4U/B2BmePXWb55x680R/12/SPveOfF/8Oc+lHj+N/wR5dcu2PftTt379y/c3xy58GJ1ujTDTE4j+/NTNL/8/q+1Mee/HfHQ6jfqn1rZkZp/t/fGQ/PPPNo+THriVSabpEk9/hP55Fk8lidZrI67/sPcvL+9n/78z++cOqXXwxh7DXl180379aQm6f+8/snfn//8e/vmc6/NGf+jZppXkXfV5qtH/enMnnTvv1v2HHTgd3Zb5TsTpzPKDXWF2k+I336lzucn9iWUz7f398vz7qxNHU8PzHtHdefvsQAAJa4+P5/vJ6N7x9+Or2AiuWdj9PrF47dvn+cO04f62ycnv1esqJxerZ+3N9Ox+nVBY7Ts9vPH6cP5NZvN07PG3fnxf+DnPrz1Xk/6eL3MeLw88uHD+T2k+uy/WSgbb3s9xkU9ZNs/fn2k2SB/SS7/aL5nHb12/WTvOOeF/89OfXzFPWHSqM/LOz3Z3L7w6c6O2/8ema9qD9k68+3P5QW2B+y2y/qD+3qt+sPecc3L/7VOfU71do/pjtGrV9MXHvzTXs/3FRvsb//Isz+SEYn+S2beezifv9Htzpv38X93NfC8w9hc60kL//F/VzZwvMvav95/P7XyjDrc2W5+T+ecwLpef6L+/0uGXnVZz/+dM3XpmeCos+fFc3jbs0pn+887rJZN5amec3jAj0Vx//x7Z44/r8rXfb6baCX//ek+R6ztvF79D1mRdcxr7rX8+xb7l7PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7++kPor6yt3Tx+575TV5/7u9/+s4kXPvp7/7Dr9l/7yJd+OnrDb3/r/sHPv3hs+wU7fvg7Z93w4IeuPHrPXz/y/IqvvfRUYezh2s/KxelqNYTkmSSE6jdO/sXHjn3nnOmyJIRQToYPhbA6WfPI6iQTYewXIYTtMdVK651ffeHSHdPL2+/qbylflQmS3a8wVI75NOcZwi2Fe8TLUDXtZwdP3fyG8KN3bL3je+u+8nd9R54+NFMlqTb1pxBWXtf8+L4QwkD6P9SfMjVr44PT5ZYQwmDT495ckNfrO8x/Y876eelyWbocKogT71+fWS9l6mXXo77McrBgewuVl0e39Yosz6xnT0YLlZdnLF+dLr+eLi+eZ/xy/J+EUhIqjfQnk5k+EpqOWxKS2rGsNtZLjWMb0v3PrCeZ9VJmvdyX2a/adtOOVk6S1vJYL1MeT8eVtPyC5nN1G+/NKX9tuqymT9QX43rI3qgbmnWjsV81Ma+Tc+SS+g/FVbpXajoHtStvHPj0YAylZUPJmlmPmWoj3nds690bytu+eXw4J4/k/iSNn3QV/+B3Vy//4JcPH1ibF/+6Uhq/1FX8H1914tlrDn/us7nxPxXjl7uKf8lDg89c9eid63Pb52Rsn0pX8cefeuwT686+/khu/vfG+NWu4m8+eqJ/xamHHs7Nfyy2z0BX8Z982zt/8sUnHng6N36I8Qe7ir/t6J5P9o+cuig3/sOxfYa66z/PHbniByMjPxvNi/94jL+iq/hfOHTPW+9bddeVucd3S2yf4a7iv/vCB+9YfuqB8/POncm9vXrlBHh1Oiu9xvp4ut7tOHOhmsYLfzVaqV/zLU//r+jlhjKmt7NyEeMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDK9E+3XfaB97/9PVsrSQhJTp2pNuJ95WWbN492sd3xpx77xLqzrz/SXLa2izgAAABAsTgOLzVKqmFtuDkZCOe1rR/nCM6La0lreXYZ42TnCDqNEzJxSm3ilLqIU+5RPpUexenrUZxlPYrT36M41YI41dBZnIE54lSme0CH+QzOmU/ncYZ6FGd5j+Ks6FGclT2Ks6pHcYbnjNN5P1zdozhrehTnrB7FObtHcV7Tozi/0qM45/QoTnZOeb79cEVa89y8OLUb5cI4laTcuKPdfPo56XbOX+B2hubcTnVqRdHrcYfbGSjYn7id12ceVyrezqHm+tUOt/Or899O6/53uJ1fX+B2SgXbif32lmx+cTtxrcP+f2uP4hzsUZyP9CjObT2K8yfzidPmPbIY5097lM9HFxgHoFNx/D8z3hsO/ZXfDIPpGSc7CxDHu+tqP2e/3uWdkGK812XKlxXFyw7UM/HWzTe/7ARCJt76TLS+lniVxnhkjnjV5ngbMnfOtb9v29w+t+Z4F2fK++eIV5OdWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARfRPt132gfe//T1bQxKm/7U11Ua8r7xs8+bRLrZ7bOvdG8rbvnm8uay/0kUgAAAAoFAch/c1Sqqhv7Ip9CfLWupV03mAarpeHq4vR1aGLdPLZLRUWx9MVs/5uEr6uI37d+3ZuO/Wg2/cuWv8xokbJ3a/ZdNlm64Yu/yKyzfu2Dk5MVb/GUJ/QbwQQm36Yd+tBz88Pjk5sXdfvTCb/9r0cWtrydb+1R438qYwNr28Pc1/TcH2SrO2t3g3OjqAAAAAAAAAAAAA/8Ku3YZKWpYPAL+emTkz49H9O398Gxf3OKyrWFmpHUNLPA8ECb4sHoSYY51kyZWko7vorphNupCaUgTKwrLhhzZM0qQvvqREvrBgmCV0NgmV8kN9KLQMFT+EMnHOzDNnZs6McxrEXbff78Pzct3XfV/P/Xw4cD1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgQ7TYmJ6vz8zOTSYRyZCc5gDZWL6YprUx6n7lie0/KE29c3p3rFQYYyEAAABgpKwPn+hEylEq5CMfJy7fbYyugVjp+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP89i43p+frM7NyRSUQyJKc5QDaWL6ZpbYy6r7710Gdfmpr6W3esOsY6AAAAwGhZH57rRMpRjVNiIjlxqfPvRLNvA+v75rfyVmTrbFhjXv+3g2F5p6wx77Q15n1sRN7m9vmmAAAAgI++rP8vdCKVKBXWreqHs/5/VF+f5Z3cl5dvn9f+W4HimjMBAACA95f1/6VOpBqlQrXTr6+139/Yl5fNH/V/+2z+qUPmj/p//qXts//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx2Jjer4+MzuXTyKSITnNAbKxfDFNa2PUPfvJyX9cvP/2jd2xUmGMhQAAAICRsj58pfUuR6kwGRNx5HLfP3XhvY986ZHHpiOi1eYXi3HTlh07rj+7dczyznp+/8T3n33926vyzmodD9oGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD8xiY3q+PjM7d0QSkQzJaQ6QjeWLaVobo+4rn//iXx548fHXumPVMdYBAAAARsv68JXevxzVKEYxjl++6+71l+T65g/7ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPm745s3f2LKwsPV6FwfnopmPOAQew4WL3ouD/ZcJAAD4oJ0cSTT/SydcdrCfGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQsNqbn6zOzc+UkIhmS02w2dy0dumVj+WKa1saomz7xQmndO08+3R2rjrEOAAAAMFrWh6/0/uWoxkRMxHHLd4O+CSz3/5UP8SEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ8piY3q+PjM7ty6JSIbkNAfIxvLFNK2NUff+XXs/d9/R37uoO1YqjLEQAAAAMFLWhxc7kXKUCh+PUpzUvl/onZDk2+fB3wVW5m3vmTa55nmNrlnFyK953p19Oyu0d9OaV25H85XWuTOvtjIv155X65pXjU75Wmfe8sva3VNt3YjnHPTuAQAA4MOS9f+lTqQSpUKpq///aU9+RZ8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyx2Jier8/MziVJRDIkpzlANpYvpmltjLo3//b/j/rqz+7a2R2rjrEOAAAAMFrWh6/0/uWoxob4v9iw3PdHpTc/y/tn/d377vnXX0+POPP4A1OF/mV/lF38+pULnuo/ROR6s3MRR7frJUPq/eb399y4qfnuAxFnHpc/aVW9eP96vUumzUfrWy/d8eyB7SNeDgAAABwmsv5/ohOpRKlw3dD+P+u8R/T/HcsN+NE37vrFse1juyPvm5GrtOvlhtT7wqaH/nzquX9/fan/X13vk52rT++99r5jewq2In2StDlz7c7NB87Zl8t23aqf76ufvZcvf+u1f199093vtuqXo9yOr+97lFa11ce+8pE2F3J75i55b0+jt35hyP5v/93TL/5q/V1vL9V/6+TJTv3TYlD91s4LQ+vHEWlz8vI7dp+3d//m3voRUYv86vpvvH1RnPDHa27r3/9k38Ldb7772P8C0ubzG9/cd+691fN76ydL9btk7//nL96/+yd3f/exrH72W5HTT1lr/Vxf/efuPGbXM7detr63fq6vfrb/p654aWpb7Tt/6N//VT2rFoY+xer9P3jGw1e+vCW9pX8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8LLYmJ6vz8zO5ZKIZEhOc4BsLF9M09oYdV+9+IU3rrjrxz/sjlXHWAcAAAAYLevDV3r/clSjGMWYXO77H61vvXTHswe2R6U1mrTPhYVtN+z4xNXbdl531UF6cgAAAGCtXr04We7/C51IJUqFTTHR7v9nrt25+cA5+3JZ/59bOicRcfU1C1vPjE7ec3ces+uZWy9b3/lOELH8s4DyUt5nVvIuvOCFypt/+vqpA/POXsl7fuOb+869t3p+lhfdeWdF5/vEg2c8fOXLW9JbOs/Xnfepr21baH+eyNadvPyO3eft3b85l33HaJ8n2+tmeQu5PXOXvLenkatEaWk8384rt/cNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKy22Jier8/MzkU+IhmS0+zWDmRj+WKa1saoe8mmX9521DuPb+iOlQpjLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YVIVfZxAH+emdl3Z3d2dVdfaCtaVysKu1AKIuqmoiI0QujKkLA0L6IgiCjsojU0Eiu6CbJuJCqothAMcpNEizX6J910UUGBdRGItFC7SBcZO/OccfY4p9HZCqTPB4Znn+ec8z2/c55nzuwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiv9FZG6u2RHY/M3nnRrZ89df/Mk7d/8NC2K55466exTTd/urf/9ZNTm5dv+faWpZsOPLBmcvcrh38bfO+PYx2DH280K1O3GkI8EUOofjj94tNTn18wNxZDCOU4NB7CcFxyeDjmElb/HkLY3Kxz/sZ9M9dsmWu37eqdN744F5K/rlArZ/U0DM2vt9WpfBjnnWpaZ1tnH7sqfH/T+u1fLnv3nZ6J4+Ond4lz+5TTegph0cbW43tCCH3pMydbbSPZwaldF0Lobznuug51XXqW9a8q6F+c2v+lttYhJ9u+Itcv5fbL9zM9uba/w/kWqqiObvfrZCDXzz+MFqpZ56r248OpfT+1K88xv5x9YijFUGmW/2A8vUZCy7zFEOtzWW32S9ncVkK6/p6W42IIMdcv5frlntx11c+bFlo5xvnj2X658exxXEnjy1uf1W3cVTB+YWqr6Yt6MuuH/B8NtTP+aF5XXVbX9F/U8m8otTyD2o03Jz5NRi2N1eKSM4451Ua2bWr9s5eXN3x0ZKigjrg3pvzYVf7WL4YH7nl756MjRfkbSym/1FX+D2uP/nL3zldfLsx/Icsvd5V/9cH+E2s/3rGi8P5MZ/enclb5MfWzbfce++S5Zf+/b6LdXNfz92T51a7qv3HyaO/g7MFDhfWvzu5PX1f5391w249vfr3/eGF+yPL7u8rfMPnw872js1cW5h9qfBVq9RXaxfr5deLab0ZHfx4ryv8qu/+DbfJjx/w3xndf/9riXWsK1+e67P4Mpfy+c6r/jssObB+Y3X9J0bMz7vm7fjkB/puWpv+xnkn9Tu+Z+2ZKbd8zF6rlfeGlsUrjF2ggfTq9Gy7E3HkW/YP5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//2/0YpQ==")
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000005c0)=0x20)

1.199084026s ago: executing program 5 (id=2809):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0x839, 0x0, 0x19d}]})

1.10782338s ago: executing program 1 (id=2811):
r0 = socket(0xa, 0x3, 0xff)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0xbe, @private0={0xfc, 0x0, '\x00', 0x1}, 0x200}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x40080, &(0x7f0000000000)={0xa, 0x3e, 0x9, @mcast2}, 0x1b)

1.047552506s ago: executing program 1 (id=2812):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000280), &(0x7f0000000300)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x6a, &(0x7f0000000200)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x33, 0x0, @private, @broadcast}, {0x0, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x4, "1fa3883e21cd9fe5caae18544a9131d14c91cf0d35507989", "6e447a58f2e6a0893330bdb477ae5aa6740446707740eb6dcb6c5545363eff42"}}}}}}, 0x0)

1.042852466s ago: executing program 5 (id=2813):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180))
close(r0)

963.605913ms ago: executing program 1 (id=2814):
r0 = socket(0x23, 0x5, 0x2)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00000005c0)={0x2000a210})

885.245653ms ago: executing program 5 (id=2815):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000180)={@multicast2, @loopback}, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'})
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="e00000027f0007000000000002"], 0x18)

862.139126ms ago: executing program 1 (id=2816):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x129a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x3, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x4e24, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x7, 0x0, 0x13, {[@window={0xb, 0x3}, @timestamp={0x5, 0xa, 0x46000040, 0x4000}, @generic={0x0, 0x8, "d58838068b91"}]}}, {"2244070000bc0be4bdf9da24708a4ec90000932b52c828de6f79d82439cc93c6f9516a4873ed9248ba27afeb7396efe6"}}}}}, 0x7e)

746.191571ms ago: executing program 5 (id=2817):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, "1674ebcb"}, @local=@item_4={0x3, 0x2, 0x5}, @global=@item_012={0x2, 0x1, 0x9, 'n\f'}, @global=@item_012={0x1, 0x1, 0x7, "84"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7})

741.643706ms ago: executing program 3 (id=2818):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000700), 0xff, 0x49b, &(0x7f0000001040)="$eJzs3MtvVNUfAPDvnbY8fjzaHyIKglbQSHy0tKCycKFGExeamOgCl7UtiAzU0JoIabQYg0tD4t64NPEvcOfGqAtj4lYTl4aEaGNCcTXmvugwnSltaTvS+XyS6ZxzH3PO9957Zs69p/cG0LH60z9JxPaI+DUievPsrQv0529zs9OjN2anR5Oo1d74M8mWuz47PVouWq63rcgcrkRUPkni+WRhuZMXLp4ZqVbHzxf5wamz7w1OXrj41OmzI6fGT42fGz5+/NjRoWefGX56VeJM47q+78OJ/XtfeevKa6Mnrrz9w9dptfYcyOfXx3FbN5oE1ER/utX+qmUa5z26jLrfDXbUpZPuNlaEZemKiHR39WTtvze6Yn7n9cbLH7dec/P6VBBYM+lv0yIteaYGbGBJtLsGQHuUP/Tp+W/5Wqeux3/CtRciNhXpudnp0bmb8XdHpZjes4bl90fEiZl/vkhfsdzrEAAAK5D1bZ5s1v+rxJ7sPR/r2FmMofRFxP8jYldE3BMRuyPi3ohs2fsi4v585VrvEsvvb8gv7P9Urjat8ypJ+3/P1fX95uriL976uorcjiz+nuTk6er4kWKbHI6ezWl+aJEyvn3pl89azavv/6WvtPyyL1hU4Gp3wwW6sZGpkdXaCNcuRezrbhZ/cnMkID0C9kbEvuV99M4ycfrxr/a3Wuj28S9iFcaZal9GPJbv/5loiL+ULD4+ObglquNHBsujYqEff778eqvy7yj+VXDt4AN5Yn7/NyzR+3eSj9f2RLU6fn5y+WVc/u3Tluc0Kz3+NyVvZmPWP72TT/tgZGrq/FDEpuTVLF+e02XTh+fXLfPl8unxf/hQ8/a/q1gnjT/dSulBfCAiHoyIh4q6PxwRByPi0CLxf//iI+8uEn8SSbRv/1+KGGv6/Xfz+O9L6sfrV5DoOvPdN61GzOv3fy1ptf+PxUz2XZvLvv9uY6kVvMPNBwAAAHeFSkRsj6QykKf7t0elMjCQ/w//7vhfpToxOfXEyYn3z43l9wj0RU+lvNLVW3c9dCiZKT4xzw8X14rL+UeL68afd23N8gOjE9WxNscOnW7bre0/yvaf+qOr3bUD1pz7taBzNbb/SpvqAay/pfz+OxeAjenW9r8l/bO1XXUB1pfzf+hczdr/Rw15/X/YmBY+AOj3Jo+sAzYi/X/oXNo/dC7tHzpSfif8lVjJff0rT5Q3C6z8c7Ys+Q7/TkmUT7xYy7K2xvyUqLQ95A5KpC1mfQudf4YKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3ezfAAAA//+5XeWQ")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
lsetxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x1)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140))
rmdir(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

521.259719ms ago: executing program 3 (id=2819):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x8, 0x6, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x10}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000001c0)={r1, 0x1e7ef091}, &(0x7f0000000240)=0x8)

503.112023ms ago: executing program 1 (id=2820):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r1, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0xd81, &(0x7f0000000380)={@random="bbc5f3bdc430", @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xd73, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xd5f, 0x0, @wg=@data={0x4, 0x7407, 0xfffffffffffffffd, "9c67524ed6ed152d4f775bbc411126513b67aa2818e6f3aeb55bee6ae1049f195705bc8bd9b1085cd41af77353267df8a1d4cecdb01908186ea04e641c89a2ee0432e9c0894a8d7aff0c865e96548d507f048f907320b0f8b1e83b5f1425b63ad9c6adfd09578bbda92c9bd8f57d6efd752a6f20487ebea241d612212e3ccb077a5150c08f56aed6ee45acd4439043886b78cc5562b00bc57cf509d90b02a7bc86919f1b882f556e6aac5e9b93ee545b2b68bd014e2a49c332432ef4adeb61ac418aa4e20ee299f1a8b7a72e985223996b11a8913f3b1c23b10f88c3de28660457a37126fd3b6394536da0cd962f532ff22c496e1df4ffe049b193514c02571399d3618383a287068f4f15d51d1781cc0bc2af66ddc68135bfd33634e1a75be80630ce76ef79c86c9abb2fdc6d84367ea10fd8a6ee3c99eaec83c66bf5ffce6eb5ccc2546b6df905ff1aea223029ba2f7eb2469c5b8637b79347361f8cf0fa9d58a039e7811f343961b22c23d68b2c04eb8b5aeee7c6f71ce95cab886bf2694e0643d18761043e2d1dcb8ce0bdd15817a75f591b05146424797f729689e2a7bd53cb6c02fd15c339057c714794b407b342d12e69ec383b6ea6c99f845d04fd5128203c78a388fb0a1caf1f725f7636eb41e415951f8284a9c475760eb9312f7d6307037d472fbda509d56a0cf8e36d44f3f0b67fabdd2842ab4241cbfc7d309188d3a634129a13bfcac3b39b75d46bed585550ff7b41746dfd7e0f0c8a25e9f39deb7e2a4f0e068b86c6593b3b37838d2809eef3eb2f3120fde2fe3e9fef4e4bea1ddf3d17c40f753b37baaa110a8b4ad805d500e0235e9371b828993da25c5697d1001c8971b3862eef047730b242350403c851cd74cdea94501c0e2875a5830aa71733a0f022cb37e1cfffaee8eb0a23d51181a0691dadcd6b30a86a5fbf5c499120e265938f6430ffde09eb173327c2e25bdf22ae0d742141db856c4beee07af0ce37c078f6e59b41a29502cc01737c984185f6622a3ce02ed04daf2a7eb03c92a5a5ecce5973ef704aba9efcb99bf52f5c662d52f4399a13af760f9f9ff3d5930c3fae014b92ee0aded4ba51d95cf946d5f55f5b5d4603f8b76087d681ad77fc385fe114331c24a4ada85eaebf5405467dbe656b31b79a0f893864a13bda309a2fec2f4fc4858d9daf946df31f4077338bfc3116a45827ce8907ad691d241d3a8859a3672aeee3878e45b0be6f68194638dee30ba6735a6424e51f8b9a4965d37ab7ca96e167a5c32c8a935ff34693e24d067039db0f4ffe4dc5fe7c56a0d6e52a7cef9a6f1cc8b88d61d2258e3e0e8f2d7b699d4a22ab661f6afae5b48cc8fbc9ddfe57e76f274e65b210994fd96cd4deb6fdb795df4147ca0d876b1b08b64d20a28a358f48086c0f8d1f0741260f95adabba51f2d3f36107d49d46ba0c666232597bf08bfab60b5a432a1652e2c503fcf977ea6ff15c8e8f3bd9b7a3017c36be787d5a6579f5236b17d7bdc2c3918d9257e266bdf7929bb366d98d2b225c08c3c5ed22113b8c051c811bd1e52ecbe619dbc9579270c7cf69ac129e84a7141e689d9745d56e1cda6affdc1856757a6e39039b17d5286cf393186b99b20c54987087ece9972c39b4a05f1ca218c35254c666e7fcb7df4aa401cc79e1aade63732064ca80af164709a85fcf8ac72fa5ace60aa04d2ee0d5f051cb032f7c25100facb7ec1c247812b0de4f1c3c1ab98f904d9752cc427bc0445d8e27b51d5a8084087ea61f82ccc1114679f673753eddc7cfc00ba7e25db3391579ecdf638ab73078133e49b522d3d16bf2ebd06e7cefc24154088965ad3c9291c68f19f7cdd2943abc716ecf0b33fe249108da2b1f9abdbcb4dba89746a8c5711a41556efe5537327e253bd9ac68dc56516392292152b86ef118e25cac4e3c7c2b20bbc5bbc2d825c8dc14e9807aa6a423fdebfa7deee913c8f9f58bd967d43af1d65dc5ce72b2cd1a17ce34facd199bf2c62beeb752d156d6f31ea0323bc3ec0500587c485d8141f5b5ac81457df9396fbf98222212ef70527b6ed8d6e4d11156c8ecaee4692e068a72cb3b12686436028a7297956c48ee8fc393907edd3695fddbb786808c0a48182e3334e73fedcef0ee1bfbb13dce8a79b8822fd1ca0ed645f64d134c240844be5a7ac3aa15419ae79e7b1d721ae5abe1b0896c6189f23b65d79f5c3677b89f40aceff98dfca244a160dff264a2b14a3774064e1152fe0cabfc23e3e16dba5f46ea6af09fb3b8529022837c7e9303e3ecd0170fcc0e6fb0f3981d9f8f838412eae1a3dd13b7a980a642739e8abebed29db34c06460f09e27ddba1ed76b4ac6290235f6f81fcd3eb12af9821575b050aaf80d5c6c695807f7480f24e4bc0159744f9045a2d37574508d7e687482f775d0a4c471c4914e6a64b0d444037407b8d079751ddf4b14ed0ee6f1e622952a331a1a147f3a805fb7ca29c3c7feb2dddd0db795ac0ca327d95b19ff37bd8d553703014e5137f8c41b947d199f95f245d3354f9679876db736da5cfbd7cb9f80a12e50c895b999b670c9e161aa12e82c79d98fed5017e11674158a2f258ecc7c550f10dee6bb9d159316c567e3973e8aa30f157f6d30f239877021e7161c0a93c7b6bedccc7a3d8c9313f6f860d33ae0c162236853ae29d7a619bc306998e51c5d91a73475119a648700fbf3a41701ef87b440b83573a44339aea5806c0883470613e38baa518466dee2c671d96768f8d842feb5a812ea3ecd1e307a913a1032f06af2656b0a969b38366c39ca149205540391f36c897efb80aa43707c12e21544386fc232a45c9eb40a64c35edd4db20bd4970d642c0c2a0ee43ce8bf4d1bd84b3c3fa198cfc8d1f83960a1c3cd85a164926dc962a9078c5b079e0f4bb0b4e94b0aec3d13e7c47edc936927da2e6e7fe9485b0489bc4fdd1699611aeb00d767057602b8e53dfb4a6651c0f2873e5f60fdd7e2542d6aba79f491f87522f77427323e87386c89e1df9dd6e4f32be85c9eefbd6e6b177dde573b0d0bb8df828185aedc7aba2e6c3d4d9df393b203c1147f005860a6dd44dbcebead0eeb29fe3216930ef4a5994a93851df960d3be82d4294b64ba8295a59d099fd10afe39c2a79727a5447fa27909d53df6a00a63897261619e853036a6852e95ac6da62276007f2f3f386267cd8a0d136e645247e76db84e466e56ba42618b4fdef3e6d8c48dae5d03e1e369cd74042146e361cd6b4e654c8adc75446c454d3275a7d91646c4fb721966df9df3f761f10bebd212bfc87db9c48ffa0c6efcb17db3955f4a6f58919a036cda4f0a0c07a7306d2909adeeb474bd0bbec58865c4a5804108a014838673ff26438c162ec61e71bb880b154d475c71d500bfda3128b9fac2bccecb790dbd3075f424b1244f111c7eb5cbb7af0b6f3ec9cac20f82b1631822b940c03d697e213747627a5a7ed57414f2826888e515b88e61e69b742b053fe086ffc916abe00a41870cd332201d96c96bd174b369094b0da81ddc50affefa3709a358a5c00308d30a41d10b1c3f91a011bd246588336ff76dd60c10c3bbc8eec06adb3e73cc21d218b83eb9306e0650dd4e41bd65e15bb99a0653fc312251c174abed9e3ed04ef0378feaf78d839ebf61fda85c290f140cd3690cff881c348c57f504c50ca61986b29e58fdb0cbe276e42c982154762110c0f65b240aebe4291c66157629f0a45ea48e8e6a5dfe062214d635c5f828d1c888ec83a279ddac80f748c00e984248bef8e884590dcc1322aceb2d3b525618450fa0649e4ae8722769c6a32eb47161f7bf08bd59f903240ab9f790313b41607554b21ce45f10cde937f9f68fbb23ace0eaebd86b1201ea230c7f4c57f6594e655904db2a6d3d294f98fe630a524573f52c145b19eea382bc3adac7c7b62863bfa04f2d9fb9b93e7cda0fff4af897281580b879912ebd2c9c9d433ef479e886a477ce4538590179049aaff5e8e51b25db6c0300393a37c25c350e1e4effdd657f26de15199d39e134d1e7fe278b68377674a0e31a12e67096d44f62bd0353147041050fe44d9fbfc95fa8aa368e5868148a9e7a6f5551cf55f677b48ac2b4cd29a300d3cb9cd3a5ef486b9b3138018fb1568ce3f59385b98e93b7113dc85cd242bb57e545d6c151727d1c33ced565b2e29419bc6c458b45ab2107a55793618d20bd476e81ff79543cbace7b26a53a67a3f17ad0e2f2c0cc55f45d374ddc3cf8ada0c52cf1251cc4a6e1c7e84a1536cf328a0a392a3b79bbef1b40ad6e69811f3ec73b971c7cf6d64bfd0b183135d76fbb121aa99c753dce310f3288d460a1158a0c1c2ca4a66eadb38c6669dae4742a1da14b007555ffdae4e60f535ee23018dde93863b028346edc0f8da3ee5208b06fb107e921492ed9f2f2064d865afb5f955c80b1a6c5dbc540f1af7dd68925353d288fce304243f09d1791661027ea11f21ade9abb81a71343f1d405f35b01a504a99e08514f3b8307dce0b7c4305c0e531a538c6c11d8021183a87c2de3e1e384d114559601b948359f153d9845067683d8ef3dc75829a46211368ddf4837c021bf3ba1cc8005ab6902e094635f86f2f090851d5ac0af51c3aec46bdf9024ebe196351e2acd483f71821f033aa02d7bdee2fe987412bda115a5ce7f51dfdb78ce378485801fa10180339d3c5372a65cc46d2f0ef8ad3317062af5c243f81d920075e4874ea69081ba22d8be502422e973128c657da28f4f63d34919b5a4663544e244524263bae0a9a6c7455a16b5b860aedea"}}}}}}, 0x0)

408.694334ms ago: executing program 1 (id=2821):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000040)='./bus\x00', 0x18, &(0x7f00000000c0), 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = open(&(0x7f0000000000)='./bus\x00', 0x64942, 0x0)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3)
read$FUSE(r0, &(0x7f0000000600)={0x2020}, 0x2020)

381.986818ms ago: executing program 3 (id=2822):
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f0000001200)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8000c61)
ftruncate(r0, 0x2007ffc)

356.420846ms ago: executing program 6 (id=2823):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x2000000b})

0s ago: executing program 3 (id=2824):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, 0x0, 0x0)
r1 = socket$caif_stream(0x25, 0x1, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

kernel console output (not intermixed with test programs):

][ T5185] Bluetooth: hci1: command tx timeout
[  303.389882][T10805] syzkaller1: entered promiscuous mode
[  303.439331][T10805] syzkaller1: entered allmulticast mode
[  303.593310][ T8369] veth1_to_bridge: left promiscuous mode
[  303.627455][T10814] loop0: detected capacity change from 0 to 764
[  303.636173][ T8369] hsr_slave_0: left promiscuous mode
[  303.650856][ T8369] hsr_slave_1: left promiscuous mode
[  303.666623][ T8369] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  303.674275][ T8369] batman_adv: batadv0: Removing interface: batadv_slave_0
[  303.697252][ T8369] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  303.704901][ T8369] batman_adv: batadv0: Removing interface: batadv_slave_1
[  303.776653][ T8369] veth1_macvtap: left promiscuous mode
[  303.793165][ T8369] veth0_macvtap: left promiscuous mode
[  304.348127][T10825] loop1: detected capacity change from 0 to 32768
[  304.474783][  T113] read_mapping_page failed!
[  304.538277][ T8369] team0 (unregistering): Port device team_slave_1 removed
[  304.670872][ T8369] team0 (unregistering): Port device team_slave_0 removed
[  305.191489][ T5185] Bluetooth: hci1: command tx timeout
[  306.221566][ T8369] IPVS: stop unused estimator thread 0...
[  306.330489][T10672] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  306.398488][T10672] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  306.448172][T10672] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  306.491476][T10672] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  306.894485][T10672] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.970606][T10672] 8021q: adding VLAN 0 to HW filter on device team0
[  306.988230][ T8343] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.995496][ T8343] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.032539][ T5963] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  307.060342][ T8343] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.067691][ T8343] bridge0: port 2(bridge_slave_1) entered forwarding state
[  307.199313][ T5963] usb 1-1: config 0 has an invalid interface number: 217 but max is 0
[  307.210671][ T5963] usb 1-1: config 0 has no interface number 0
[  307.229706][ T5963] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  307.249886][ T5963] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.265834][ T5185] Bluetooth: hci1: command tx timeout
[  307.277594][ T5963] usb 1-1: Product: syz
[  307.292198][ T5963] usb 1-1: Manufacturer: syz
[  307.312611][ T5963] usb 1-1: SerialNumber: syz
[  307.359720][ T5963] usb 1-1: config 0 descriptor??
[  307.393619][ T5963] hub 1-1:0.217: bad descriptor, ignoring hub
[  307.411198][ T5963] hub 1-1:0.217: probe with driver hub failed with error -5
[  307.453365][T10882] netlink: 'syz.3.1791': attribute type 16 has an invalid length.
[  307.472076][T10882] netlink: 'syz.3.1791': attribute type 2 has an invalid length.
[  307.502504][T10882] netlink: 64086 bytes leftover after parsing attributes in process `syz.3.1791'.
[  307.606367][ T5963] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  307.650189][ T5963] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  307.672075][ T5963] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  307.749119][ T5963] usb 1-1: media controller created
[  307.769855][T10867] loop2: detected capacity change from 0 to 32768
[  307.835409][T10867] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  307.910745][T10672] 8021q: adding VLAN 0 to HW filter on device batadv0
[  307.927382][T10867] XFS (loop2): Ending clean mount
[  307.944248][ T5963] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  308.131609][ T5874] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  308.298485][ T5963] DVB: Unable to find symbol dib7000p_attach()
[  308.342262][ T5963] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  308.667120][ T5963] rc_core: IR keymap rc-dib0700-rc5 not found
[  308.694860][ T5963] Registered IR keymap rc-empty
[  308.730887][ T5963] dvb-usb: could not initialize remote control.
[  308.748355][ T5963] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  308.806774][ T5963] usb 1-1: USB disconnect, device number 20
[  309.010809][ T5963] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  309.200610][T10672] veth0_vlan: entered promiscuous mode
[  309.250366][T10672] veth1_vlan: entered promiscuous mode
[  309.333200][T10672] veth0_macvtap: entered promiscuous mode
[  309.368190][T10672] veth1_macvtap: entered promiscuous mode
[  309.450815][T10672] batman_adv: batadv0: Interface activated: batadv_slave_0
[  309.507944][T10672] batman_adv: batadv0: Interface activated: batadv_slave_1
[  309.562887][T10950] pim6reg: entered allmulticast mode
[  309.583000][ T8348] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  309.599826][ T8348] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  309.622332][T10950] pim6reg: left allmulticast mode
[  309.666586][ T8348] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  309.715276][ T8348] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  309.891650][ T8353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  309.914727][ T8353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  309.973757][ T8369] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  309.983220][ T8369] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  310.275860][T10971] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  310.327662][T10971] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  310.733477][T10987] syzkaller1: entered promiscuous mode
[  310.746832][T10987] syzkaller1: entered allmulticast mode
[  311.639758][T11025] loop2: detected capacity change from 0 to 512
[  311.648619][T10983] loop1: detected capacity change from 0 to 40427
[  311.663461][ T5980] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  311.682949][T10983] F2FS-fs (loop1): invalid crc value
[  311.693407][T11025] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.785088][T10983] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  311.797539][T10983] F2FS-fs (loop1): Start checkpoint disabled!
[  311.817156][T10983] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  311.835429][ T5980] usb 4-1: Using ep0 maxpacket: 32
[  311.840802][T10983] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  311.848191][ T5980] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  311.861280][ T5980] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  311.864500][ T5874] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.870600][ T5980] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  311.890448][ T5980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  311.945525][ T5980] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  311.971416][T10983] syz.1.1818: attempt to access beyond end of device
[  311.971416][T10983] loop1: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  311.996401][ T5980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024
[  312.021785][ T5980] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  312.056261][ T5980] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  312.066262][T11041] loop0: detected capacity change from 0 to 1024
[  312.093017][ T8348] kworker/u8:23: attempt to access beyond end of device
[  312.093017][ T8348] loop1: rw=1, sector=77896, nr_sectors = 8 limit=40427
[  312.110801][ T5980] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  312.113046][ T8348] kworker/u8:23: attempt to access beyond end of device
[  312.113046][ T8348] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  312.126290][ T5980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.167460][ T8348] CPU: 1 UID: 0 PID: 8348 Comm: kworker/u8:23 Not tainted syzkaller #0 PREEMPT(full) 
[  312.167490][ T8348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  312.167504][ T8348] Workqueue: writeback wb_workfn (flush-7:1)
[  312.167559][ T8348] Call Trace:
[  312.167568][ T8348]  <TASK>
[  312.167577][ T8348]  dump_stack_lvl+0x189/0x250
[  312.167608][ T8348]  ? __pfx_dump_stack_lvl+0x10/0x10
[  312.167634][ T8348]  ? __pfx_queue_work_on+0x10/0x10
[  312.167652][ T8348]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  312.167685][ T8348]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  312.167735][ T8348]  f2fs_handle_critical_error+0x37c/0x540
[  312.167778][ T8348]  f2fs_write_end_io+0x886/0xb60
[  312.167826][ T8348]  __submit_merged_bio+0x27a/0x6a0
[  312.167867][ T8348]  __submit_merged_write_cond+0x255/0x530
[  312.167909][ T8348]  f2fs_write_data_pages+0x261d/0x3000
[  312.167979][ T8348]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  312.168022][ T8348]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  312.168096][ T8348]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  312.168136][ T8348]  ? trace_f2fs_writepages+0x7f/0x200
[  312.168169][ T8348]  ? f2fs_write_node_pages+0x478/0x6e0
[  312.168235][ T8348]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  312.168260][ T8348]  do_writepages+0x32e/0x550
[  312.168299][ T8348]  ? reacquire_held_locks+0x127/0x1d0
[  312.168326][ T8348]  ? writeback_sb_inodes+0x384/0x1010
[  312.168361][ T8348]  __writeback_single_inode+0x145/0xff0
[  312.168384][ T8348]  ? do_raw_spin_unlock+0x122/0x240
[  312.168424][ T8348]  writeback_sb_inodes+0x6c7/0x1010
[  312.168449][ T8348]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.168507][ T8348]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  312.168611][ T8348]  ? rcu_is_watching+0x15/0xb0
[  312.168645][ T8348]  wb_writeback+0x43b/0xaf0
[  312.168679][ T8348]  ? queue_io+0x3b1/0x590
[  312.168706][ T8348]  ? __pfx_wb_writeback+0x10/0x10
[  312.168740][ T8348]  ? _raw_spin_unlock_irq+0x23/0x50
[  312.168768][ T8348]  wb_workfn+0x409/0xef0
[  312.168820][ T8348]  ? __pfx_wb_workfn+0x10/0x10
[  312.168858][ T8348]  ? __lock_acquire+0xab9/0xd20
[  312.168902][ T8348]  ? process_scheduled_works+0x9ef/0x17b0
[  312.168943][ T8348]  ? _raw_spin_unlock_irq+0x23/0x50
[  312.168960][ T8348]  ? process_scheduled_works+0x9ef/0x17b0
[  312.168990][ T8348]  ? process_scheduled_works+0x9ef/0x17b0
[  312.169025][ T8348]  process_scheduled_works+0xae1/0x17b0
[  312.169097][ T8348]  ? __pfx_process_scheduled_works+0x10/0x10
[  312.169155][ T8348]  worker_thread+0x8a0/0xda0
[  312.169206][ T8348]  ? __kthread_parkme+0x7b/0x200
[  312.169242][ T8348]  kthread+0x711/0x8a0
[  312.169270][ T8348]  ? __pfx_worker_thread+0x10/0x10
[  312.169301][ T8348]  ? __pfx_kthread+0x10/0x10
[  312.169335][ T8348]  ? _raw_spin_unlock_irq+0x23/0x50
[  312.169355][ T8348]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.169374][ T8348]  ? __pfx_kthread+0x10/0x10
[  312.169400][ T8348]  ret_from_fork+0x4bc/0x870
[  312.169434][ T8348]  ? __pfx_ret_from_fork+0x10/0x10
[  312.169476][ T8348]  ? __switch_to_asm+0x39/0x70
[  312.169500][ T8348]  ? __switch_to_asm+0x33/0x70
[  312.169523][ T8348]  ? __pfx_kthread+0x10/0x10
[  312.169550][ T8348]  ret_from_fork_asm+0x1a/0x30
[  312.169603][ T8348]  </TASK>
[  312.169611][ T8348] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  312.172786][T11041] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  312.535670][T11041] ext4 filesystem being mounted at /336/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.548569][ T5980] usb 4-1: config 0 descriptor??
[  312.554975][T11016] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  312.605169][T11041] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.1840: lblock 3 mapped to illegal pblock 3 (length 3)
[  312.622427][T11041] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  312.635533][T11041] EXT4-fs (loop0): This should not happen!! Data will be lost
[  312.635533][T11041] 
[  312.681179][T11041] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm syz.0.1840: lblock 0 mapped to illegal pblock 0 (length 3)
[  312.784686][ T5980] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  312.813920][ T8369] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:44: lblock 8 mapped to illegal pblock 8 (length 8)
[  312.840335][T11047] loop5: detected capacity change from 0 to 32768
[  312.870732][ T8369] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  312.886483][ T8369] EXT4-fs (loop0): This should not happen!! Data will be lost
[  312.886483][ T8369] 
[  312.908814][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  313.043591][ T5980] usb 4-1: USB disconnect, device number 21
[  313.056346][ T5980] usblp0: removed
[  313.060659][T11047] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  313.062680][T11047]   allowing incompatible features above 0.0: (unknown version)
[  313.062699][T11047]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  313.113379][T11047] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  313.121863][T11047] bcachefs (loop5): initializing new filesystem
[  313.137738][T11047] bcachefs (loop5): going read-write
[  313.152563][T11047] bcachefs (loop5): marking superblocks
[  313.168557][T11047] bcachefs (loop5): initializing freespace
[  313.179104][T11047] bcachefs (loop5): done initializing freespace
[  313.192633][T11047] bcachefs (loop5): reading snapshots table
[  313.199665][T11047] bcachefs (loop5): reading snapshots done
[  313.237638][T11047] bcachefs (loop5): done starting filesystem
[  313.267825][ T1214] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  313.369222][T10672] bcachefs (loop5): shutting down
[  313.374318][T10672] bcachefs (loop5): going read-only
[  313.381393][T10672] bcachefs (loop5): finished waiting for writes to stop
[  313.392049][T10672] bcachefs (loop5): flushing journal and stopping allocators, journal seq 2
[  313.428112][ T1214] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  313.452339][T10672] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  313.464096][ T1214] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  313.479128][ T1214] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  313.491950][T10672] bcachefs (loop5): clean shutdown complete, journal seq 4
[  313.491959][ T1214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  313.491987][ T1214] usb 2-1: SerialNumber: syz
[  313.503786][T10672] bcachefs (loop5): marking filesystem clean
[  313.547612][T10672] bcachefs (loop5): shutdown complete
[  313.721551][ T1214] usb 2-1: 0:2 : does not exist
[  313.739017][ T1214] usb 2-1: USB disconnect, device number 22
[  314.105526][   T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  314.261676][   T24] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  314.279093][   T24] usb 1-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  314.298059][   T24] usb 1-1: Product: syz
[  314.315563][   T24] usb 1-1: Manufacturer: syz
[  314.320407][   T24] usb 1-1: SerialNumber: syz
[  314.332374][   T24] usb 1-1: config 0 descriptor??
[  314.340941][   T24] ch341 1-1:0.0: ch341-uart converter detected
[  314.855435][ T5937] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  315.037761][ T5937] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  315.062179][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  315.077368][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  315.087984][ T5937] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  315.102498][ T5937] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  315.112762][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.156950][ T5937] usb 2-1: config 0 descriptor??
[  315.366311][   T24] usb 1-1: failed to send control message: -71
[  315.379554][   T24] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  315.391575][   T24] usb 1-1: USB disconnect, device number 21
[  315.401120][   T24] ch341 1-1:0.0: device disconnected
[  315.587009][ T5937] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  315.600835][ T5937] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  315.689009][T11127] loop5: detected capacity change from 0 to 4096
[  315.857561][ T5937] usb 2-1: USB disconnect, device number 23
[  315.992282][T11137] hsr0: entered promiscuous mode
[  316.000220][T11137] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1874'.
[  316.164078][T11141] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  316.191117][T11141] infiniband sLò2: RDMA CMA: cma_listen_on_dev, error -98
[  316.384516][T11147] netlink: 'syz.2.1878': attribute type 39 has an invalid length.
[  316.662835][T11157] loop0: detected capacity change from 0 to 128
[  316.825759][  T979] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  316.909089][T11163] loop2: detected capacity change from 0 to 128
[  316.940546][T11163] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  316.955101][T11163] ext4 filesystem being mounted at /390/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  317.017066][  T979] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  317.045833][  T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  317.072979][T11167] input: syz0 as /devices/virtual/input/input45
[  317.074704][  T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  317.103271][ T5874] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  317.165270][  T979] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  317.179683][  T979] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  317.188947][  T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.202317][  T979] usb 4-1: config 0 descriptor??
[  317.422529][T11181] loop5: detected capacity change from 0 to 512
[  317.461771][T11181] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  317.477335][T11181] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  317.498008][T11185] evm: overlay not supported
[  317.562611][T10672] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  317.605650][   T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  317.660838][  T979] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  317.778885][   T24] usb 1-1: Using ep0 maxpacket: 32
[  317.790693][   T24] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  317.813906][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.838857][T11196] loop5: detected capacity change from 0 to 128
[  317.847079][T11196] vfat: Unknown parameter 'iochaf8'
[  317.851915][   T24] usb 1-1: config 0 descriptor??
[  317.861858][   T24] gspca_main: nw80x-2.14.0 probing 055f:d001
[  317.950411][ T5980] usb 4-1: USB disconnect, device number 22
[  318.260445][T11206] sctp: [Deprecated]: syz.2.1895 (pid 11206) Use of struct sctp_assoc_value in delayed_ack socket option.
[  318.260445][T11206] Use struct sctp_sack_info instead
[  318.637559][ T5980] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  318.816116][ T5980] usb 2-1: Using ep0 maxpacket: 16
[  318.828630][ T5980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  318.841370][ T5980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  318.872360][ T5980] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  318.895195][   T24] gspca_nw80x: reg_w err -71
[  318.902350][   T24] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[  318.916001][ T5980] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  318.926097][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.937716][   T24] usb 1-1: USB disconnect, device number 22
[  318.986754][ T5980] usb 2-1: config 0 descriptor??
[  319.178431][T11213] loop5: detected capacity change from 0 to 32768
[  319.191997][T11239] loop2: detected capacity change from 0 to 2048
[  319.237671][T11213] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  319.259350][T11239] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  319.382647][T11213] XFS (loop5): Ending clean mount
[  319.416578][T11213] XFS (loop5): Quotacheck needed: Please wait.
[  319.437914][ T5980] shield 0003:0955:7214.001B: unknown main item tag 0x0
[  319.449830][ T5980] shield 0003:0955:7214.001B: unknown main item tag 0x0
[  319.459688][ T5980] shield 0003:0955:7214.001B: unknown main item tag 0x0
[  319.466930][ T5980] shield 0003:0955:7214.001B: unknown main item tag 0x0
[  319.474164][ T5980] shield 0003:0955:7214.001B: unknown main item tag 0x0
[  319.499322][ T5980] input: HID 0955:7214 Haptics as /devices/virtual/input/input47
[  319.562709][T11213] XFS (loop5): Quotacheck: Done.
[  319.632769][T11212] netlink: 'syz.1.1897': attribute type 2 has an invalid length.
[  319.681775][   T30] audit: type=1800 audit(1758826171.529:56): pid=11213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1898" name="file1" dev="loop5" ino=9286 res=0 errno=0
[  319.704247][T11212] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1897'.
[  319.720158][ T5980] shield 0003:0955:7214.001B: Registered Thunderstrike controller
[  319.740426][ T5980] shield 0003:0955:7214.001B: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0
[  319.813633][ T5923] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  319.850138][ T5980] usb 2-1: USB disconnect, device number 24
[  319.911337][ T5923] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  319.953331][ T5923] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  319.983314][ T5923] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  320.061922][T10672] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  320.997227][T11295] loop1: detected capacity change from 0 to 1024
[  321.050752][T11295] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  321.091192][T11307] loop2: detected capacity change from 0 to 164
[  321.147575][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  321.236156][  T979] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  321.430984][  T979] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  321.448656][  T979] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.468872][  T979] usb 6-1: Product: syz
[  321.473107][  T979] usb 6-1: Manufacturer: syz
[  321.497458][  T979] usb 6-1: SerialNumber: syz
[  321.696062][ T5980] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  321.861858][ T5980] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.886591][ T5980] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  321.921965][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.962468][ T5980] usb 2-1: config 0 descriptor??
[  321.989988][ T5980] pwc: Askey VC010 type 2 USB webcam detected.
[  322.018080][T11310] loop2: detected capacity change from 0 to 32768
[  322.037412][T11310] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1925 (11310)
[  322.081730][T11310] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  322.115163][T11310] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  322.155782][   T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  322.265668][T11310] BTRFS info (device loop2): enabling ssd optimizations
[  322.283257][T11310] BTRFS info (device loop2): enabling free space tree
[  322.325509][   T24] usb 4-1: Using ep0 maxpacket: 16
[  322.342285][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.371739][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  322.392322][   T24] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  322.398201][ T5980] pwc: recv_control_msg error -32 req 02 val 2b00
[  322.404521][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  322.418663][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  322.418679][ T5980] pwc: recv_control_msg error -32 req 02 val 2700
[  322.458470][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.511269][   T24] usb 4-1: config 0 descriptor??
[  322.542633][  T979] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  322.582106][  T979] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  322.602550][ T5874] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  322.619540][  T979] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  322.630725][ T5980] pwc: recv_control_msg error -71 req 04 val 1000
[  322.638419][ T5980] pwc: recv_control_msg error -71 req 04 val 1300
[  322.651780][  T979] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71
[  322.656853][ T5980] pwc: recv_control_msg error -71 req 04 val 1400
[  322.675251][  T979] usb 6-1: USB disconnect, device number 2
[  322.695895][ T5980] pwc: recv_control_msg error -71 req 02 val 2000
[  322.703016][ T5980] pwc: recv_control_msg error -71 req 02 val 2100
[  322.727247][ T5980] pwc: recv_control_msg error -71 req 04 val 1500
[  322.737381][ T5980] pwc: recv_control_msg error -71 req 02 val 2500
[  322.747043][ T5980] pwc: recv_control_msg error -71 req 02 val 2400
[  322.776047][ T5980] pwc: recv_control_msg error -71 req 02 val 2600
[  322.813160][ T5980] pwc: recv_control_msg error -71 req 02 val 2900
[  322.832859][ T5980] pwc: recv_control_msg error -71 req 02 val 2800
[  322.859661][ T5980] pwc: recv_control_msg error -71 req 04 val 1100
[  322.886802][ T5980] pwc: recv_control_msg error -71 req 04 val 1200
[  322.916593][ T5980] pwc: Registered as video103.
[  322.928606][ T5980] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input48
[  322.985240][ T5980] usb 2-1: USB disconnect, device number 25
[  323.008615][   T24] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.001C/input/input49
[  323.223515][   T24] microsoft 0003:045E:07DA.001C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  323.666102][ T5937] usb 4-1: USB disconnect, device number 23
[  324.267114][ T5937] usb 1-1: new full-speed USB device number 23 using dummy_hcd
[  324.328102][T11409] bridge0: entered allmulticast mode
[  324.438386][ T5937] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  324.470758][ T5937] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  324.509831][ T5937] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  324.540923][ T5937] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.568988][ T5937] usb 1-1: config 0 descriptor??
[  324.609561][ T5937] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  324.622105][ T5937] dvb-usb: bulk message failed: -22 (3/0)
[  324.633979][ T5937] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  324.649177][ T5937] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  324.657204][ T5937] usb 1-1: media controller created
[  324.664819][ T5937] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  324.715099][ T5937] dvb-usb: bulk message failed: -22 (6/0)
[  324.735758][ T5937] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  324.757131][ T5937] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input50
[  324.797267][ T5937] dvb-usb: schedule remote query interval to 150 msecs.
[  324.814400][ T5937] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  324.863605][ T5937] usb 1-1: USB disconnect, device number 23
[  324.986919][ T5937] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  325.155706][T11442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1962'.
[  325.438505][T11455] FAT-fs (loop3): unable to read boot sector
[  325.621435][T11470] sctp: [Deprecated]: syz.3.1972 (pid 11470) Use of struct sctp_assoc_value in delayed_ack socket option.
[  325.621435][T11470] Use struct sctp_sack_info instead
[  325.874341][ T5937] kernel write not supported for file /input/mice (pid: 5937 comm: kworker/1:5)
[  325.983333][T11484] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  325.985083][ T1214] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[  326.007462][ T5980] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  326.059222][ T1214] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  326.186446][ T5980] usb 6-1: Using ep0 maxpacket: 16
[  326.199339][ T5980] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.246749][ T5980] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.266416][ T5980] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  326.292120][ T5980] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  326.326155][ T5980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.350080][ T5980] usb 6-1: config 0 descriptor??
[  326.710949][T11508] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1987'.
[  326.769037][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.791406][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.808344][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.841088][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.849266][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.874264][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.882309][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.906291][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.913670][ T5980] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0
[  326.970744][ T5980] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.001E/input/input51
[  327.015067][ T5980] microsoft 0003:045E:07DA.001E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  327.136492][T11515] syzkaller1: entered promiscuous mode
[  327.142060][T11515] syzkaller1: entered allmulticast mode
[  327.311633][   T30] audit: type=1326 audit(1758826179.169:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11523 comm="syz.0.1993" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe2d58eec9 code=0x0
[  327.563002][ T1214] usb 6-1: USB disconnect, device number 3
[  327.690335][T11541] loop5: detected capacity change from 0 to 512
[  327.752997][T11541] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  327.807580][T11541] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  328.068328][T10672] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.779516][T11612] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  330.440047][T11633] loop2: detected capacity change from 0 to 2048
[  330.509144][T11633] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  330.536469][T11633] UDF-fs: Scanning with blocksize 512 failed
[  330.571732][T11633] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  331.177393][T11661] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2031'.
[  331.900469][T11659] loop0: detected capacity change from 0 to 32768
[  331.974351][T11659] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  332.085127][T11694] loop3: detected capacity change from 0 to 1024
[  332.139871][ T5865] ocfs2: Unmounting device (7,0) on (node local)
[  332.187877][T11694] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  332.188008][T11694] ext4 filesystem being mounted at /417/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  332.571225][ T5871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  333.631309][T11741] netlink: 'syz.3.2057': attribute type 1 has an invalid length.
[  333.639714][T11741] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2057'.
[  333.666897][T11741] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2057'.
[  333.840690][T11745] loop3: detected capacity change from 0 to 4096
[  334.206551][  T979] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  334.349235][T11765] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2068'.
[  334.370897][  T979] usb 4-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  334.380956][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.389405][  T979] usb 4-1: Product: syz
[  334.394100][  T979] usb 4-1: Manufacturer: syz
[  334.400780][  T979] usb 4-1: SerialNumber: syz
[  334.408824][  T979] usb 4-1: config 0 descriptor??
[  334.448370][T11767] syzkaller1: entered promiscuous mode
[  334.454152][T11767] syzkaller1: entered allmulticast mode
[  335.082535][T11774] loop1: detected capacity change from 0 to 32768
[  335.178059][T11774] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  335.178095][T11774]   allowing incompatible features above 0.0: (unknown version)
[  335.178105][T11774]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  335.205973][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  335.243439][T11774] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  335.251816][T11774] bcachefs (loop1): initializing new filesystem
[  335.267695][T11774] bcachefs (loop1): going read-write
[  335.279155][T11774] bcachefs (loop1): marking superblocks
[  335.312856][T11774] bcachefs (loop1): initializing freespace
[  335.322481][T11774] bcachefs (loop1): done initializing freespace
[  335.341614][T11774] bcachefs (loop1): reading snapshots table
[  335.348699][T11774] bcachefs (loop1): reading snapshots done
[  335.379750][T11774] bcachefs (loop1): done starting filesystem
[  335.385542][   T24] usb 6-1: Using ep0 maxpacket: 32
[  335.394347][   T24] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  335.403245][   T24] usb 6-1: config 0 has no interface number 0
[  335.413028][   T24] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  335.422958][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.431855][   T24] usb 6-1: Product: syz
[  335.436531][   T24] usb 6-1: Manufacturer: syz
[  335.441365][   T24] usb 6-1: SerialNumber: syz
[  335.448416][  T979] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  335.462180][   T24] usb 6-1: config 0 descriptor??
[  335.468169][  T979] asix 4-1:0.0: probe with driver asix failed with error -71
[  335.478770][   T24] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  335.492721][  T979] usb 4-1: USB disconnect, device number 24
[  335.527543][ T5872] bcachefs (loop1): shutting down
[  335.532642][ T5872] bcachefs (loop1): going read-only
[  335.538350][ T5872] bcachefs (loop1): finished waiting for writes to stop
[  335.550009][ T5872] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[  335.597789][ T5872] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  335.608564][ T5872] bcachefs (loop1): clean shutdown complete, journal seq 4
[  335.618144][ T5872] bcachefs (loop1): marking filesystem clean
[  335.647622][ T5872] bcachefs (loop1): shutdown complete
[  335.700691][   T24] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  335.713075][   T24] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  336.090071][T11802] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2080'.
[  336.108207][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  336.108720][ T5923] usb 6-1: USB disconnect, device number 4
[  336.147046][ T5923] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  336.179609][ T5923] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  336.207238][ T5923] quatech2 6-1:0.51: device disconnected
[  336.763716][T11823] loop3: detected capacity change from 0 to 32768
[  336.828336][T11823] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  337.003245][ T5871] ocfs2: Unmounting device (7,3) on (node local)
[  337.579710][T11843] loop3: detected capacity change from 0 to 32768
[  337.602863][T11843] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2095 (11843)
[  337.622643][T11843] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  337.633566][T11843] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  337.781876][T11864] ªªªªªª: renamed from wg2 (while UP)
[  337.804313][T11843] BTRFS info (device loop3): enabling ssd optimizations
[  337.812147][T11843] BTRFS info (device loop3): enabling free space tree
[  337.838903][   T30] audit: type=1800 audit(1758826189.699:58): pid=11843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2095" name="file1" dev="loop3" ino=260 res=0 errno=0
[  337.946883][ T5871] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  338.139547][T11872] loop2: detected capacity change from 0 to 7
[  338.174630][T11872] Dev loop2: unable to read RDB block 7
[  338.191211][T11872]  loop2: AHDI p1 p3 p4
[  338.196040][T11872] loop2: partition table partially beyond EOD, truncated
[  338.203446][T11872] loop2: p1 start 975770946 is beyond EOD, truncated
[  338.212049][T11872] loop2: p3 start 6514546 is beyond EOD, truncated
[  338.680581][T11886] loop1: detected capacity change from 0 to 1024
[  338.802298][ T8369] hfsplus: b-tree write err: -5, ino 4
[  338.830747][T11890] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2112'.
[  339.367278][   T24] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  339.525450][   T24] usb 1-1: Using ep0 maxpacket: 32
[  339.540389][   T24] usb 1-1: config 0 interface 0 has no altsetting 0
[  339.556470][   T24] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  339.584446][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.614400][   T24] usb 1-1: config 0 descriptor??
[  339.965574][  T979] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  340.053433][   T24] corsair-psu 0003:1B1C:1C09.001F: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.0-1/input0
[  340.120569][  T979] usb 4-1: config 0 has an invalid interface number: 217 but max is 0
[  340.133430][  T979] usb 4-1: config 0 has no interface number 0
[  340.152625][  T979] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  340.162996][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.180649][  T979] usb 4-1: Product: syz
[  340.189021][T11904] loop2: detected capacity change from 0 to 32768
[  340.192492][  T979] usb 4-1: Manufacturer: syz
[  340.207431][  T979] usb 4-1: SerialNumber: syz
[  340.234439][  T979] usb 4-1: config 0 descriptor??
[  340.255136][  T979] hub 4-1:0.217: bad descriptor, ignoring hub
[  340.275091][  T979] hub 4-1:0.217: probe with driver hub failed with error -5
[  340.286611][T11904] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  340.485798][  T979] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  340.558789][ T5874] ocfs2: Unmounting device (7,2) on (node local)
[  340.608714][  T979] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  340.625495][  T979] dib0700: firmware download failed at 7 with -22
[  340.648038][   T24] corsair-psu 0003:1B1C:1C09.001F: unable to initialize device (-71)
[  340.657823][  T979] usb 4-1: USB disconnect, device number 25
[  340.689680][   T24] corsair-psu 0003:1B1C:1C09.001F: probe with driver corsair-psu failed with error -71
[  340.725924][   T24] usb 1-1: USB disconnect, device number 24
[  341.225334][T11918] netlink: 35 bytes leftover after parsing attributes in process `syz.2.2124'.
[  341.234476][T11918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2124'.
[  341.615140][T11936] loop2: detected capacity change from 0 to 2048
[  341.717043][T11936] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  342.739772][T11945] loop0: detected capacity change from 0 to 40427
[  342.767935][T11945] F2FS-fs (loop0): invalid crc value
[  342.927017][T11945] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  342.956057][T11945] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  343.088657][ T5865] syz-executor: attempt to access beyond end of device
[  343.088657][ T5865] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  343.120680][ T5865] syz-executor: attempt to access beyond end of device
[  343.120680][ T5865] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  343.184515][   T30] audit: type=1326 audit(1758826195.039:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11954 comm="syz.5.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f2c58eec9 code=0x7fc00000
[  343.490584][ T8353] kworker/u8:28: attempt to access beyond end of device
[  343.490584][ T8353] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  343.536008][ T8353] CPU: 0 UID: 0 PID: 8353 Comm: kworker/u8:28 Not tainted syzkaller #0 PREEMPT(full) 
[  343.536037][ T8353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  343.536050][ T8353] Workqueue: writeback wb_workfn (flush-7:0)
[  343.536091][ T8353] Call Trace:
[  343.536099][ T8353]  <TASK>
[  343.536108][ T8353]  dump_stack_lvl+0x189/0x250
[  343.536149][ T8353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  343.536173][ T8353]  ? __pfx_queue_work_on+0x10/0x10
[  343.536191][ T8353]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  343.536228][ T8353]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  343.536274][ T8353]  f2fs_handle_critical_error+0x37c/0x540
[  343.536315][ T8353]  f2fs_write_end_io+0x886/0xb60
[  343.536359][ T8353]  __submit_merged_bio+0x27a/0x6a0
[  343.536398][ T8353]  __submit_merged_write_cond+0x255/0x530
[  343.536439][ T8353]  f2fs_write_data_pages+0x261d/0x3000
[  343.536511][ T8353]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  343.536550][ T8353]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  343.536614][ T8353]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  343.536649][ T8353]  ? trace_f2fs_writepages+0x7f/0x200
[  343.536683][ T8353]  ? f2fs_write_node_pages+0x478/0x6e0
[  343.536719][ T8353]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  343.536755][ T8353]  ? __lock_acquire+0xab9/0xd20
[  343.536791][ T8353]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  343.536814][ T8353]  do_writepages+0x32e/0x550
[  343.536852][ T8353]  ? reacquire_held_locks+0x127/0x1d0
[  343.536871][ T8353]  ? writeback_sb_inodes+0x384/0x1010
[  343.536903][ T8353]  __writeback_single_inode+0x145/0xff0
[  343.536925][ T8353]  ? do_raw_spin_unlock+0x122/0x240
[  343.536954][ T8353]  writeback_sb_inodes+0x6c7/0x1010
[  343.536985][ T8353]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  343.537037][ T8353]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  343.537108][ T8353]  ? rcu_is_watching+0x15/0xb0
[  343.537144][ T8353]  wb_writeback+0x43b/0xaf0
[  343.537175][ T8353]  ? queue_io+0x3b1/0x590
[  343.537199][ T8353]  ? __pfx_wb_writeback+0x10/0x10
[  343.537230][ T8353]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.537255][ T8353]  wb_workfn+0x409/0xef0
[  343.537303][ T8353]  ? __pfx_wb_workfn+0x10/0x10
[  343.537338][ T8353]  ? __lock_acquire+0xab9/0xd20
[  343.537379][ T8353]  ? process_scheduled_works+0x9ef/0x17b0
[  343.537417][ T8353]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.537435][ T8353]  ? process_scheduled_works+0x9ef/0x17b0
[  343.537464][ T8353]  ? process_scheduled_works+0x9ef/0x17b0
[  343.537495][ T8353]  process_scheduled_works+0xae1/0x17b0
[  343.537554][ T8353]  ? __pfx_process_scheduled_works+0x10/0x10
[  343.537605][ T8353]  worker_thread+0x8a0/0xda0
[  343.537668][ T8353]  kthread+0x711/0x8a0
[  343.537696][ T8353]  ? __pfx_worker_thread+0x10/0x10
[  343.537725][ T8353]  ? __pfx_kthread+0x10/0x10
[  343.537751][ T8353]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.537769][ T8353]  ? lockdep_hardirqs_on+0x9c/0x150
[  343.537790][ T8353]  ? __pfx_kthread+0x10/0x10
[  343.537814][ T8353]  ret_from_fork+0x4bc/0x870
[  343.537847][ T8353]  ? __pfx_ret_from_fork+0x10/0x10
[  343.537886][ T8353]  ? __switch_to_asm+0x39/0x70
[  343.537910][ T8353]  ? __switch_to_asm+0x33/0x70
[  343.537933][ T8353]  ? __pfx_kthread+0x10/0x10
[  343.537958][ T8353]  ret_from_fork_asm+0x1a/0x30
[  343.538006][ T8353]  </TASK>
[  343.538328][ T8353] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  343.886325][ T8353] CPU: 0 UID: 0 PID: 8353 Comm: kworker/u8:28 Not tainted syzkaller #0 PREEMPT(full) 
[  343.886355][ T8353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  343.886378][ T8353] Workqueue: writeback wb_workfn (flush-7:0)
[  343.886417][ T8353] Call Trace:
[  343.886425][ T8353]  <TASK>
[  343.886435][ T8353]  dump_stack_lvl+0x189/0x250
[  343.886467][ T8353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  343.886492][ T8353]  ? __pfx_queue_work_on+0x10/0x10
[  343.886510][ T8353]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  343.886543][ T8353]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  343.886592][ T8353]  f2fs_handle_critical_error+0x37c/0x540
[  343.886634][ T8353]  f2fs_write_end_io+0x886/0xb60
[  343.886683][ T8353]  __submit_merged_bio+0x27a/0x6a0
[  343.886725][ T8353]  __submit_merged_write_cond+0x255/0x530
[  343.886768][ T8353]  f2fs_write_data_pages+0x261d/0x3000
[  343.886838][ T8353]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  343.886879][ T8353]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  343.886954][ T8353]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  343.886992][ T8353]  ? trace_f2fs_writepages+0x7f/0x200
[  343.887027][ T8353]  ? f2fs_write_node_pages+0x478/0x6e0
[  343.887066][ T8353]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  343.887104][ T8353]  ? __lock_acquire+0xab9/0xd20
[  343.887143][ T8353]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  343.887168][ T8353]  do_writepages+0x32e/0x550
[  343.887207][ T8353]  ? reacquire_held_locks+0x127/0x1d0
[  343.887227][ T8353]  ? writeback_sb_inodes+0x384/0x1010
[  343.887262][ T8353]  __writeback_single_inode+0x145/0xff0
[  343.887285][ T8353]  ? do_raw_spin_unlock+0x122/0x240
[  343.887316][ T8353]  writeback_sb_inodes+0x6c7/0x1010
[  343.887348][ T8353]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  343.887411][ T8353]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  343.887490][ T8353]  ? rcu_is_watching+0x15/0xb0
[  343.887524][ T8353]  wb_writeback+0x43b/0xaf0
[  343.887555][ T8353]  ? queue_io+0x3b1/0x590
[  343.887580][ T8353]  ? __pfx_wb_writeback+0x10/0x10
[  343.887613][ T8353]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.887640][ T8353]  wb_workfn+0x409/0xef0
[  343.887691][ T8353]  ? __pfx_wb_workfn+0x10/0x10
[  343.887727][ T8353]  ? __lock_acquire+0xab9/0xd20
[  343.887772][ T8353]  ? process_scheduled_works+0x9ef/0x17b0
[  343.887814][ T8353]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.887833][ T8353]  ? process_scheduled_works+0x9ef/0x17b0
[  343.887863][ T8353]  ? process_scheduled_works+0x9ef/0x17b0
[  343.887897][ T8353]  process_scheduled_works+0xae1/0x17b0
[  343.887965][ T8353]  ? __pfx_process_scheduled_works+0x10/0x10
[  343.888021][ T8353]  worker_thread+0x8a0/0xda0
[  343.888092][ T8353]  kthread+0x711/0x8a0
[  343.888121][ T8353]  ? __pfx_worker_thread+0x10/0x10
[  343.888153][ T8353]  ? __pfx_kthread+0x10/0x10
[  343.888180][ T8353]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.888199][ T8353]  ? lockdep_hardirqs_on+0x9c/0x150
[  343.888220][ T8353]  ? __pfx_kthread+0x10/0x10
[  343.888245][ T8353]  ret_from_fork+0x4bc/0x870
[  343.888279][ T8353]  ? __pfx_ret_from_fork+0x10/0x10
[  343.888321][ T8353]  ? __switch_to_asm+0x39/0x70
[  343.888346][ T8353]  ? __switch_to_asm+0x33/0x70
[  343.888379][ T8353]  ? __pfx_kthread+0x10/0x10
[  343.888405][ T8353]  ret_from_fork_asm+0x1a/0x30
[  343.888458][ T8353]  </TASK>
[  343.888467][ T8353] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  344.271587][ T9761] bridge0: port 3(syz_tun) entered disabled state
[  344.349570][ T9761] syz_tun (unregistering): left allmulticast mode
[  344.375965][ T9761] syz_tun (unregistering): left promiscuous mode
[  344.382638][ T9761] bridge0: port 3(syz_tun) entered disabled state
[  344.417638][T11964] loop5: detected capacity change from 0 to 32768
[  344.457939][T11964] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  344.677031][T10672] ocfs2: Unmounting device (7,5) on (node local)
[  344.985160][ T5185] Bluetooth: hci3: unexpected event for opcode 0x041c
[  345.279541][T11976] loop1: detected capacity change from 0 to 128
[  345.322405][T11976] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  345.366187][T11976] ext4 filesystem being mounted at /429/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  345.505991][ T5923] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  345.571443][ T5872] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  345.656290][ T5923] usb 6-1: Using ep0 maxpacket: 16
[  345.667338][ T5923] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  345.691713][ T5923] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  345.731440][ T5923] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  345.766942][ T5923] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  345.795195][ T5923] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.811349][ T5923] usb 6-1: config 0 descriptor??
[  345.837329][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  345.851366][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  345.863819][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  345.876847][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  345.891649][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  345.959030][T11998] program syz.2.2154 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  346.011166][T11997] syzkaller1: entered promiscuous mode
[  346.016913][T11997] syzkaller1: entered allmulticast mode
[  346.064865][T11998] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  346.313770][ T5923] hid_parser_main: 6 callbacks suppressed
[  346.313797][ T5923] shield 0003:0955:7214.0020: unknown main item tag 0x0
[  346.357094][ T5923] shield 0003:0955:7214.0020: unknown main item tag 0x0
[  346.364172][ T5923] shield 0003:0955:7214.0020: unknown main item tag 0x0
[  346.405532][ T5923] shield 0003:0955:7214.0020: unknown main item tag 0x0
[  346.425554][ T5923] shield 0003:0955:7214.0020: unknown main item tag 0x0
[  346.440713][ T5923] input: HID 0955:7214 Haptics as /devices/virtual/input/input53
[  346.470809][ T5923] shield 0003:0955:7214.0020: Registered Thunderstrike controller
[  346.479759][ T5923] shield 0003:0955:7214.0020: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0
[  346.506127][T11977] netlink: 'syz.5.2149': attribute type 2 has an invalid length.
[  346.524222][T11977] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2149'.
[  346.534011][   T24] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  346.603948][T11990] chnl_net:caif_netlink_parms(): no params data found
[  346.658733][ T1214] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  346.659204][ T5937] usb 6-1: USB disconnect, device number 5
[  346.691866][T12011] loop1: detected capacity change from 0 to 512
[  346.711205][ T1214] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  346.734765][ T1214] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  346.755927][T12011] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  346.761104][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  346.770587][ T1214] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  346.788732][T12011] EXT4-fs (loop1): invalid journal inode
[  346.794765][   T24] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  346.798313][T12011] EXT4-fs (loop1): can't get journal size
[  346.809711][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.809739][   T24] usb 4-1: Product: syz
[  346.809756][   T24] usb 4-1: Manufacturer: syz
[  346.809772][   T24] usb 4-1: SerialNumber: syz
[  346.817776][   T24] usb 4-1: config 0 descriptor??
[  346.842266][T12011] EXT4-fs (loop1): 1 truncate cleaned up
[  346.854798][T12011] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.007598][T11990] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.015088][T11990] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.017844][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.023255][T11990] bridge_slave_0: entered allmulticast mode
[  347.046904][T11990] bridge_slave_0: entered promiscuous mode
[  347.057003][T11990] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.088248][T11990] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.104415][T11990] bridge_slave_1: entered allmulticast mode
[  347.113572][T11990] bridge_slave_1: entered promiscuous mode
[  347.119401][T12006] loop2: detected capacity change from 0 to 32768
[  347.174324][T11990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  347.177052][T12006] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  347.190088][T11990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  347.212298][T12006] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  347.281079][T12006] XFS (loop2): Ending clean mount
[  347.305139][T12006] XFS (loop2): Quotacheck needed: Please wait.
[  347.356735][T12006] XFS (loop2): Quotacheck: Done.
[  347.370750][ T5980] usb 4-1: USB disconnect, device number 26
[  347.413161][T11990] team0: Port device team_slave_0 added
[  347.424164][T11990] team0: Port device team_slave_1 added
[  347.430571][ T5874] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  347.578027][T11990] batman_adv: batadv0: Adding interface: batadv_slave_0
[  347.585026][T11990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  347.655734][T11990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  347.691012][T11990] batman_adv: batadv0: Adding interface: batadv_slave_1
[  347.702743][T11990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  347.740757][T11990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  347.906230][   T52] Bluetooth: hci0: command tx timeout
[  347.930670][T11990] hsr_slave_0: entered promiscuous mode
[  347.937856][T11990] hsr_slave_1: entered promiscuous mode
[  348.123418][T12054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2175'.
[  348.156061][ T5980] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  348.190585][T12054] bond0: entered promiscuous mode
[  348.197836][T12054] bond_slave_0: entered promiscuous mode
[  348.203975][T12054] bond_slave_1: entered promiscuous mode
[  348.211917][T12054] bridge_slave_1: entered promiscuous mode
[  348.226843][T12054] bond0: left promiscuous mode
[  348.231788][T12054] bond_slave_0: left promiscuous mode
[  348.237671][T12054] bond_slave_1: left promiscuous mode
[  348.244479][T12054] bridge_slave_1: left promiscuous mode
[  348.323337][ T5980] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.359426][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  348.388359][ T5980] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  348.415618][ T5980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.453603][ T5980] usb 6-1: config 0 descriptor??
[  348.468942][ T5980] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  348.484821][ T5980] dvb-usb: bulk message failed: -22 (3/0)
[  348.504729][ T5980] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  348.538235][ T5980] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  348.546621][ T5980] usb 6-1: media controller created
[  348.554040][ T5980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  348.615596][T11990] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  348.628179][ T5980] dvb-usb: bulk message failed: -22 (6/0)
[  348.634047][ T5980] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  348.648035][T11990] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  348.672115][T11990] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  348.686105][ T5980] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input54
[  348.712429][T12072] loop3: detected capacity change from 0 to 128
[  348.723792][ T5980] dvb-usb: schedule remote query interval to 150 msecs.
[  348.726027][T11990] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  348.746134][ T5980] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  348.757541][T12072] EXT4-fs: inline encryption not supported
[  348.767367][ T5980] usb 6-1: USB disconnect, device number 6
[  348.770908][T12072] EXT4-fs (loop3): Test dummy encryption mode enabled
[  348.793555][T12072] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  348.843058][T12072] ext4 filesystem being mounted at /447/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  348.866265][ T5980] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  348.944040][T11990] 8021q: adding VLAN 0 to HW filter on device bond0
[  348.970282][T11990] 8021q: adding VLAN 0 to HW filter on device team0
[  348.979224][   T30] audit: type=1800 audit(1758826200.839:60): pid=12072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2181" name="file1" dev="loop3" ino=12 res=0 errno=0
[  349.031765][   T52] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  349.042372][   T52] Bluetooth: hci3: Injecting HCI hardware error event
[  349.053702][ T5185] Bluetooth: hci3: hardware error 0x00
[  349.072503][ T8353] bridge0: port 1(bridge_slave_0) entered blocking state
[  349.079944][ T8353] bridge0: port 1(bridge_slave_0) entered forwarding state
[  349.102101][ T5871] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  349.140053][ T8353] bridge0: port 2(bridge_slave_1) entered blocking state
[  349.147345][ T8353] bridge0: port 2(bridge_slave_1) entered forwarding state
[  349.402328][T12089] loop3: detected capacity change from 0 to 4096
[  349.781325][T11990] 8021q: adding VLAN 0 to HW filter on device batadv0
[  349.986120][   T52] Bluetooth: hci0: command tx timeout
[  350.321205][T11990] veth0_vlan: entered promiscuous mode
[  350.357507][T11990] veth1_vlan: entered promiscuous mode
[  350.481085][T11990] veth0_macvtap: entered promiscuous mode
[  350.514484][T11990] veth1_macvtap: entered promiscuous mode
[  350.532553][T12110] loop5: detected capacity change from 0 to 1764
[  350.559415][T12110] iso9660: Bad value for 'session'
[  350.578633][T11990] batman_adv: batadv0: Interface activated: batadv_slave_0
[  350.611869][T12099] loop3: detected capacity change from 0 to 32768
[  350.625041][T12110]  nullb0: [CUMANA/ADFS] p1 [Linux] p2 < >
[  350.632660][T11990] batman_adv: batadv0: Interface activated: batadv_slave_1
[  350.671718][T12099] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  350.757156][ T8348] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  350.767840][ T8348] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  350.772422][T12099] XFS (loop3): Ending clean mount
[  350.806637][T12099] XFS (loop3): Quotacheck needed: Please wait.
[  350.824727][ T8348] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  350.881091][ T8348] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  350.930650][T12099] XFS (loop3): Quotacheck: Done.
[  351.037932][T12126] ALSA: mixer_oss: invalid OSS volume ''
[  351.106292][ T5185] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  351.144707][ T8369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  351.164239][ T8369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.347795][ T8348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  351.393442][ T8348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.537398][ T5871] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  351.562280][T12135]  nullb0: AHDI p3
[  352.078235][ T5185] Bluetooth: hci0: command tx timeout
[  354.156574][ T5185] Bluetooth: hci0: command tx timeout
[  354.860686][T12219] loop1: detected capacity change from 0 to 32768
[  354.874993][T12219] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  354.912646][T12219] XFS (loop1): Ending clean mount
[  354.924418][T12219] XFS (loop1): Quotacheck needed: Please wait.
[  354.975781][T12219] XFS (loop1): Quotacheck: Done.
[  355.060397][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  356.646746][ T5963] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  356.723030][T12307] loop3: detected capacity change from 0 to 128
[  356.817804][ T5963] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  356.834390][ T5963] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  356.848130][ T5963] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  356.890276][T12312] loop3: detected capacity change from 0 to 512
[  356.908137][ T5963] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  356.930587][ T5963] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.994302][ T5963] usb 2-1: config 0 descriptor??
[  357.002228][T12312] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.067828][T12312] ext4 filesystem being mounted at /467/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  357.288692][ T5871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.473309][ T5963] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  357.702773][T12343] sit0: entered promiscuous mode
[  357.747830][T12343] netlink: 'syz.3.2285': attribute type 1 has an invalid length.
[  357.801459][T12343] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2285'.
[  357.822621][ T5937] usb 2-1: USB disconnect, device number 26
[  357.906536][T12351] hpfs: Bad magic ... probably not HPFS
[  357.993809][T12355] loop6: detected capacity change from 0 to 512
[  358.005717][T12355] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  358.041006][T12355] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2291: iget: bad extended attribute block 851968
[  358.055227][T12355] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2291: couldn't read orphan inode 15 (err -117)
[  358.074750][T12355] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  358.103330][T12355] EXT4-fs (loop6): shut down requested (2)
[  358.139255][T11990] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.283947][T12368] loop6: detected capacity change from 0 to 2048
[  358.292624][T12368] EXT4-fs: Ignoring removed mblk_io_submit option
[  358.308856][T12368] EXT4-fs (loop6): can't mount with data=, fs mounted w/o journal
[  358.827803][T12382] loop6: detected capacity change from 0 to 32768
[  358.841405][T12382] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  358.887183][T12382] XFS (loop6): Ending clean mount
[  358.903498][T12382] XFS (loop6): Quotacheck needed: Please wait.
[  358.970600][T12382] XFS (loop6): Quotacheck: Done.
[  358.976982][T12400] loop5: detected capacity change from 0 to 2048
[  359.009018][T12400] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  359.070154][T12403] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  359.113269][T11990] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  359.656145][ T5923] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  359.816125][ T5923] usb 6-1: Using ep0 maxpacket: 8
[  359.827122][ T5923] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  359.837203][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.854721][ T5923] usb 6-1: Product: syz
[  359.860087][ T5923] usb 6-1: Manufacturer: syz
[  359.864748][ T5923] usb 6-1: SerialNumber: syz
[  359.889681][ T5923] usb 6-1: config 0 descriptor??
[  360.123819][ T5923] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  360.381231][T12445] loop6: detected capacity change from 0 to 256
[  360.389618][   T52] Bluetooth: hci5: command 0x1003 tx timeout
[  360.398347][ T5185] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  360.437567][T12445] exfat: Deprecated parameter 'utf8'
[  360.489872][T12445] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  360.503388][T12438] loop2: detected capacity change from 0 to 32768
[  360.514875][T12438] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2323 (12438)
[  360.539903][T12438] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  360.557954][T12438] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  360.674856][T12464] loop6: detected capacity change from 0 to 1024
[  360.683865][T12438] BTRFS info (device loop2): enabling ssd optimizations
[  360.692161][T12438] BTRFS info (device loop2): enabling free space tree
[  360.767538][T12468] loop3: detected capacity change from 0 to 128
[  360.820257][   T30] audit: type=1804 audit(1758826212.679:61): pid=12468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2329" name="/newroot/478/file0/file1" dev="loop3" ino=1048648 res=1 errno=0
[  360.937370][ T5874] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  360.941872][ T5923] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  360.982788][ T5923] usb 6-1: USB disconnect, device number 7
[  361.027599][   T30] audit: type=1326 audit(1758826212.889:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12472 comm="syz.6.2331" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0cc18eec9 code=0x0
[  361.249304][T12481] loop1: detected capacity change from 0 to 128
[  361.744488][ T8361] kworker/u8:36: attempt to access beyond end of device
[  361.744488][ T8361] loop1: rw=1, sector=129, nr_sectors = 912 limit=128
[  361.870417][T12499] netlink: 'syz.1.2340': attribute type 1 has an invalid length.
[  361.910787][T12499] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2340'.
[  362.108843][T12508] loop6: detected capacity change from 0 to 128
[  362.887337][T12539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2359'.
[  362.919266][T12539] team_slave_0: entered promiscuous mode
[  362.925559][T12539] team_slave_1: entered promiscuous mode
[  362.939198][T12539] team0: Device macsec1 is already an upper device of the team interface
[  362.950617][T12539] team_slave_0: left promiscuous mode
[  362.956183][T12539] team_slave_1: left promiscuous mode
[  363.143462][T12551] loop1: detected capacity change from 0 to 1024
[  363.253379][ T8343] hfsplus: b-tree write err: -5, ino 4
[  363.536339][T12565] netlink: 'syz.6.2369': attribute type 12 has an invalid length.
[  363.551000][T12565] netlink: 'syz.6.2369': attribute type 29 has an invalid length.
[  363.562080][T12565] netlink: 148 bytes leftover after parsing attributes in process `syz.6.2369'.
[  363.571785][T12565] netlink: 'syz.6.2369': attribute type 2 has an invalid length.
[  363.580238][T12565] netlink: 23 bytes leftover after parsing attributes in process `syz.6.2369'.
[  364.345594][ T5930] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  364.472434][T12574] IPVS: You probably need to specify IP address on multicast interface.
[  364.486180][T12574] IPVS: Error connecting to the multicast addr
[  364.497860][ T5930] usb 7-1: config 1 has an invalid interface number: 7 but max is 0
[  364.535400][ T5930] usb 7-1: config 1 has no interface number 0
[  364.541611][ T5930] usb 7-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  364.568259][ T5930] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  364.597031][ T5930] usb 7-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.632295][ T5930] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  364.646170][ T5930] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.668893][ T5930] usb 7-1: Product: syz
[  364.673140][ T5930] usb 7-1: Manufacturer: syz
[  364.704083][ T5930] usb 7-1: SerialNumber: syz
[  364.728954][T12584] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  364.962463][T12584] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  365.211936][ T5930] sierra_net 7-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.6-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  365.261393][T12608] loop1: detected capacity change from 0 to 1024
[  365.271929][T12608] EXT4-fs: Ignoring removed nobh option
[  365.278333][T12608] EXT4-fs: Ignoring removed bh option
[  365.304912][T12608] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.329690][   T30] audit: type=1800 audit(1758826217.189:63): pid=12608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2386" name="file1" dev="loop1" ino=15 res=0 errno=0
[  365.384531][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.492594][T12617] loop1: detected capacity change from 0 to 2048
[  365.515489][T12617] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  365.528007][T12617] ext4 filesystem being mounted at /486/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  365.758532][T12627] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  365.773207][T12627] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  365.797679][T12627] overlayfs: conflicting lowerdir path
[  365.821669][  T979] usb 7-1: USB disconnect, device number 2
[  365.834178][  T979] sierra_net 7-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.6-1, Sierra Wireless USB-to-WWAN Modem
[  365.946145][  T979] sierra_net 7-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  366.236114][T12617] fs-verity (loop1, inode 13): Error -28 writing Merkle tree block 80
[  366.245213][T12617] fs-verity (loop1, inode 13): Error -28 building Merkle tree
[  366.268316][ T5930] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  366.356980][ T5963] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  366.429702][ T5930] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.445365][ T5930] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  366.486668][ T5930] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  366.505573][ T5930] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  366.511415][T12650] loop6: detected capacity change from 0 to 2048
[  366.513615][ T5930] usb 6-1: SerialNumber: syz
[  366.526761][ T5963] usb 4-1: Using ep0 maxpacket: 32
[  366.546987][ T5963] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  366.566009][ T5963] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  366.580546][T12650] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  366.594945][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.596211][ T5963] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  366.628269][T12650] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  366.637155][ T5963] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.649932][T12650] UDF-fs: Scanning with blocksize 512 failed
[  366.661639][ T5963] usb 4-1: config 0 descriptor??
[  366.670443][T12650] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  366.699600][   T30] audit: type=1800 audit(1758826218.559:64): pid=12650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2406" name="file1" dev="loop6" ino=838 res=0 errno=0
[  366.760334][ T5930] usb 6-1: 0:2 : does not exist
[  366.806831][ T5930] usb 6-1: USB disconnect, device number 8
[  367.101547][ T5963] savu 0003:1E7D:2D5A.0022: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  367.225904][ T5923] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  367.290626][T12665] loop2: detected capacity change from 0 to 1024
[  367.376125][ T5923] usb 7-1: Using ep0 maxpacket: 32
[  367.377592][ T5930] usb 4-1: USB disconnect, device number 27
[  367.384133][ T5923] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  367.418879][ T5923] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  367.446941][ T5923] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  367.460576][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.474376][T12671] loop2: detected capacity change from 0 to 256
[  367.482152][ T5923] usb 7-1: Product: syz
[  367.487454][ T5923] usb 7-1: Manufacturer: syz
[  367.493715][ T5923] usb 7-1: SerialNumber: syz
[  367.507070][ T5923] usb 7-1: config 0 descriptor??
[  367.521872][T12671] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  367.522892][ T5923] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  367.729891][ T8343] usb 7-1: Failed to submit usb control message: -71
[  367.730561][ T5923] usb 7-1: USB disconnect, device number 3
[  367.737707][ T8343] usb 7-1: unable to send the bmi data to the device: -71
[  367.737763][ T8343] usb 7-1: unable to get target info from device
[  367.737795][ T8343] usb 7-1: could not get target info (-71)
[  367.737822][ T8343] usb 7-1: could not probe fw (-71)
[  368.638907][T12691] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  368.989282][T12698] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2427'.
[  369.121527][T12683] loop1: detected capacity change from 0 to 40427
[  369.141082][T12683] F2FS-fs: heap/no_heap options were deprecated
[  369.162506][T12683] F2FS-fs (loop1): build fault injection rate: 19
[  369.191283][T12683] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  369.226549][T12683] F2FS-fs (loop1): invalid crc value
[  369.282236][T12683] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  369.397135][T12690] loop2: detected capacity change from 0 to 32768
[  369.446239][T12690] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  369.502772][T12683] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  369.543536][T12683] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  369.579421][T12690] XFS (loop2): Ending clean mount
[  369.617000][T12683] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  369.647771][T12690] XFS (loop2): Quotacheck needed: Please wait.
[  369.726227][T12690] XFS (loop2): Quotacheck: Done.
[  369.787466][T12683] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  369.844608][T12683] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab4/0x1cf0
[  369.906075][T12683] F2FS-fs (loop1): inconsistent node block, node_type:3, nid:11, node_footer[nid:11,ino:3,ofs:2041,cpver:0,blkaddr:0]
[  369.937470][ T5874] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  370.366936][    C0] F2FS-fs (loop1): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  370.378388][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  370.378418][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  370.378441][    C0] Call Trace:
[  370.378450][    C0]  <TASK>
[  370.378459][    C0]  dump_stack_lvl+0x189/0x250
[  370.378495][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.378521][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  370.378544][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  370.378582][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  370.378619][    C0]  ? f2fs_hw_is_readonly+0x39b/0x470
[  370.378658][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  370.378699][    C0]  f2fs_write_end_io+0x886/0xb60
[  370.378742][    C0]  blk_update_request+0x57e/0xe60
[  370.378777][    C0]  blk_mq_end_request+0x3e/0x70
[  370.378799][    C0]  blk_flush_complete_seq+0x678/0xcc0
[  370.378831][    C0]  flush_end_io+0xbaf/0xe60
[  370.378867][    C0]  __blk_mq_end_request+0x46a/0x630
[  370.378893][    C0]  blk_done_softirq+0x10a/0x160
[  370.378926][    C0]  handle_softirqs+0x286/0x870
[  370.378963][    C0]  ? run_ksoftirqd+0x9b/0x100
[  370.378992][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  370.379037][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  370.379074][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  370.379106][    C0]  run_ksoftirqd+0x9b/0x100
[  370.379125][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  370.379156][    C0]  smpboot_thread_fn+0x542/0xa60
[  370.379192][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  370.379233][    C0]  kthread+0x711/0x8a0
[  370.379263][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  370.379294][    C0]  ? __pfx_kthread+0x10/0x10
[  370.379320][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  370.379339][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.379359][    C0]  ? __pfx_kthread+0x10/0x10
[  370.379383][    C0]  ret_from_fork+0x4bc/0x870
[  370.379416][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  370.379455][    C0]  ? __switch_to_asm+0x39/0x70
[  370.379478][    C0]  ? __switch_to_asm+0x33/0x70
[  370.379504][    C0]  ? __pfx_kthread+0x10/0x10
[  370.379529][    C0]  ret_from_fork_asm+0x1a/0x30
[  370.379577][    C0]  </TASK>
[  370.379586][    C0] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  370.603630][ T5872] F2FS-fs (loop1): do_checkpoint failed err:-5, stop checkpoint
[  370.830236][T12727] loop3: detected capacity change from 0 to 32768
[  370.838812][T12727] btrfs: Deprecated parameter 'usebackuproot'
[  370.844971][T12727] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  370.860595][T12727] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2434 (12727)
[  370.897151][T12727] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  370.907653][T12727] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  371.025081][T12727] BTRFS info (device loop3): rebuilding free space tree
[  371.087291][T12727] BTRFS info (device loop3): allowing degraded mounts
[  371.109262][T12727] BTRFS info (device loop3): enabling ssd optimizations
[  371.156155][T12727] BTRFS info (device loop3): turning on flush-on-commit
[  371.178956][T12727] BTRFS info (device loop3): enabling free space tree
[  371.202050][T12727] BTRFS info (device loop3): force clearing of disk cache
[  371.229487][T12727] BTRFS info (device loop3): trying to use backup root at mount time
[  371.256397][T12727] BTRFS info (device loop3): use zstd compression, level 3
[  371.691822][ T5871] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  372.203053][T12769] loop5: detected capacity change from 0 to 32768
[  372.262744][T12769] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  372.304563][T12769] XFS (loop5): Ending clean mount
[  372.321442][T12769] XFS (loop5): Quotacheck needed: Please wait.
[  372.368693][T12769] XFS (loop5): Quotacheck: Done.
[  372.415923][ T5930] usb 4-1: new low-speed USB device number 28 using dummy_hcd
[  372.519916][T10672] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  372.617141][ T5930] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  372.635460][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.680226][ T5930] usb 4-1: config 0 descriptor??
[  373.271371][T12790] netlink: 'syz.1.2453': attribute type 10 has an invalid length.
[  373.297721][T12790] team0: Device dummy0 failed to register rx_handler
[  373.523613][ T5930] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  373.523649][ T5930] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  373.536178][ T5930] asix 4-1:0.0: probe with driver asix failed with error -71
[  373.539826][ T5930] usb 4-1: USB disconnect, device number 28
[  374.411515][T12816] loop5: detected capacity change from 0 to 2048
[  374.427807][T12816] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  374.452036][T12816] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  374.460330][T12816] UDF-fs: Scanning with blocksize 512 failed
[  374.483656][T12816] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  375.015617][T12825] loop6: detected capacity change from 0 to 32768
[  375.045642][T12825] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  375.078967][T12825] XFS (loop6): Ending clean mount
[  375.130127][T11990] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  375.232883][T12830] loop1: detected capacity change from 0 to 32768
[  375.276338][T12830] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2472 (12830)
[  375.316509][T12830] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  375.340641][T12830] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  375.627413][T12830] BTRFS info (device loop1): enabling ssd optimizations
[  375.666130][T12830] BTRFS info (device loop1): enabling free space tree
[  375.684886][T12830] BTRFS info (device loop1): use lzo compression, level 1
[  375.705795][T12880] loop3: detected capacity change from 0 to 512
[  375.784623][   T30] audit: type=1800 audit(1758826227.629:65): pid=12830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2472" name="file1" dev="loop1" ino=260 res=0 errno=0
[  375.830105][T12880] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  375.843828][T12880] ext4 filesystem being mounted at /505/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  375.904547][T12880] EXT4-fs warning (device loop3): ext4_group_extend:1891: can't read last block, resize aborted
[  376.050227][T12887] Bluetooth: MGMT ver 1.23
[  376.174512][ T5871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.194797][ T5872] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  376.452916][T12893] tun0: tun_chr_ioctl cmd 1074025675
[  376.486347][T12893] tun0: persist enabled
[  376.491572][T12893] tun0: tun_chr_ioctl cmd 1074025675
[  376.505965][T12893] tun0: persist enabled
[  377.742478][T12912] loop1: detected capacity change from 0 to 65536
[  377.759343][T12912] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  377.826057][T12912] XFS (loop1): Ending clean mount
[  377.854997][   T30] audit: type=1800 audit(1758826229.709:66): pid=12912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2496" name="file1" dev="loop1" ino=38 res=0 errno=0
[  377.910833][ T5872] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  378.156519][ T5185] Bluetooth: hci0: command tx timeout
[  378.515526][   T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  378.680518][   T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  378.707982][   T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.758271][   T24] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  378.777276][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.795912][   T24] usb 7-1: Product: syz
[  378.800259][   T24] usb 7-1: Manufacturer: syz
[  378.804903][   T24] usb 7-1: SerialNumber: syz
[  378.855800][   T24] cdc_mbim 7-1:1.0: skipping garbage
[  378.951779][T12957] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2504'.
[  379.151452][   T30] audit: type=1326 audit(1758826230.989:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.186694][   T30] audit: type=1326 audit(1758826230.989:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.229494][   T30] audit: type=1326 audit(1758826230.989:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.287459][   T30] audit: type=1326 audit(1758826230.989:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.335851][   T30] audit: type=1326 audit(1758826230.989:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.396179][   T30] audit: type=1326 audit(1758826230.989:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.446098][   T30] audit: type=1326 audit(1758826230.989:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.484754][   T30] audit: type=1326 audit(1758826230.989:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12941 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4826d8eec9 code=0x7fc00000
[  379.788149][T12963] loop1: detected capacity change from 0 to 40427
[  379.816935][T12963] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  379.825044][T12963] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  379.854075][T12963] F2FS-fs (loop1): invalid crc value
[  379.868855][   T24] cdc_mbim 7-1:1.0: bind() failure
[  379.885549][   T24] usbtest 7-1:1.1: probe with driver usbtest failed with error -71
[  379.905097][   T24] usb 7-1: USB disconnect, device number 4
[  380.089547][T12963] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  380.111155][T12963] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  380.127703][T12963] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  381.325706][ T5937] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  381.457716][   T24] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  381.507448][ T5937] usb 7-1: Using ep0 maxpacket: 8
[  381.514585][ T5937] usb 7-1: unable to get BOS descriptor or descriptor too short
[  381.524367][ T5937] usb 7-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  381.541793][ T5937] usb 7-1: config 1 interface 0 has no altsetting 0
[  381.555877][ T5937] usb 7-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.40
[  381.565224][ T5937] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.573846][ T5937] usb 7-1: Manufacturer: å…„
[  381.621868][T13045] netlink: 'syz.1.2552': attribute type 1 has an invalid length.
[  381.633595][T13045] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2552'.
[  381.636698][   T24] usb 6-1: Using ep0 maxpacket: 32
[  381.643499][T13045] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2552'.
[  381.653874][   T24] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  381.677867][   T24] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  381.687812][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.697386][   T24] usb 6-1: Product: syz
[  381.701894][   T24] usb 6-1: Manufacturer: syz
[  381.707334][   T24] usb 6-1: SerialNumber: syz
[  381.719216][   T24] usb 6-1: config 0 descriptor??
[  381.726431][T13030] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  381.744045][   T24] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input56
[  381.798807][T13049] gfs2: gfs2 mount does not exist
[  381.808059][ T5937] usbhid 7-1:1.0: can't add hid device: -71
[  381.814621][ T5937] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[  381.845782][ T5937] usb 7-1: USB disconnect, device number 5
[  381.948077][T13053] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2556'.
[  381.999902][ T5923] usb 6-1: USB disconnect, device number 9
[  382.005441][    C1] usbtouchscreen 6-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  382.144879][T13057] loop3: detected capacity change from 0 to 2048
[  382.171935][T13057] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  382.197917][T13057] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  382.612554][T13059] loop1: detected capacity change from 0 to 32768
[  382.646341][T13059] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  382.714233][T13061] loop3: detected capacity change from 0 to 32768
[  382.716155][T13059] XFS (loop1): Ending clean mount
[  382.737373][T13061] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  382.760583][T13061] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  382.808954][ T5980] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  382.869739][ T5872] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  382.902616][ T5871] ocfs2: Unmounting device (7,3) on (node local)
[  382.986351][ T5980] usb 7-1: Using ep0 maxpacket: 16
[  383.017884][ T5980] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  383.052016][ T5980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  383.079400][ T5980] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  383.114821][ T5980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.134078][ T5980] usb 7-1: Product: syz
[  383.153450][ T5980] usb 7-1: Manufacturer: syz
[  383.180189][ T5980] usb 7-1: SerialNumber: syz
[  383.199880][ T5980] usb 7-1: config 0 descriptor??
[  383.238686][ T5980] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  383.266650][ T5980] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  383.535384][   T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  383.712714][T13107] loop3: detected capacity change from 0 to 1024
[  383.719319][   T24] usb 6-1: Using ep0 maxpacket: 16
[  383.730372][   T24] usb 6-1: config 0 has an invalid interface number: 145 but max is 0
[  383.741028][   T24] usb 6-1: config 0 has no interface number 0
[  383.754315][   T24] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  383.786129][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.796563][T13107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  383.817986][ T5980] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  383.824887][ T5980] em28xx 7-1:0.0: Config register raw data: 0x41
[  383.829309][   T24] usb 6-1: Product: syz
[  383.841652][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  383.850081][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  383.887410][   T24] usb 6-1: Manufacturer: syz
[  383.903375][   T24] usb 6-1: SerialNumber: syz
[  383.923680][T13115] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2578'.
[  383.925881][   T24] usb 6-1: config 0 descriptor??
[  383.974768][   T24] hub 6-1:0.145: bad descriptor, ignoring hub
[  383.992744][   T24] hub 6-1:0.145: probe with driver hub failed with error -5
[  384.030169][   T24] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.145/input/input57
[  384.041446][ T5980] usb 7-1: USB disconnect, device number 6
[  384.059094][ T5980] em28xx 7-1:0.0: Disconnecting em28xx
[  384.086934][ T5980] em28xx 7-1:0.0: Freeing device
[  384.104472][ T5871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.453575][T13124] overlayfs: workdir and upperdir must reside under the same mount
[  384.871002][T13142] loop3: detected capacity change from 0 to 2048
[  384.891583][T13142] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  384.904646][T13142] ext4 filesystem being mounted at /536/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  385.015404][ T5937] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  385.178126][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  385.198098][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  385.219698][ T5937] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  385.241297][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.284400][ T5937] usb 2-1: config 0 descriptor??
[  385.650208][T13142] fs-verity (loop3, inode 13): Error -28 writing Merkle tree block 80
[  385.659025][T13142] fs-verity (loop3, inode 13): Error -28 building Merkle tree
[  385.737261][ T5937] cm6533_jd 0003:0D8C:0022.0023: unknown main item tag 0x0
[  385.765589][ T5937] cm6533_jd 0003:0D8C:0022.0023: unknown main item tag 0x0
[  385.791456][ T5937] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0023/input/input58
[  385.828656][ T5937] cm6533_jd 0003:0D8C:0022.0023: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  386.015684][T13152] loop5: detected capacity change from 0 to 40427
[  386.036178][T13152] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  386.051963][T13152] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  386.081326][T13152] F2FS-fs (loop5): build fault injection rate: 17008
[  386.101028][T13152] F2FS-fs (loop5): build fault injection type: 0x1f8
[  386.119695][ T5871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.138389][T13152] F2FS-fs (loop5): invalid crc value
[  386.288920][T13178] sctp: [Deprecated]: syz.6.2605 (pid 13178) Use of int in max_burst socket option deprecated.
[  386.288920][T13178] Use struct sctp_assoc_value instead
[  386.333413][T13152] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  386.367346][T13152] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  386.387298][T13152] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  386.528686][T10672] syz-executor: attempt to access beyond end of device
[  386.528686][T10672] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  386.564123][T10672] CPU: 0 UID: 0 PID: 10672 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  386.564155][T10672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  386.564168][T10672] Call Trace:
[  386.564177][T10672]  <TASK>
[  386.564187][T10672]  dump_stack_lvl+0x189/0x250
[  386.564351][T10672]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.564378][T10672]  ? __pfx_queue_work_on+0x10/0x10
[  386.564395][T10672]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  386.564429][T10672]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  386.564478][T10672]  f2fs_handle_critical_error+0x37c/0x540
[  386.564521][T10672]  f2fs_write_end_io+0x886/0xb60
[  386.564572][T10672]  __submit_merged_bio+0x27a/0x6a0
[  386.564616][T10672]  __submit_merged_write_cond+0x255/0x530
[  386.564661][T10672]  f2fs_write_data_pages+0x261d/0x3000
[  386.564731][T10672]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  386.564775][T10672]  ? kernel_text_address+0xa5/0xe0
[  386.564846][T10672]  ? stack_depot_save_flags+0x40/0x860
[  386.564905][T10672]  ? __lock_acquire+0xab9/0xd20
[  386.564948][T10672]  ? do_raw_spin_lock+0x121/0x290
[  386.564990][T10672]  ? do_raw_spin_unlock+0x122/0x240
[  386.565016][T10672]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  386.565042][T10672]  do_writepages+0x32e/0x550
[  386.565093][T10672]  ? do_raw_spin_unlock+0x122/0x240
[  386.565126][T10672]  filemap_fdatawrite+0x199/0x240
[  386.565148][T10672]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  386.565245][T10672]  ? do_raw_spin_unlock+0x122/0x240
[  386.565283][T10672]  f2fs_sync_dirty_inodes+0x31f/0x830
[  386.565331][T10672]  f2fs_write_checkpoint+0x93e/0x2440
[  386.565356][T10672]  ? __lock_acquire+0xab9/0xd20
[  386.565422][T10672]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  386.565524][T10672]  kill_f2fs_super+0x2cc/0x6d0
[  386.565560][T10672]  ? __pfx_kill_f2fs_super+0x10/0x10
[  386.565611][T10672]  ? shrinker_free+0x2ce/0x3e0
[  386.565646][T10672]  deactivate_locked_super+0xbc/0x130
[  386.565683][T10672]  cleanup_mnt+0x425/0x4c0
[  386.565713][T10672]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.565738][T10672]  task_work_run+0x1d4/0x260
[  386.565769][T10672]  ? __pfx_task_work_run+0x10/0x10
[  386.565792][T10672]  ? __x64_sys_umount+0x122/0x160
[  386.565820][T10672]  ? exit_to_user_mode_loop+0x40/0x130
[  386.565855][T10672]  exit_to_user_mode_loop+0xe9/0x130
[  386.565885][T10672]  do_syscall_64+0x2bd/0xfa0
[  386.565906][T10672]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.565928][T10672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.565949][T10672]  ? clear_bhb_loop+0x60/0xb0
[  386.565978][T10672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.565999][T10672] RIP: 0033:0x7f7f2c5901f7
[  386.566019][T10672] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  386.566037][T10672] RSP: 002b:00007fffcd832e88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  386.566060][T10672] RAX: 0000000000000000 RBX: 00007f7f2c611d7d RCX: 00007f7f2c5901f7
[  386.566074][T10672] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcd832f40
[  386.566088][T10672] RBP: 00007fffcd832f40 R08: 0000000000000000 R09: 0000000000000000
[  386.566101][T10672] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffcd833fd0
[  386.566115][T10672] R13: 00007f7f2c611d7d R14: 000000000005e594 R15: 00007fffcd834010
[  386.566158][T10672]  </TASK>
[  386.928987][T10672] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  386.977236][T13185] syzkaller1: entered promiscuous mode
[  386.991052][T13185] syzkaller1: entered allmulticast mode
[  387.295694][T13188] loop2: detected capacity change from 0 to 32768
[  387.304892][T13188] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2610 (13188)
[  387.338662][T13188] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  387.366069][T13188] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  387.562991][T13188] BTRFS info (device loop2): enabling ssd optimizations
[  387.585786][T13188] BTRFS info (device loop2): enabling free space tree
[  387.780108][T13190] loop6: detected capacity change from 0 to 32768
[  387.809900][T13190] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2611 (13190)
[  387.820189][ T5937] usb 2-1: USB disconnect, device number 27
[  387.853011][   T24] usb 6-1: USB disconnect, device number 10
[  387.860455][T13190] BTRFS info (device loop6): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  387.927261][T13190] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  388.138606][ T5874] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  388.219115][T13190] BTRFS info (device loop6): enabling ssd optimizations
[  388.287175][T13190] BTRFS info (device loop6): enabling free space tree
[  388.495073][T13244] loop5: detected capacity change from 0 to 2048
[  388.547422][T13244] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  388.567004][T13244] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  388.585086][T13244] UDF-fs: Scanning with blocksize 512 failed
[  388.648168][T11990] BTRFS info (device loop6): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  388.677275][T13244] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  388.748039][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  388.748058][   T30] audit: type=1800 audit(1758826240.599:86): pid=13244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2621" name="file1" dev="loop5" ino=838 res=0 errno=0
[  388.967862][T13255] netlink: 'syz.5.2626': attribute type 29 has an invalid length.
[  389.056294][T13257] netlink: 'syz.5.2626': attribute type 29 has an invalid length.
[  389.086664][T13255] netlink: 500 bytes leftover after parsing attributes in process `syz.5.2626'.
[  389.317203][ T1214] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  389.551584][ T1214] usb 4-1: Using ep0 maxpacket: 16
[  389.559506][ T1214] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  389.588808][ T1214] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  389.617499][ T1214] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  389.644180][ T1214] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  389.654807][ T1214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.678312][ T1214] usb 4-1: Product: syz
[  389.682546][ T1214] usb 4-1: Manufacturer: syz
[  389.699043][ T1214] usb 4-1: SerialNumber: syz
[  389.968724][ T1214] usb 4-1: 0:2 : does not exist
[  390.113317][ T1214] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  390.231581][ T1214] usb 4-1: USB disconnect, device number 29
[  390.282382][T13289] loop5: detected capacity change from 0 to 2048
[  390.338464][T13289] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  390.380602][   T30] audit: type=1800 audit(1758826242.239:87): pid=13289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2640" name="file1" dev="loop5" ino=1367 res=0 errno=0
[  390.401707][    C0] vkms_vblank_simulate: vblank timer overrun
[  390.771912][T13297] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2644'.
[  390.781962][T13297] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2644'.
[  390.926221][T13285] loop1: detected capacity change from 0 to 131072
[  390.980844][T13301] macvlan0: entered promiscuous mode
[  390.987019][ T1214] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  390.992020][T13301] batadv0: entered promiscuous mode
[  391.008925][T13301] hsr1: entered allmulticast mode
[  391.014066][T13301] macvlan0: entered allmulticast mode
[  391.020506][T13301] veth1_vlan: entered allmulticast mode
[  391.046599][T13301] batadv0: entered allmulticast mode
[  391.077402][T13285] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  391.093711][T13285] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  391.162868][ T1214] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.17
[  391.174782][ T1214] usb 4-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3
[  391.190564][ T1214] usb 4-1: Product: syz
[  391.194783][ T1214] usb 4-1: Manufacturer: syz
[  391.202755][ T1214] usb 4-1: SerialNumber: syz
[  391.231989][ T1214] usb 4-1: config 0 descriptor??
[  391.251999][ T1214] ch341 4-1:0.0: ch341-uart converter detected
[  391.403216][T13318] netlink: 'syz.6.2653': attribute type 11 has an invalid length.
[  392.119347][T13338] loop5: detected capacity change from 0 to 4096
[  392.472441][ T8343] ntfs3(loop5): ino=5, mi_enum_attr
[  392.516103][ T1214] ch341-uart ttyUSB0: failed to read break control: -71
[  392.516171][ T1214] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  392.527748][ T1214] usb 4-1: USB disconnect, device number 30
[  392.529411][ T1214] ch341 4-1:0.0: device disconnected
[  392.633041][T13349] loop5: detected capacity change from 0 to 256
[  392.638582][T13349] exfat: Deprecated parameter 'utf8'
[  392.661276][T13349] exfat: Deprecated parameter 'utf8'
[  392.683116][T13349] exfat: Deprecated parameter 'namecase'
[  392.708320][T13349] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  393.211033][T13368] loop1: detected capacity change from 0 to 512
[  393.222601][T13368] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  393.264516][T13368] EXT4-fs (loop1): 1 truncate cleaned up
[  393.278119][T13368] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.413377][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.764122][T13384] loop2: detected capacity change from 0 to 2048
[  393.825649][T13384] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.937409][T13384] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  393.970954][T13384] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  394.036061][T13384] EXT4-fs (loop2): This should not happen!! Data will be lost
[  394.036061][T13384] 
[  394.085434][T13384] EXT4-fs (loop2): Total free blocks count 0
[  394.092553][T13380] loop1: detected capacity change from 0 to 32768
[  394.129147][T13384] EXT4-fs (loop2): Free/Dirty block details
[  394.135237][T13384] EXT4-fs (loop2): free_blocks=2415919104
[  394.192156][T13384] EXT4-fs (loop2): dirty_blocks=16
[  394.193556][T13380] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  394.224495][T13384] EXT4-fs (loop2): Block reservation details
[  394.258301][T13384] EXT4-fs (loop2): i_reserved_data_blocks=1
[  394.387208][ T8348] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  394.424580][T13380] XFS (loop1): Ending clean mount
[  394.522557][T13380] XFS (loop1): Quotacheck needed: Please wait.
[  394.617252][  T979] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  394.691222][T13414] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2691'.
[  394.715513][T13414] netlink: 'syz.3.2691': attribute type 7 has an invalid length.
[  394.723304][T13414] netlink: 'syz.3.2691': attribute type 8 has an invalid length.
[  394.747209][T13380] XFS (loop1): Quotacheck: Done.
[  394.764473][T13414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2691'.
[  394.793425][   T30] audit: type=1800 audit(1758826246.649:88): pid=13380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2679" name="file1" dev="loop1" ino=9286 res=0 errno=0
[  394.814407][    C0] vkms_vblank_simulate: vblank timer overrun
[  394.820621][  T979] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  394.835853][  T979] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.844868][  T979] usb 6-1: Product: syz
[  394.855073][  T979] usb 6-1: Manufacturer: syz
[  394.865838][  T979] usb 6-1: SerialNumber: syz
[  394.876679][T13414] gretap0: entered promiscuous mode
[  394.883201][  T979] usb 6-1: config 0 descriptor??
[  394.897765][T13414] batadv_slave_1: entered promiscuous mode
[  394.901286][  T979] gspca_main: sunplus-2.14.0 probing 055f:c230
[  394.928563][T13414] batadv_slave_1: left promiscuous mode
[  394.947329][T13414] gretap0: left promiscuous mode
[  395.201929][ T5872] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  395.213506][T13422] loop3: detected capacity change from 0 to 8
[  395.696759][T13432] loop3: detected capacity change from 0 to 128
[  395.712674][T13416] loop2: detected capacity change from 0 to 40427
[  395.724351][T13432] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  395.737954][T13416] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  395.746848][T13416] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  395.748133][T13432] ext4 filesystem being mounted at /550/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  395.759904][T13416] F2FS-fs (loop2): invalid crc value
[  395.850689][T13416] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  395.862457][T13416] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  395.870920][T13416] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  395.888941][ T5871] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  395.931850][  T979] gspca_sunplus: reg_r err -71
[  395.940963][  T979] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  395.971521][  T979] usb 6-1: USB disconnect, device number 11
[  395.989769][T13444] F2FS-fs (loop2): Stopped filesystem due to reason: 0
[  395.996978][T13446] input: syz0 as /devices/virtual/input/input59
[  396.182343][T13450] loop3: detected capacity change from 0 to 1024
[  396.198562][T13450] EXT4-fs: Ignoring removed nomblk_io_submit option
[  396.234133][T13450] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  396.363187][T13460] loop6: detected capacity change from 0 to 4096
[  396.382715][ T5871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.610302][T13460] overlayfs: upper fs does not support tmpfile.
[  396.649940][T13460] overlayfs: workdir/#29 already exists
[  396.724652][T13468] loop1: detected capacity change from 0 to 4096
[  396.746890][T13468] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  396.813562][T13468] ntfs3(loop1): Failed to load $Extend (-22).
[  396.825548][T13468] ntfs3(loop1): Failed to initialize $Extend.
[  396.844076][T13475] syz_tun: entered promiscuous mode
[  396.885119][T13475] syz_tun: left promiscuous mode
[  397.216898][ T1214] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  397.565990][ T1214] usb 4-1: device not accepting address 31, error -71
[  397.774044][T13504] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  398.026312][T13517] loop1: detected capacity change from 0 to 1024
[  398.091636][T13517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  398.144949][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.449265][T13543] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input60
[  398.477667][T13544] sctp: [Deprecated]: syz.3.2737 (pid 13544) Use of int in max_burst socket option deprecated.
[  398.477667][T13544] Use struct sctp_assoc_value instead
[  398.556499][T13547] loop5: detected capacity change from 0 to 47
[  398.601079][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  399.076073][ T1214] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  399.164084][T13551] loop6: detected capacity change from 0 to 32768
[  399.183337][T13551] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  399.236204][ T1214] usb 6-1: Using ep0 maxpacket: 32
[  399.248307][ T1214] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  399.258630][ T1214] usb 6-1: config 0 has no interface number 0
[  399.266526][ T1214] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  399.284413][ T1214] usb 6-1: config 0 interface 85 has no altsetting 0
[  399.294980][ T1214] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  399.314108][ T1214] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.332534][T13551] XFS (loop6): Ending clean mount
[  399.339450][ T1214] usb 6-1: Product: syz
[  399.344037][ T1214] usb 6-1: Manufacturer: syz
[  399.351594][T13551] XFS (loop6): Quotacheck needed: Please wait.
[  399.358833][ T1214] usb 6-1: SerialNumber: syz
[  399.368923][ T1214] usb 6-1: config 0 descriptor??
[  399.434207][T13551] XFS (loop6): Quotacheck: Done.
[  399.469269][   T30] audit: type=1800 audit(1758826251.329:89): pid=13551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2741" name="file1" dev="loop6" ino=9286 res=0 errno=0
[  399.739558][T11990] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  399.985596][ T1214] appletouch 6-1:0.85: Geyser mode initialized.
[  399.997542][ T1214] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input61
[  400.171174][T13589] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2752'.
[  400.189954][ T1214] usb 6-1: USB disconnect, device number 12
[  400.210213][T13589] netlink: 'syz.6.2752': attribute type 7 has an invalid length.
[  400.228328][T13589] netlink: 'syz.6.2752': attribute type 8 has an invalid length.
[  400.239629][ T1214] appletouch 6-1:0.85: input: appletouch disconnected
[  400.263809][T13589] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2752'.
[  400.290683][T13589] gretap0: entered promiscuous mode
[  400.313133][T13589] batadv_slave_1: entered promiscuous mode
[  400.337434][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.356449][T13589] batadv_slave_1: left promiscuous mode
[  400.365572][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.373084][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.384539][T13589] gretap0: left promiscuous mode
[  400.404820][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.422929][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.442682][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.459498][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.495364][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.518060][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.538754][ T5923] hid-generic 00A1:0009:0003.0024: unknown main item tag 0x0
[  400.565604][ T5923] hid-generic 00A1:0009:0003.0024: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  401.331877][   T30] audit: type=1326 audit(1758826253.189:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13616 comm="syz.3.2766" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bbed8eec9 code=0x0
[  402.442869][T13640] loop6: detected capacity change from 0 to 32768
[  402.526795][T13640] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  402.667315][T11990] (syz-executor,11990,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  402.736383][ T5937] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  402.744367][T11990] ocfs2: Unmounting device (7,6) on (node local)
[  402.909690][ T5937] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  402.921698][ T5937] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.936423][ T5937] usb 6-1: config 0 descriptor??
[  403.172074][ T5937] kaweth 6-1:0.0: Firmware present in device.
[  403.275411][ T1214] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  403.362265][ T5937] kaweth 6-1:0.0: Statistics collection: 0
[  403.371726][ T5937] kaweth 6-1:0.0: Multicast filter limit: 0
[  403.380289][ T5937] kaweth 6-1:0.0: MTU: 0
[  403.390444][ T5937] kaweth 6-1:0.0: Read MAC address 00:00:00:00:00:00
[  403.445438][ T1214] usb 2-1: Using ep0 maxpacket: 16
[  403.463059][ T1214] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  403.478172][ T1214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.495399][ T1214] usb 2-1: Product: syz
[  403.504145][ T1214] usb 2-1: Manufacturer: syz
[  403.514301][ T1214] usb 2-1: SerialNumber: syz
[  403.522675][ T1214] usb 2-1: config 0 descriptor??
[  403.530605][ T1214] ums-onetouch 2-1:0.0: USB Mass Storage device detected
[  403.751047][ T1214] usb 2-1: USB disconnect, device number 28
[  403.973273][ T5937] kaweth 6-1:0.0: Error setting receive filter
[  403.982471][ T5937] kaweth 6-1:0.0: probe with driver kaweth failed with error -5
[  404.008339][ T5937] usb 6-1: USB disconnect, device number 13
[  404.845036][T13714] loop6: detected capacity change from 0 to 32768
[  404.931713][T13714] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  404.931740][T13714]   allowing incompatible features above 0.0: (unknown version)
[  404.931754][T13714]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  404.979550][T13714] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  404.989063][T13714] bcachefs (loop6): initializing new filesystem
[  405.007370][T13714] bcachefs (loop6): going read-write
[  405.028734][T13740] syzkaller1: entered promiscuous mode
[  405.037959][T13714] bcachefs (loop6): marking superblocks
[  405.055015][T13740] syzkaller1: entered allmulticast mode
[  405.093537][T13747] loop3: detected capacity change from 0 to 512
[  405.120644][T13714] bcachefs (loop6): initializing freespace
[  405.125813][T13747] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.2818: casefold flag without casefold feature
[  405.131721][T13714] bcachefs (loop6): done initializing freespace
[  405.150192][T13747] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.2818: couldn't read orphan inode 15 (err -117)
[  405.151935][T13714] bcachefs (loop6): reading snapshots table
[  405.172233][T13747] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  405.176473][T13714] bcachefs (loop6): reading snapshots done
[  405.227506][T13714] bcachefs (loop6):  loop6: Superblock write was silently dropped! (seq 0 expected 42)
[  405.246430][T13714] bcachefs (loop6): done starting filesystem
[  405.246779][ T5871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.305383][ T1214] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  405.414896][T13756] loop3: detected capacity change from 0 to 64
[  405.421324][T11990] bcachefs (loop6): shutting down
[  405.427252][T11990] bcachefs (loop6): going read-only
[  405.432513][T11990] bcachefs (loop6): finished waiting for writes to stop
[  405.451842][T11990] bcachefs (loop6): flushing journal and stopping allocators, journal seq 2
[  405.464628][   T30] audit: type=1800 audit(1758826257.329:91): pid=13756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2822" name="file1" dev="loop3" ino=21 res=0 errno=0
[  405.468872][T13756] hfs: request for non-existent node 237 in B*Tree
[  405.485127][    C1] vkms_vblank_simulate: vblank timer overrun
[  405.513026][ T1214] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.546264][T13756] hfs: request for non-existent node 237 in B*Tree
[  405.546584][ T1214] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.554999][T13756] hfs: request for non-existent node 237 in B*Tree
[  405.564238][ T1214] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  405.583910][ T1214] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  405.591271][T11990] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 3
[  405.611080][T13756] hfs: request for non-existent node 237 in B*Tree
[  405.611139][T11990] bcachefs (loop6): clean shutdown complete, journal seq 4
[  405.626724][T11990] bcachefs (loop6): marking filesystem clean
[  405.633996][ T1214] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.643832][T13758] hfs: request for non-existent node 237 in B*Tree
[  405.659352][T13758] hfs: request for non-existent node 237 in B*Tree
[  405.664172][ T1214] usb 6-1: config 0 descriptor??
[  405.684337][T11990] bcachefs (loop6): shutdown complete
[  405.763292][ T8343] hfs: request for non-existent node 237 in B*Tree
[  405.774943][ T8343] hfs: request for non-existent node 237 in B*Tree
[  405.783714][ T8343] ------------[ cut here ]------------
[  405.789895][ T8343] kernel BUG at fs/hfs/inode.c:444!
[  405.796850][ T8343] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  405.803146][ T8343] CPU: 0 UID: 0 PID: 8343 Comm: kworker/u8:18 Not tainted syzkaller #0 PREEMPT(full) 
[  405.812713][ T8343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  405.822900][ T8343] Workqueue: writeback wb_workfn (flush-7:3)
[  405.829025][ T8343] RIP: 0010:hfs_write_inode+0x7c8/0x7d0
[  405.834867][ T8343] Code: c1 80 62 d1 99 80 e1 07 80 c1 03 38 c1 0f 8c 7d fe ff ff 48 c7 c7 80 62 d1 99 e8 c3 2d 87 ff e9 6c fe ff ff e8 09 ed 21 ff 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  405.854591][ T8343] RSP: 0018:ffffc90003adf160 EFLAGS: 00010293
[  405.860944][ T8343] RAX: ffffffff829e6947 RBX: ffff888031ed0e98 RCX: ffff88802e35dac0
[  405.869105][ T8343] RDX: 0000000000000000 RSI: ffffffff8e566900 RDI: 0000000000000000
[  405.877261][ T8343] RBP: ffffc90003adf2f0 R08: ffff88802e35dac0 R09: 0000000000000003
[  405.885475][ T8343] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000
[  405.893487][ T8343] R13: 1ffff9200075be30 R14: ffff888031ed0e58 R15: 0000000000000000
[  405.901661][ T8343] FS:  0000000000000000(0000) GS:ffff888125a03000(0000) knlGS:0000000000000000
[  405.910794][ T8343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  405.917389][ T8343] CR2: 0000555565eff5c8 CR3: 000000007c00c000 CR4: 00000000003526f0
[  405.925472][ T8343] Call Trace:
[  405.928778][ T8343]  <TASK>
[  405.931818][ T8343]  ? __pfx_hfs_write_inode+0x10/0x10
[  405.937144][ T8343]  __writeback_single_inode+0x6f1/0xff0
[  405.942712][ T8343]  writeback_sb_inodes+0x6c7/0x1010
[  405.947931][ T8343]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  405.953587][ T8343]  ? rcu_is_watching+0x15/0xb0
[  405.958362][ T8343]  wb_writeback+0x43b/0xaf0
[  405.962887][ T8343]  ? queue_io+0x3b1/0x590
[  405.967224][ T8343]  ? __pfx_wb_writeback+0x10/0x10
[  405.972255][ T8343]  ? _raw_spin_unlock_irq+0x23/0x50
[  405.977487][ T8343]  wb_workfn+0x409/0xef0
[  405.981748][ T8343]  ? __pfx_wb_workfn+0x10/0x10
[  405.986587][ T8343]  ? __lock_acquire+0xab9/0xd20
[  405.991460][ T8343]  ? process_scheduled_works+0x9ef/0x17b0
[  405.997281][ T8343]  ? _raw_spin_unlock_irq+0x23/0x50
[  406.002487][ T8343]  ? process_scheduled_works+0x9ef/0x17b0
[  406.008318][ T8343]  ? process_scheduled_works+0x9ef/0x17b0
[  406.014064][ T8343]  process_scheduled_works+0xae1/0x17b0
[  406.019637][ T8343]  ? __pfx_process_scheduled_works+0x10/0x10
[  406.025733][ T8343]  worker_thread+0x8a0/0xda0
[  406.030455][ T8343]  kthread+0x711/0x8a0
[  406.034567][ T8343]  ? __pfx_worker_thread+0x10/0x10
[  406.039707][ T8343]  ? __pfx_kthread+0x10/0x10
[  406.044409][ T8343]  ? _raw_spin_unlock_irq+0x23/0x50
[  406.049632][ T8343]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.054841][ T8343]  ? __pfx_kthread+0x10/0x10
[  406.059451][ T8343]  ret_from_fork+0x4bc/0x870
[  406.064151][ T8343]  ? __pfx_ret_from_fork+0x10/0x10
[  406.069289][ T8343]  ? __switch_to_asm+0x39/0x70
[  406.074063][ T8343]  ? __switch_to_asm+0x33/0x70
[  406.078861][ T8343]  ? __pfx_kthread+0x10/0x10
[  406.083474][ T8343]  ret_from_fork_asm+0x1a/0x30
[  406.088259][ T8343]  </TASK>
[  406.091289][ T8343] Modules linked in:
[  406.096313][ T8343] ---[ end trace 0000000000000000 ]---
[  406.104129][ T8343] RIP: 0010:hfs_write_inode+0x7c8/0x7d0
[  406.109590][T13757] loop1: detected capacity change from 0 to 32768
[  406.116287][ T8343] Code: c1 80 62 d1 99 80 e1 07 80 c1 03 38 c1 0f 8c 7d fe ff ff 48 c7 c7 80 62 d1 99 e8 c3 2d 87 ff e9 6c fe ff ff e8 09 ed 21 ff 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  406.116311][ T8343] RSP: 0018:ffffc90003adf160 EFLAGS: 00010293
[  406.116334][ T8343] RAX: ffffffff829e6947 RBX: ffff888031ed0e98 RCX: ffff88802e35dac0
[  406.116352][ T8343] RDX: 0000000000000000 RSI: ffffffff8e566900 RDI: 0000000000000000
[  406.136055][    C1] vkms_vblank_simulate: vblank timer overrun
[  406.144183][T13757] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2821 (13757)
[  406.164827][ T8343] RBP: ffffc90003adf2f0 R08: ffff88802e35dac0 R09: 0000000000000003
[  406.186268][ T8343] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000
[  406.191530][T13757] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  406.194266][ T8343] R13: 1ffff9200075be30 R14: ffff888031ed0e58 R15: 0000000000000000
[  406.194287][ T8343] FS:  0000000000000000(0000) GS:ffff888125b03000(0000) knlGS:0000000000000000
[  406.194306][ T8343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  406.194321][ T8343] CR2: 0000001b2fd20ff8 CR3: 00000000305f2000 CR4: 00000000003526f0
[  406.238620][ T8343] Kernel panic - not syncing: Fatal exception
[  406.245259][ T8343] Kernel Offset: disabled
[  406.249708][ T8343] Rebooting in 86400 seconds..