last executing test programs:

20.537696193s ago: executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/47, 0x2f}], 0x1}, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
poll(0x0, 0x0, 0x64)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r2, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
write$P9_RLERRORu(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
close(r2)
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
rt_sigreturn()
r3 = socket$inet_udp(0x2, 0x2, 0x0)
recvfrom$packet(r3, 0x0, 0x15, 0x0, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000080)={'sit0\x00', 0x0})

20.203936555s ago: executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000100)='./file0\x00', 0x203)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)

20.074635388s ago: executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = open(&(0x7f0000007fc0)='./bus\x00', 0x60142, 0x0)
r5 = open(&(0x7f0000000380)='./file1\x00', 0x42042, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES32], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x90)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00'}, 0x10)
openat$full(0xffffffffffffff9c, &(0x7f0000001780), 0x4a0800, 0x0)
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
r9 = bpf$ITER_CREATE(0x21, &(0x7f00000010c0)={r4}, 0x8)
r10 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600), 0x70}}, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa}, 0x48)
sendmmsg$unix(r3, &(0x7f00000003c0)=[{{&(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000540)="8326705d4dc215df0051d933fd48a0e9c1035681545705897a3748cb3da8f4ae7ef5cb0b9e5304", 0x27}], 0x1, &(0x7f0000000800)=ANY=[@ANYRESHEX, @ANYBLOB="eea4f7a7aef029d1b102c7e3e1c0059aef9f950df3", @ANYRES32=0x0, @ANYBLOB="000000001c0000000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB, @ANYRES16=r0, @ANYBLOB="000000001c00000000ff", @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0xee00, @ANYBLOB="000000001c00000000000000010000000200000075b1fc1d24635f84c1ddff0300002a00131309a8b391bca68a33a7c87e21f69f771bb2caf64998a7c63539b2fa8fea0a66a6d02ca3be2c1c8d46f4e97ed31331655f8ed356fd1a064fd57d82d15e089b80b7c5f4288af4407bd61f8b2061232cb31028709842c0ece04b41911347bb7fa7548212d5b86ec71a93e7f99f801c900cc7360f15dc6bd6a686b3cfc24266cedaafa718de2b37a2b937aef08ee113b7895ce9ed5f8243eb00a27233067676772ee06ee99af69c8d13713c234c2a07a1c63a804d4db9e265100e785568206d59a692ed96715dcbcd79684e40909dbe7754b1dcd2900998fce3e3a06da4c9eb3f7ed8a0c8e60df96cbacaa43e5926afa267e835a33567d3bec5a0a2d19f472c955204d12bce7e9e1d3886b7295b58d462633bd9105cd3ebc7c945bf24baae6494e394118182bee14f69d77a793aeb2318a552f9c9cd443e480067", @ANYRES32, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00'], 0xb8, 0x4090}}, {{0x0, 0x0, &(0x7f0000000c80)=[{0x0}, {&(0x7f0000000a40)}, {0x0}, {&(0x7f0000000b00)="6455089ab9075e64c4bedb2b941533bc71ec4be38eeb5e2e6c9ecdda0c6ed7bd4706c3fb85575d0034077bb770e214219d50542e7e671050c17a8022b175ce074558fe4e94f15f588cb4a56928bae16bd7f992b843c5011456ed86b60133edc2903c9f6bdf9a3620f7577841abe2e06fef85eb3ee0091a527f0977e3ba534f7fa31caf7465d30df85587b36f219c23d089bbff7e259bffa1157b2393f0a3cd0a5bd97fadc821f6596440b1cc9bfb", 0xae}], 0x4, &(0x7f0000000cc0)=ANY=[@ANYBLOB="28000000000000000100000001000000b5376e51ab324160b1445009bfc3f82936bb8364a6e2f1156c4edfa76c8fd8a62c975d37d61c58094e0f4f8a9c48d4e621360d15ca9ab3e8ffa4ab41ed51e8cda603426f09bdeed81216d158e19abc17785c", @ANYRESHEX=r4, @ANYRES32=r5, @ANYRES32, @ANYRES64=r7, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRESHEX=r6, @ANYBLOB="1c00000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRESHEX=r7, @ANYRES32=r10, @ANYRESHEX, @ANYBLOB="00000000280000000100cc8d26e9ce24e5c36be347000001000000", @ANYRESOCT=r1, @ANYRES32=r8, @ANYRES32, @ANYRES32=r0, @ANYRES32=r9, @ANYRES32=r10], 0xa8, 0x40040}}], 0x2, 0x4000)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x200, 0x54)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000040)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x11)
ioctl$sock_SIOCSIFBR(r8, 0x8941, &(0x7f0000000680)=@add_del={0x2, &(0x7f00000001c0)='syzkaller1\x00'})
ftruncate(r5, 0x2007ffb)
sendfile(r4, r5, 0x0, 0x1000000211005)

17.516710332s ago: executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0}, 0x90)
write$cgroup_devices(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c980128846360864666"], 0xffdd)

16.305601927s ago: executing program 2:
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

16.129992461s ago: executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
close(r2)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020004000200020000000064bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

14.888479192s ago: executing program 2:
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYRES16=0x0], 0x1, 0x54f6, &(0x7f0000005800)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Bb1V18wS7Fl4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJlnKltfQGm2sdvPB6bfmSeT3/yeUFqeSUgAp9Zi9stPlbgSFyJiPiIuRxT7lXIrrKZ4LiKuRsTcI1ulHP9j4GxEXIyIK5PiqWalfOiz6+Nrt3984+evvz135tLnX303u1kDs/Z8RPS30v5uP2XeSfmgHG+Mu0X2b43LTA/0H5bHecrd9kZRYbdxcF6jyJuddH6+tTOc5Gav0Zxkp7tZjG8N0gWH485BneIJDxrbxXGrvVFkd5gX2dlPfe3tp79t+8NRqtMq631YlI/R6CDTeHuvneaz9bDI5mBUjqe6eau9N8lxmeXlopn3WkUfG0d5pf/f3uwOdvaycXt72M0H2e1a/YVa/U61vp232qP2rWqj37pzK1vq9CanVUftRn+1k+edXrvWzPvL2VKn2azW69nS3fZGtzHI6vXazdqN6u3lcu969ur9d7NeK1ua5Mvdwc6o2xtmm/l2lp6xnK3Ubr64nF2rZ2+vrWfrb927t7b+zvt337v/0trrr5Qn/aWtbGnlxspKtX6julJfPrnzn/yv/0/z/7hseorzhyOpzLoBgJPH+h+YhZO+/g/r/6mw/j/d84cjsf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi1vl/44rViZzEdXyrHnyqHnimPKxExFxG//Y35OHuo5nxZZ+Efzl/4Uw/fVKKoMLnGuXK7GBGr5fbr04/7VQAAAIAn15cfXf00rdbTj8VZN8RxSjdt5i5/MKV6lYhYWPxhClWivNkUzx69q2Ty+30m9qZUrbiBdX5KxdIttzPTqvavzB+K849EJcXcsbYDAAAci8MrgeNdhQAAAHCcPpl1A8xG8U5r+Vn88gP851KUbwheOHQEAAAAnECVWTcAAAAAPHbF+t/3/wEAAMCTLX3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxPTupQFAfg00Lf4/0xEuPcrTiDZbgEhw4NC3ATLAG34AZYA85cggFDW6I1mJj0to3k+5L2chvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpediNX+8v3pom7PdtZPmbgAAAIBjNsVqXr6YVvN/9fWz+tJFPc8iIo+IY737KH41Mkd1TvHF+4tPNTxFlAn7z/hdH38j4ro+Xs+7/hYAAADgdK0Xy1nVrVen6dAF0adq0Sb/f5MoL4uIYvqSKC3fny4ThZW/73HcJUorF7AmicKqJbdxqrRvGTWGyYchq4a813IAAIBeNDuBfrsQAAAA+nQ7dAEMI4vDVuZhL7j85/37huCfxgwAAAD4gbKhCwAAAAA6V/b/nv8HAAAAp616/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2hSr+XqxnLXN2e7aSXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAn+3zlRYQR0A3BCGQGGCh12tp6coAihj4E5Ci9FoCV360GWhVIWVhQ5m7IBgRQgKFrf9D51bqUrYONxSJiQFkn528HpE4iGJfks9Hen5fW5bf9zlRlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa5J3dOCs2vWmcVsfuPb61VvT3Z/rCna0Hy0Ur4qTJpA+Hl+OdpN9eIgAAABwfWV3fhxAe5tsrRZ/2yvo/r88pav7vnp3GdT0/W/fXfV37F+3XXx69uDNQbzpOcdHL6+PRmX+m0jm4WS625/71jE5558tnL1n5A0nf33xhkpf3M/nm7t13u2V4oolsAYD/43TdV0H9/1DRD9tMDIBjoxMV3nX9n/XazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCd3N8HQdJyGE5c5uXLj/+NZa2c/s39l6sFy3C7dvb8XXLC6RhxAur49HZ5qayCFw/cbNT1bH49G15oNXQgjtjV4FH85xTghtZijYb5BWv+uLks/hCFr+wwQAwJGTV62o6x/m2yvFsWQphL++f7L+fz2KQ1z/z/Rx/f/oowv34rHi+n/Y2AwX32Dj6ueD6zduvrl+dfXK6Mro07fODt8enrt4/vzFQfmsZOCJCQAAAPvTrVpc/6dLIUxm1v9PRXGYs/7/4tvhV/FYmfp/T7uLfm1nAgAAcLw9/+ofvyd7HE+63fDl6sbGteF0u7N/drptIdX/7ETV4vo/W2o7KwAAAKAJk83kifX/S1Ec5lz/f+aHl36Kr5mFEE5W6/+n1z4bX2puOi35c66zmvg48YFPFQAAgIV2smrx+n9evv+f7rzykIYQ3nhtGldfAzhX/Z+99/WP8Vjx+//nmpviQkr70/tR9v0QOv22MwIAAOAoe6pqRbH/W7698vHPpz7oev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGl/BwAA//+S5D5T")
ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x161040, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x4}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r3}, &(0x7f0000000800), &(0x7f0000000840)=r4}, 0x20)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

11.646138258s ago: executing program 2:
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa00010, &(0x7f0000001040)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d312c6e6f7374726963742c6c617374626c6f636b3d30303030303030303030303030303030303534362c6769643d666f726765742c6c6f6e6761642c6c6f6e6761642c756e64656c6574652c6d6f64653d30303030303030303030303030303030303030303030352c66696c657365743d30303030303030303030303030303030303030352c00dec7384d8361a83b0c62d0234b0736200709c52d3e3f9a6b8c5dc6bb7c76b4915fba54683d202192d9190f2b60a16fc088c41f1a3eb4a78b4ac61f8bee04ae1cf7901c792b3a8eff396e2065bc6c5f90f860a13e0bd7a8f1ff"], 0x1, 0xc43, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==")
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r1, 0x2007ffb)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x89e1, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

7.893381957s ago: executing program 4:
open(0x0, 0x14927e, 0x0)
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x80287010, 0x0)
r0 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0)
r1 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r1, 0x5)
setsockopt(r2, 0x800000000010d, 0x8000000011, &(0x7f00001c9fff), 0xc5)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10)
sendmmsg(r2, &(0x7f0000002980), 0x400000000000239, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7.865394088s ago: executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0xffff, 0x2000)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, &(0x7f0000000240)={0x0, 0x3, 0xe51, 0x80, 0x43f, 0x8000000000000000, 0x5, 0x5, 0x800, 0x6, 0x0, 0x4})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000000)={0x84, @remote, 0x0, 0x0, 'sh\x00', 0x0, 0x0, 0x55}, 0x2c)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000042c0)=ANY=[@ANYBLOB='dmask=00000000000000000000007,umask=00000000000000000000005,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c757466382c696f636861727365743d69736f383835392d352c6572726f72733d636f6e74696e75652c616c6c6f775f7574696d653d30303030303030303030303030303030303030303130302c757466382cf6d4848adb10b52edd2900146572726f72733d1bd7bda99947863a726f2c6572726f72733d636f6e74696e75652c00"], 0x1, 0x1524, &(0x7f0000002280)="$eJzs3AuYTlXbOPD7XmvtMSbpaZLDsNa6N09yWCZJckiSQ5IkSZJTQtIkryQkhpyShiQkhyE5DCE5TEwa5/P5kJAkTZKE5JSs/yX8vb31fu/7fm/f67u+uX/XtS/rfva+1773cz+HvbeZ+a7zkBqNalZtQETwb8GL/yQDQCwADACA6wAgAICy8WXjL6zPKTH539sJ+3M9kna1K2BXE/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9z964/4xlZ5umFbiel+y78P3/7Iy///8PySo15qs1pW7sAhDzz6Zw/7M37v//WcE/sxH3P3vj/mdXsVe7APa/AL//s4Mcf3cN9z974/4zlp1d7fvPV3uBSPZ+Dq72648xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZw2l+hAODy+GrXxRhjjDHGGGOMsT+Pz3G1K2CMMcYYY4wxxtj/PAQBEhQEEAM5IBZyQhwIALgWcsN1EIHrIR5ugDxwI+SFfJAfCkACFIRCoMGABYIQCkMRiMJNUBRuhmJQHEpASXBQChLhFigNt0IZuA3Kwu1QDu6A8lABKkIluBMqw11QBe6GqnAPVIPqUANqwr1QC+6D2nA/1IEHoC48CPXgIagPD0MDeAQawqPQCB6DxvA4NIGm0AyaQ4v/Vv5L0B1ehh7QE5KhF/SGV6AP9IV+0B8GwKswEF6DQfA6pMBgGAJvwFB4E4bBWzAcRsBIeBtGwTswGsbAWBgHqTAeJsC7MBHeg0kwGabAVEiDaTAd3ocZMBNmwQcwGz6EOTAX5sF8SIePYAEshAz4GBbBJ5AJi2EJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbAp7ATPoNdsBv2wOewF774F/NP/U1+FwQEFChQocIYjMFYjMU4jMNcmAtzY26MYATjMR7zYB7Mi3kxP+bHBEzAQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOkzERCyNt2IZLINlsSyWw3JYHitgBayElbAyVsYqWAWrYlWshtWwBtbAe/Fe7IW1sTbWwTpYF+tevj2FDbABNsSG2AgbYWNsjE2wCTbDZtgCW2BLbImtsBW2wTbYFttiO2yHSZiE7bE9dsAO2BE7YifshJ2xM3bBrtg166UcgC/jy9gTq4le2Bt7Yx9MydEP+2N/fBUH4mv4Gr6OKTgYh+Ab+Aa+icPwJA7HETgSR2Jl8Q6OxjFIYhymYipOwAk4ESfiJJyMk3EqpuE0nI7TcQbOxJn4Ac7GD/FDnItzcT6mYzouwIWYgRm4CE9hJi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+iAsDPcDfuxhTci3txH+7D/bgfD+ABzMIsPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hCwjcNPy2+OgXEBUooESNiRKyIFXEiTuQSuURukVtERETEi3iRR+QReUVekV/kFwkiQRQShYQRRpAIYwBAREVUFBVFRTFRTJQQJYQTTiSKRFFalBZlRBlRVtwuyok7RHlRQbR2lUQlUVm0cVXE3aKqqCqqieqihqgpaopaopaoLWqLOqKOqCvqinriIVFf9MJ++Ii40JlGYjA2FkOwiWgq5KVPsJZiGLYSrUUb8ZQYgcOxnWjpksSzor0YjR3EX8QYfF50EuOws3hRdBFdRTfxkuguWrkeoqeYhL1EbzEV+4i+op/oL2ZgdfEBzs5ZQ7wuUsRgMUS8Iebjm2KYeEsMFyPESPG2GCXeEaPFGDFWjBOpYryYIN4VE8V7YpKYLKaIqSJNTBPTxftihpgpZokPxGzxoZgj5op5Yr5IFx+JBWKhyBAfi0XiE5EpFoslYqlYJpaLFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix3iU7FTfCZ2id1ij/hc7BVfiH3iS7FffCUOiK9FlvhGHBTfikPiO3FYfC+OiB/EUXFMHBc/ihPiJ3FSnBKnxRlxVvwszolfxHnhBUiUQkqpZCBjZA4ZK3PKOHmNzCWDS8/u9TJe3iDzyBtlXplP5pcFZIIsKAtJLY20kmQoC8siMipvkkXlzbKYLC5LyJLSyVIyUd4iS8tbZRl5mywrb5fl5B2yvKwgK8pK8k5ZWd4lIXJxH9VkdVlD1pT3ymS4T9aW98s68gFZVz4o68mHZH35sGwgH5EN5aOykXxMNpaPyyayqWwmm8sW8gnZUj4pW8nWso18SraVT8t28hmZJJ+V7aW/9BJ5XnaSL8jO8kXZRXaV3eQv8rz0sofsKaEXyN7yFdlH9pX9ZH85QL4qB8rX5CD5ukyRg+UQ+YYcKt+Uw+RbcrgcIUfKt+Uo+Y4cLcfIsXKcTJXj5QT5rpwo35OT5GQ5RU6VaXKa7HdppllS/sP8d/8gf9Cve98oN8nNcovcKrfJ7XKH/FTulDvlLrlL7pF75F65V+6T++R+uV8ekAdklsySB+VBeUgekoflYXlEHpFH5TF5Rv4oT8if5El5Sp6SZ+RZeVaeu/QcgEIllFRKBSpG5VCxKqeKU9eoXOpalVtdpyLqehWvblB51I0qr8qn8qsCKkEVVIWUVkZZRSpUhVURFVU34aUXjCqhSiqnSqlEdcu/kq+KqptVMVX8N/mX60v+O/W1UC1US9VStVKtVBvVRrVVbVU71U4lqSTVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVTXVT3VV31UP1UMkqWfVWr6g+qq/qp/qrAepVNVANVIPUIJWiUtQQNUQNVUPVMDVMDVfD1Ug1Uo1So9RoNVqNVWNVqkpVE9QENVFNVJPUJDVFTVFpKk1NV9PVDDVDzVKz1Gw1W81Rc9Q8NU+lq3S1QC1QGSpDLVKLVKZarBarpWqpWq6Wq5VqpVqtVqu1aq1ar9arTLVJbVJb1Ba1TW1TO9QOtVPtVLvULrVH7VF71V61T+1T+9V+dUAdUFkqSx1UB9UhdUgdVofVEXVEHVVH1XF1XJ1QJ9RJdVKdVqfVWXVWnVPn1Hl1/sJpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4MYgb5AvyB8UCBKCgkGhQAcmsIG41PRocFNQNLg5KBYUD0oEJQMXlAoSg1uC0sGtQZngtqBscHtQLrgjKB9UCCoGlYI7g8rBXUGV4O6ganBPUC2oHtQIagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxsHjQZOgadAsaB60+FPn9/5kviddD91TJ+teurd+RffRfXU/3V8P0K/qgfo1PUi/rlP0YD1Ev6GH6jf1MP2WHq5H6JH6bT1Kv6NH6zF6rB6nU/V4PUG/qyfq9/QkPVlP0VN1mp6mp+v39Qw9U8/SH+jZ+kM9R8/V8/R8na4/0gv0Qp2hP9aL9Cc6Uy/WS/RSvUwv1yv0Sr1Kr9Zr9Fq9Tq/XG/RGvUlv1lv0Vr1Nb9c79Kd6p/5M79K79R79ud6rv9D79Jd6v/5KH9Bf6yz9jT6ov9WH9Hf6sP5eH9E/6KP6mD6uf9Qn9E/6pD6lT+sz+qz+WZ/Tv+jz2l84ub/w9W6UUSbGxJhYE2viTJzJZXKZ3Ca3iZiIiTfxJo/JY/KavCa/yW8STIIpZAqZC8iQKWwKm6iJmqKmqClmipkSpoRxxplEk2hKm9KmjCljypqyppwpZ8qb8qaiqWjuNHeau8xd5m5zt7nH3GOqm+qmpqlpaplaprapbeqYOqauqWvqmXqmvqlvGpgGpqFpaBqZRqaxaWyamCammWlmWpgWpqVpaVqZVqaNaWPamramnWlnkkySaW/amw6mg+loOppOppPpbDqbLqaL6Wa6me6mu+lhephkk2x6m96mj+lj+pl+ZoAZYAaagWaQGWRSTIoZYoaYoWaoGWaGmeFmhBl54UTVvGNGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbBWaByTAZZpFZZDJNpllilphlZplZYVaYVWaVWWPWmHWwzmwwG8wms8lsMVvMNrPN7DA7zE6z0+wyu8wes8fsNXvNPrPP7Df7zQFzwGSZLHPQHDSHzCFz2Bw2R8wRc9QcNcfNcXPCnDAnzUlz2pw2Z02+S9+X3sTanDbOXmNz2Wttbnud/ds4vy1gE2xBW8hqm9fm+01srLXFbHFbwpa0zpayifaW38XlbQVb0Vayd9rK9i5b5XdxLXufrW3vt3XsA7amvfc3cV37oK1nH7P1EQFsU9vQNreN7GO2sX3cNrFNbTPb3La1T9t29hmbZJ+17e1zv4sX2IV2lV1t19i1dpfdbU/bM/aQ/c6etT/bHranHWBftQPta3aQfd2m2MG/i0fat+0o+44dbcfYsXbc7+IpdqpNs9PsdPu+nWFn/i5Otx/Z2TbDzrFz7Tw7/9f4Qk0Z9mO7yH5iM20AS+xSu8wutyvsyv9f61K73m6wG+1O+5ndYrfabXa73XH5RNjutnvs53av/cIetN/a/fYre8Aetln2m1/jC8d32H5vj9gf7FF7zB63P9oT9id1OfvCsf9of7HnrbdASECSFAUUQzkolnJSHF1Duehayk3XUYSup3i6gfLQjZSX8lF+KkAJVJAKkSZDlohCKkxFKEo30eXySlBJclSKEukWKk23Uhm6jcrS7VSO7qDyVIEqUiW6kyrTXVSF7qaqdA9Vo+pUg2rSvVSL7qPadD/VoQeoLj1I9eghqk8PUwN6hBrSo9SIHqPG9Dg1oabUjJpTC3qCWtKT1IpaUxt6itrS09SOnqEkepba03PUgf5CHel56kQvUGd6kbpQV+pGL1F3epl6UE9Kpl7Um16hPtSX+lF/GkCv0kB6jQbR65RCg2kIvUFD6U0aRm/RcBpBI+ltGkXv0GgaQ2NpHKXSeJpA79JEeo8m0WSaQlMpjabRdHqfZtBMmkUf0Gz6kObQXJpH8ymdPqIFtJAy6GNaRJ9QJi2mJbSUltFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20XbaQZ/STvqMdtFu2kOf0176gvbRl7SfvqID9DVl0Td0kL6lQ/QdHabvfU/6gY7SMTpOP9IJ+olO0ik6TWfoLP1M5+gXOk+eIMRQhDJUYRDGhDnC2DBnGBdeE+YKrw1zh9eFkfD6MD68IcwT3hjmDfOF+cMCYUJYMCwU6tCENqQwDAuHRcJoeFNYNLw5LBYWD0uEJUMXlgoTw1vC0uGtYZnwtrBseHtYLrwjLB9WCB97oFJ4Z1g5vCusEt4dVg3vCauF1cMaYc3w3rBWeF9YO7w/rBM+EJYJHwzrhQ+F9cOHwwbhI2HD8NGwUfhY2Dh8PGwSNg2bhc3DFuETYcvwybBV2DpsEz4Vtg2fDtuFz4RJ4bNh+/C5X9c/uPDvr08Oe4W9w1fCV0Lv75fzovOj6dGPoguiC6MZ0Y+ji6KfRDOji6NLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohuj3tfMAQ6dcNIpF7gYl8PFupwuzl3jcrlrXW53nYu46128u8HlcTe6vC6fy+8KuARX0BVy2hlnHbnQFXZFXNTd5Iq6m10xV9yVcCWdc6VcomvuWrgWrqV70rVyrV0b95R7yj3tnnbPuGfcs669e851cH9xHd3zrpN7wb3gXnRdXFfXzb3kurvxuS++J5Ndb9fb9XF9XD/Xzw1wA9xAN9ANcoNciktxQ9wQN9QNdcPcMDfcDXcj3Ug3yo1yo91oN9aNdaku1U1wE9xEN9FNcpPcFDfFpbk0N91NdzPcDFd55sW9zHFz3Dw3z6W7dLfAXThnzHCL3CKX6TLdErfELXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtdDvdLn/dxUndXrfP7XP73X53wH3tstw37qD71h1y37nD7nt3xP3gjrpj7rj70Z1wP7mT7pQ77c64s+5nd8794s4771Ij4yMTIu9GJkbei0yKTI5MiUyNpEWmRaZH3o/MiMyMzIp8EJkd+TAyJzI3Mi8yP5Ie+SiyILIwkhH5OLIo8kkkM7I4siSyNLIssjzifcEtoS/si/iov8kX9Tf7Yr64L+FLeudL+UR/iy/tb/Vl/G2+rL/dl/N3+PK+gq/oH/dNfFPfzDf3LfwTvqV/0rfyrX0b/5Rv65/27fwzPsk/69v753wH/xff0T/vO/kXfGf/ou/iu/pu/iXf3b/se/iePtn38r39K76P7+v7+f5+gH/VD/Sv+UH+dZ/iB/sh/g0/1L/ph/m3/HA/wo+MeduPunyJDON8qh/vJ/h3/UT/np/kJ/spfqpP89P8dP++n+Fn+ln+Az/bf+jn+Ll+np/v0/1HfoFf6DP8x36R/8Rn+sWXbyr7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r3+a3+x3+U7/Tf+Z3+d1+j//c7/Vf+H3+S7/ff+UP+K99lv/GH/Tf+kP+O3/Yf++P+B/8UX/MH/c/+hP+J3/Sn/Kn/Rl/1v/sz/lf/Hn+nTXGGGOMsX/K+CtD8ds1F2/n9/qDHPFXG/cGgGu3Fsj66/UXzijX5b047isS2kYA4NmenR+5vFSrlpycfGnbTAlBkbkAl/8n6IIYuBIvhjbwNCRBayj9h/X3FV3P0j+YP3o7QNxf5cTClfjK/F8CYPIfzP/EUyMXlAtPx/8X888FKFbkSk5OuBIvhja/3l9pDWX+Tv35Wv6D+nN+lQrQ6q9ycsGV+Er9ifAkPAdJv9mSMcYYY4wxxhi7qK+o2PHy9efln/j8o+vzBHUlJwdcif/R9TljjDHGGGOMMcauvue7dnvmiaSk1h3/9UGV/1bWPz1oDP9TM/PgDwfeA1x+RAHAvzkhwIWB/E8exeb/yL5SLr11/nbVsjM+gP8drfwzBlf5g4kxxhhjjDH2p7ty0v/bx9XVKogxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuG/hN/TuxqHyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2/AAAA//9IVQM5")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r8, 0x5460, &(0x7f00000001c0))

6.826431358s ago: executing program 3:
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000280)={[{@nossd_spread}, {@compress_force_algo={'compress-force', 0x3d, 'no'}}, {@compress_force}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@flushoncommit}, {@autodefrag}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000380), 0x208e24b)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000640)={<r2=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000740)={0x16, 0x98, 0xfa00, {0x0, 0x0, r2, 0x10, 0x0, @ib={0x1b, 0x0, 0x0, {"253d8b919dd7c83639e2c81d330884d1"}, 0x65c8, 0x0, 0x1f}}}, 0xa0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x13, r0, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, 0x0)

6.785135215s ago: executing program 1:
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
syz_open_dev$usbfs(0x0, 0x0, 0x41)
socket$inet(0x2, 0x0, 0x6)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, 0x0, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x8004550f, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f0000000400)={0x0, 0x0, 0x7})
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f0000003a00)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x10008094)
accept(0xffffffffffffffff, 0x0, &(0x7f0000000100))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00'})

6.744764657s ago: executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioperm(0x0, 0x4, 0x7)
r1 = dup(0xffffffffffffffff)
fanotify_mark(0xffffffffffffffff, 0x69c, 0x0, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
futex(&(0x7f000000cffc)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
chown(0x0, 0xee01, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r4 = openat(r1, &(0x7f0000000ac0)='./file1\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext2\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000b00)={[], [{@hash}, {@subj_user}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@smackfshat={'smackfshat', 0x3d, '\\%'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}, {@audit}]}, 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r6 = creat(&(0x7f0000002440)='./file0\x00', 0x0)
write$cgroup_type(r6, &(0x7f0000000240), 0xfb3f)
fallocate(r5, 0x8, 0x0, 0x8000)
pwritev(r5, &(0x7f0000000040)=[{&(0x7f0000000180)}], 0x1, 0x0, 0x0)
write$binfmt_elf64(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c460000000000000000000000000040000000000000000000000000000000000000000019380001000000000000000300000000000000000000000000000000000000000000000000008e212877800022000000000000000000000000001b3351061616a8376dc900000000000000000000000000000aa8cbd8626e4b79ce321d357bc2e2fe443ac8cb0d723ece810be3ac73e5ee7e3682a212a1c6d05ea73cc224bdae78f718464303cfc8b8ec2e2ca0d9282a6a3ffac432fa7801fdec1b5c787bfcabb763955620bb88561b780bd64916e0ccf98fbf6b18075d1c1874c99e38cd539ac4c4e0f32d39934f6febd5ab14681fec"], 0x78)
inotify_init1(0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000340)={[{@grpquota}, {@oldalloc}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@orlov}, {@orlov}, {@usrquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x40d2}}]}, 0x0, 0x5de, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcS18x2pnTb2ZYubadhPp9k6Zv3dnhvuv32vX19bzaAyhpM/6lF7I2I6SSiP5lfLOuMrHBw4Xn3/v3sdPpIol5/6+8kkiwvf36Sfe3LTu6JiF9/SWJPx8p6Z+aunB+fmpq8nB0Pz16YHp6Zu3Lw3IXxs5NnJy+OvjJ67OiRo8dGDrV1XVcL8k5e//Dj/i/G3v3hu/vJyI9/jCVxPF7Pnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXriohnoj864sGL1x+fv1Fq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4tiv+kEf8D0RMDjfivNcV/Oi44lX1N899ss/7lU8XiH7bOQvz3rBr/0SL+31sS/++3Wf/gg+QHvU3x39vuJQEAAAAAAEBl3TwRES8X/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXitc/1vLV/8OdGSpJxrrAbqSM+emJg9FxJMRcSC6dqTHI6vUcfDLPd+2KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/qjXDUTcvRbxXOH632Sx/08K+v/098H0Q9ax58Ubp1qVrR3/wGapfx+xv7D/f3DXimT1+3MMN8YDw/moYKXnP/3qp1b1txv/bjEBjy7t/3euHv8DydL79cysv47Dc531VmXtjv+7k7cbt5zpzvI+GZ+dvTwS0Z2c7Ehzm/JH199meBzl8ZDHSxr/B15Yff6vaPzfGxHzy/7v5J/mPcW5p//r+7NVe4z/oTxp/E+sq/9ff2L0xsDPrep/uP7/SKOvP5DlmP+DBd/kYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4HNQiYlcktaHFdK02NBTRFxFPxc7a1KWZ2ZfOXPro4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxdUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dZTdOmDTdZbdAKA0BfH/WxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwWNm97+bvSUTMv9rbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffoRTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4p3t0YytTNTr9avpT8F2ac+2Tdyv1+trPzlfCr892rwike/1e7izyvudBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPs/AAD//0f2Jwc=")
quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xee01, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5})
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000009f2e000000052300000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294634073ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000008010000030a41030000000000000000050000000900010073797a30000000000800054000000000040008800900030073797a32000000000b00070066696c7465720000c400048008000240000000000800014000000004080002401367d26d140003006261746164765f736c6176655f300000080001"], 0x22c}}, 0x0)

6.369429728s ago: executing program 2:
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x8002, &(0x7f0000000180)={[{@uid_forget}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@gid_forget}, {@longad}, {@mode={'mode', 0x3d, 0x9f87}}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@volume={'volume', 0x3d, 0x7}}, {@gid_forget}]}, 0x1, 0xc3f, &(0x7f0000000f00)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUrrjWOL67jrHXQ1HEX+Ux/99+2E3BgAAAAAAAAAAAAAAAAAA4BOtiPcixYvvHk3r0T+neLtzuX6heXGhOytsb+7f3oj87e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW3hkF4q4j8K17kIt9rQZIxF7u8G9W6h1F/L9Kh56e+6w0DgYzdhZiOref9t7Nh8b5fP//Ujxm+/+R++B33v+/1z30/UnfPz0j3ee/y/evKF9ev4/0bfuxfy7kcFaxPDqlaXBIxHDK2+8eax9pXm5dbnVOXX8+JfHx7988vjgoYjhS+2FVt/Srg8VAAAAAAAAAAAAAAAAwIOVivjtSNH80VaqR8S1arzW6JnxZ449PRAD1XirG8ZtvTZ94Wz95cUrS8utlZXWfH2m055bnG/d6+6Gq+FeMxOT+9KZuxrZ5/aPDL+8uPTGcvvy76/e9vvHhs9eXFldbs7d/usYiSKi0b9mrGrwzMRk1eiFdrNTVZ3ao4GZg6mI/4wUc6fq6fN5XR7/V8Z7g31l+8f/r/Wtr5b3afzfp27aT0pF/DRS/MafPxmfr9r5WNxyzHK5v44UY6c/l8vFobJcrw3d9wp0RwaWZf83Uvz9z24s2+v7Eztln7+/o3vwlef/cKT4wZ9+L341r7vx/Q874z/7z/9jN29on87/Z/rWPXbD+wp23XXy+T8WKV564u34tbzuw97/UcT29va3Io7mwtffz7FP5/+zfetGo7vfX9+77gMAAAAAAAAAADyyBlMRfxMpnp6spRfyunv5+3/zN29on/7+1y/2rZt/QPMV7fqgAgAAAMABMZiKeC9SXF59+/oY6r7x3zeO//ytnbnXJ9JN31Z/zvcL1XsD9vLP//qN5v3O7r7bAAAAAAAAAAAAAAAAAAAAcKCkVMQLeT712bvMp74RKV7572dzuXSkLNebB360+nX4/GLn2NmFhcW55mrz4kKrPr3UnGuVdT8TKbb+6nO5blHNr96bb747x/vwdm8u9uVIMfm3vbLdudh7c5N35wPvzsVelv1UpPivv7uxbG8e68/ulD1Rlv3LSPH1f7p92SM7ZU+WZb8XKX749Xqv7GNl2d77UbvvJB2uxULrubnFhVtehZpijybnBwAAAAAAAAAAAAAAAAAA4BNjMBXxJ5Hif66sx1oe9p/n/+/NwF/rlX3rm3HHke3Xqnn+R6v5/++0/FHm/x/ds54CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCjI0URb0aKpfNbaWOo/Nw1fK7duXptZmLy9tVGUlVzoCpf/gw/f+LkqS+9MH66lx9ef689Fa9NXzhbf3nxytJya2WlNV+f6bTnFudb97yF3dbfOXRdY9UBqF95/er8pUsr9RPPnbzh62ujHww9fmT0zPgzx57ulZ2ZmJyc7itTG7yPvd9X43YciiL+IlI8+/0fp38eiihi98fiLtfOfhupOjFWdWJmYrLqyEK72Vktv5zqHYgiot5XqdE7Rg/gXOxKI2KtbH7Z4LGye9NLzeXmxYVWfaq5vNpebS92plK3tWV/6lHE6RSxHhGbQ7dubjCKeD1SfPfwVvqXoYiB3nH44vnprx4/ced2FPvYx3tQtrM+GLFePALn7AAbiiL+IVL85J2j8a9DEbXo/sQXIl7tL/hSRCovjFMR79/mOuLRVIsi/q88/2e20jtD5f2gd18597X6VzqXFvvK9u4rB+n5sH3/1+LIHuz23h3we9NwFPHD6o6/lf7Nf9cAAAAAAAAAAAAAAAAAB0gRvxwpXnz3aKrGB18fU9zuXK5faF5c6A7r6439q0f8YZnb29vb9dTNRs7ZnGs513Nu5NzMGUWun7ORczbnWs71nBs5N3PGQK6fs5FzNudazvWcGzk3c0atiu3t7W9169dy/ZxrOddrEUVZP3/ezBkHZOweAAAAAAAAAAAAAAAAAADw8VJU/6T4zje2UjWXaiNiNrq5YT7Qj73/DwAA//92Hv4D")
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)

5.773701543s ago: executing program 4:
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305828, 0x0)
syz_mount_image$bcachefs(&(0x7f0000005d80), &(0x7f0000005dc0)='./file2\x00', 0x18, &(0x7f00000005c0)=ANY=[@ANYRES64=0x0, @ANYRES64, @ANYRESOCT=0x0, @ANYRESDEC, @ANYRES16, @ANYRESDEC=0x0, @ANYRESHEX, @ANYRES32, @ANYBLOB="e66b77c3a32196"], 0xfd, 0x5d7e, &(0x7f000000bd00)="$eJzs3X2QHOWZGPDumZF2pZVgpZPNCgmxGNmOuGALFIjxncPGOTu2g40sLMDiOEmGxdZZSLI+EB+X8JXDBDspVUEdHMQpDlzOVeoqwaVLiO9IlYwxvvJVUWDHf/jIJxU7f8RHVGeJc4TLm9rd7t2Z3n6mZ2dmBfh+vyrtzNv7zPO+T8873f2OdmcTAAAA/kZ4/ncPvPaJsz/03XvGT975kT+5+e5kqD61fTAPGM5ub32jRshC2vC911ue2YHGyNRtcV6c9aerXhu+94qPP3DZh7+3489WjK1bP37p149eed+9z37g588+/OgVVf3k8+mC2Xb6l2mSrPvR0Yfv+/afnzW5LZ3sPx2+K1mxIl35zRVpIcXGU0mS3DgzztZvHj256abJ27u/NNCy/cxCEvP9b7bBbJ7dsf0zTxz7/Ni3j47u2/STE5fsvWs2JB1smk9JcsaO5scvSpJkSfZvUj7bRvIHZ7ebkyRZ2vS491WM6/wOx39h0F6b3S7Obocq8uTfP6/QbnQ4jkbhdqDDx3WrtsD5i4r7r3gwWih5nWdkt09ntxfMM089/5cmtTRpzAx/dzo7R5Km5y1N0qm5PTjTrk21k5l2UmynhXat0K4vKtQ11W+2Y+tp2ro9jytszw/HjWz7ec3H6hJbgu2rs9vB7IX6s7ydFO9MG5pzZ7aOpGlcx0/XxAjUgtdevn1meNmTMZRtG0pXznnMRIn8e8e/s3Pbqz+8/enhYBzpU2mWP+0q/9j4Y8e+du0zq0ei/DtqWf5aV/mfr79w6qsnRpaF+Y/k+etd5d/6ix/ff89Vh1eF++d4vn8aXeVf/+Vld5w8vGVgNMr/eJ5/sKv8l16/7rJzThy6JRz/xnz/LOkq/w8e3PD69Ue+8UyYP8nzL+0q/8uPPbm2vvqhl8L8x/L9M9RV/qs3PXL5x9bc+2i4/1/M8y/vKv+2l+7bse+J5zaE83Nzvn+Gu8p/6vLvv/L68BVPRsfO9PHTfYYF+OXyK9k11v1Zu9t1Zq+a1guPjDamr/mWZf+W97OjgrRp7QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3Xro8n//heb2O//PLVtf+g/rdjWy9kAjSdIkSV6tT7fz7YuTJF2SJMmBgzv3H9y157Ojv7330P49O3eP7jw4Or7n4P7bRv/O3x7dP75v987bJr+78cJN049bOZUtSVam58wZy8TExESSJKPN2/L+/uCjT/2/rY/+1aeTZOPbvr+uEdbz3v/yyodWlXwtSMcmNv/LSx68ffH/OnN6w3A2ruFoXMOt2/IRDI29+BcffPqHk+N6e7txPfzCNf+3ZUBTG2bzZGoDSW3qzkC6tHQcM6OeHc/U/mrctGv3+Mbq/ZsG+/fdz/3xiX9369Z/Pr1/B8M6Oty/k3u1MfHAT+95910fHH//m/h5r9rfTSVMjS/ff4PZ/j4jq+uMoK5aUNctoy8f/xf/9j999a5kY+On587tu6quRdkEWJSu7qjfvIel6YqW2MEsPn/G88e99+DN+9574LbbL9x1887Pjn92fM+mTZdcdtGmiy6+bNN7p0qf/tq3+vP+391h/cuyTMvSNaX7rbg17/fcqa/1JBt2ftN0p9WiZGj6trCf8/Bi1UPZ94bSlXNyTZTIv3f8Ozu3vfrD25+OXnnpU9M9LkmWT9+ma4PI3YUH1mcGXNb/6Xld7v29wd35185el1XjqppXk+OqnlfNI2pzHHvh/Pt/+sQXf/+6Do4XTaFT48vHuXTy5XJR0vS6nbuvyurq4PkZK9sPN1y4/49v27XtSNXxvPmZaf5akI5N/I+16ccPHfiL/dMbTsv5snlAXZ4vZ0Y9O56p/TWYPR9v1v07kNSzuoZKx7UlfeID7775mV+dGd/ixcmtOw8e3H/R9Ne3aF1pkty1atfda86ZU9fF01+rjvvnFtqVx/1aeX1Vx/1iP7Px5flGC+2hpN7VeWLrL358/z1XHV4VnieOd3qe+J2WVr3H80QteL0/8FdfGX3tuk+9VjWfrjyw5s5VJV+L5Y1NfOOPfu2i919z1YenN5yW49CVB9Z88/VsQF0eh2ZGnY0n319Tx6GLT18dMzs2qOONe55bXojp2MS5X3/X1a+f/MInpzdU7d+Z6LL9u6n6OF8P6rpu0TtWPPiTNe/o3/w9sP2vz3/P0mWnef5WPe+D2f4dDPbvzKiz8dSb9+97bti7+8bp9pv3um3aQMX6Jz/vHLjt9s/v3L17fP+Bzurq9Hya91Pcy92eT/Ozx8qKuvLna7auhbvTyf7q9PWWj//GQo5uX28AudnzwuKW7cXjZ/6+37ozkq3v+eK3XkhHp8+X/Xq/Ne/n7MKJudv3W6vWSe8otFvXSY2kqe5pc9dJUw+pWicV+6laJ51faFevY+4vrSR6/hZlZ96y900L421MZojmx0iWfyRr59eb696TXFJ/+p0fTcc6mx+dXk/n/fytwg7q9nq6an6sT8rH1e/58a7Cg6qf7yOlIxsMno+q53t9S6KJiV7X5cPBqPN1+VCSdpV/bPyxY1+79pnVYf4dtSx/rav8z9dfOPXVEyPLwvxH8vyNrvKv//KyO04e3jIQ5n883z+DXeW/9Pp1l51z4tAtYf6N+fiXdJX/Bw9ueP36I994Jsyf5PmHusp/9aZHLv/YmnsfDfO/mGb9TL52k+ToyU03TbfTZFE2//NxLGoZV1Jsp4V2rdCuN7dr0//XO9NBPU1bt+dxhe15HY1s+3lNYyyzNdiev2oHsxf2z/J2UrzTfnt+eMrHdTw4/5wutaZrj7LtVe9P9surPxr5g+Z2/v//+RwYaEw/dxcX9lfV+aN49M7zhe/DBm9hVF0vzP3/t6Vdvf5efuzJtfXVD70Uvq96rNP3Vfe1tJZWvK/a63jD48Wx/Hja2/FoJMr/Yp6/t/NBmD87H1TNs3cW2pXzbFF5f1XzrHidMpQs76rubS/dt2PfE89tCOfZ5ukXfNU8+/2Bh1rayyvnWW//Lx3Os6fSvuyPMP/m/lzXhPMsu66pmmcXFNq9z7PW69GPZ7e3FuKHsneI51v3qcu//8rrw1c8Gc6zxzubZ0nyhy2t4cp51tv1bfg8zVzfLvT1+Vv7+vMNuz7M/jt3oa4PtwTb53t9ODTnzmwdyVvx+jA4zgBAO9994Lb/3dzO1//5uTtf/3+r8Lhe15XFn4fK9WtdGeZ/vD/rlfA6dWa9stDrrYW+zl7Y9Zbr+CD/zPvIC/2+0MKuK61DsnZSvDPNOgQAgDfCef/6K7/R3M7X/zM/95b9/v9zebvweOvcIP9pW+cu9Psk1tGl+fv08xXV74Mt9PtU3gfwPkA17wMAAPxy2H7T/vHxA/t23jC+fdeeXQdnti+aWjnN/TnVv5vdbi7kqfr56bL4pW3iPxnmbx3P+4L4SGPqZ16T5DM3fO7i7TeO3zLf+qP+quovi29Xf3F9EdV/WRAf6bX+qL+q+svi29V/VZi/dTzvD+IjvdYf9VdVf1l8u/o/FeZvHc+vBfGRXuuP+quqvyy+Xf3F3weL6v/1ID7Sa/1Rf1X1l8W3q//qMH/reD4QxEd6rT/qr6r+svh29V8T5m8dz98L4iO91h/1V1V/WXy7+q8N87eO5/IgPtJr/VF/VfWXxber/9Nh/tbxjAXxkV7rj/qrqr8svl3928L8reP5+0F8pNf6o/6q6i+Lb1f/dWH+1vF8MIiP9Fp/1F9V/WXx7er/zTB/63j+QRAf6bX+qL+q+svi29V/fZi/dTy/EcRHeq0/6q+q/rL4dvX/Vpi/dTwfCuIjvdYf9VdVf1l8u/q3h/lbx/PhID7Sa/1Rf1X1l8W3q39HmL91PP8wiI/0Wn/UX1X9ZfHt6t8Z5m8dz0eC+Eiv9Uf9VdVfFt+u/s+E+VvH89EgPtJr/VF/VfWXxber/4Ywf+t4PhbER3qtP+qvqv6y+Hb1Fz/vMKr/HwXxkV7rj/qrqr8svl3942H+1vFcEcRHeq0/6q+q/rL4dvXfFOYv/9yAYnyk1/qj/qrqL4tvV/9nw/yt4/lEEB/ptf6ov6r6y+Lb1f+5MH/reK4M4iO91h/1V1V/WXy7+neF+VvHszmIj/Raf9RfVf1l8e3q/+0wf+t4PhnER3qtP+qvqv6y+Hb1fz7M3zqeLUF8pNf6o/6q6i+Lb1f/7jB/63iuCuIjvdYf9VdVf1l8u/pvDvO3judTQXyk1/qj/qrqL4tvV/+eMH/reLYG8ZFe64/6q6q/LL5d/XvD/K3juTqIj/Raf9RfVf1l8e3q3xfmbx3PNUF8pNf6o/6q6i+Lb1f/F8L8reO5NoiP9Fp/1F9V/WXx7erfH+ZvHc+ng/hIr/VH/VXVXxbfrv4DYf7W8WwL4iO91h/1V1V/WXy7+g+G+VvHc10QH+m1/qi/qvrL4tvVfyjM3zqe3wziI73WH/VXVX9ZfLv6bwnzt47n+iA+0mv9UX9V9ZfFt6v/cJi/dTy/FcRHeq0/6q+q/rL4dvUXPwcyqn97EB+Zqf/g/vHx7Yf23bjz4Pj2PXtvHD+w/fD+XQcPjmcXar3+Xln8e0Fv8C+y0FbL62N6kuzac2B8/9zj95K287d5TiRTv/a0ZPo2fXtH8cWPve521rxZ5vuipNF2f51daJ+ZfR7tmcHn0Rbj87Rrpu7M/TzaYreNis9xrTo+FfuPjk9pm/iy42t0PKs6/837+Fc5vwfb1l/cPJD9Yt9A+raO4pM2f9+ts/na2++dhvP1xc7ma/Fz16vmazF+vvN1qMf5Wuw/mk+1NvHtroc6na/bgvhc5/MzDestm1fz/TuDedp5/Z3Bwpc5uvhbBp2/Hnr7PfLw9ZANuur1UPw97qrXQzF+vq+HJT2+Hor9V70eyuLbrY87fT1cE8RHOp8PvX1uQTgfNnY2H4p/x6pqPhTj5zsfBnucD8X+q+ZDWXy79ws7nQ+fCuI71fn86O1zRcL5saOz+VH8exJV86MYP9/5kfY4P4r9V82Psvh2/5/S6fz4ZBCfazl/3nRgalG/a+fuXbcXfgBjODt/vtHnw9NyXv7rX/+fP5v+ko2jNmccVdcTaWEcK7KRrIj+7mEw7hv+87/Z+q2ff/ErSbLxbfW18bhnhzz7pSAdm1h55/qvXfv2lz44Of5a2/HPROZ/t7ji7x0X4/N6Grv3Hjj4qzftPbSn05+4ai//PJTaTHuBPg8l21jv8PNNot8nmO/nmyyac+fNqePPNwH4JXHm408tb27nn/+Xn49GsmPfkuwAmG/v/Dq7t8/XC6+zj3R2nb2hWG/FdXYxPq+30+vsWo/X2cX+q66zy+Lb/dxep9fZnwji56t1nkxOkKn5Mb798N79zT8Tt9B/t7b/413Yv+Pb+/gW9nMbu9X5+Bf2cyEXfvwL+3eAF378C/t3nmeVXXXHTtt6KfuwyKrPj6xaR0W/lz7fddTiOXfenKyjAODN75/t/9G/am7n6/9sFTuz/v9S1q73uf+FXkct9Lpyoa+T3/qfv7+w6yDrgTadvQlYDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU+8P/9h+/2dweaIxM3T7/uwde+8TZH/ruPeMn7/zIn9x891l/uuq14Xuv+PgDl334ezv+bMXYuvXjl3796JX33fvsB37+7MOPXlHZ0fD0zQVZczBJ0r9Mk2Tdj44+fN+3//ysyW3pZP/p8F3JihXpym+uSAsZNp5KkuTGmXG2fvPoyU03Td7e/aWBlu1nFpIU60qG6vl4WsaZ3FpZEW9Bg9k8u2P7Z5449vmxbx8d3bfpJycu2XvXbEg62DSfkuSMHc2PX5QkyZLs36R8to3kD85uNydJsrTpce+rGNf5HY7/wqC9NrtdnN0OVeTJv39eod3ocByNwu1Ah4/rVm2B8xcV91/xYLRQ8jrPyG6fzm4vmGeeev4vTWpp0pgZ/u50do4kTc9bmqRTc3twpl2baicz7aTYTgvtWqFdX1Soa6rfbMfW07R1ex5X2J4fjhvZ9vOaj9UltgTbV2e3g9kL9Wd5OynemTY0585sHUnTuI6frokRqAWvvXz7zPCyJ2Mo2zaUrpzzmIkS+feOf2fntld/ePvTw8E40qfSLH/aVf6x8ceOfe3aZ1aPRPl31LL8ta7yP19/4dRXT4wsC/MfyfPXu8q/9Rc/vv+eqw6vCvfP8Xz/NLrKv/7Ly+44eXjLwGiU//E8/2BX+S+9ft1l55w4dEs4/o35/lnSVf4fPLihlhz5xjNh/iTPv7Sr/C8/9uTa+uqHXgrzH8v3z1BX+a/e9MjlH1tz76Ph/n8xz7+8q/zbXrpvx74nntsQzs/N+f4Z7ir/qcu//8rrw1c8GR0708dP9xkW4JfLr2TXWPdn7W7Xmb1qWi88MtqYvuZblv1b3s+OCtKmtQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAET2TtQPNbdfeeaBKz/337f/10aaJGnwmIkS+ffqi8fGRrsYx/ovL7vj5OEtA3l7su+RLvIAAAAAc615+YtfaG7n6/Ba1k6TwWQkOZwuSdaUPj5/j2BN3kpbtxffQ1gyG9mXPLU+5an3KU+jT3kW9SnP4j7lGehTnsGKPINJZ3mWtM1T63g8S/uUZ6hPeZb1Kc/yPuU5o095zuxTnuG2eTqfhyuKee7uLs/KPo3nV/qUZ1Wf8rytT3ne3qc8Z/UpT/E95fnOw+VZ5NlRnqk79co8jbQ+842y99Pzfs7psZ+hDvspvmc/336WdNjP+T32M9hhP+/qsZ+0w342FB5Xm2c/tYp+8nl7a1RP3upw/t/Wpzy39ynPHX3K8zt9yvOP+5Tnn/Qpz5095gGI/N6zF/xRcztf/+frzzQZTgYaFydLsyNO8V2AfL177tTXuee76ICU51tb2L6oKl9xgV3Id+58x1d8A6GQ7x1t8zXmrFdL8jWa863vUz4AAACYj3966o6W/5qbu/4fSQYaq2bWr+8sPL5yvV78j+xMnu+CPuUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/s2ntsXNWZAPBzPeOZWfOIQUmYkJeVZAkIkQdRVgu7C6NIi8RqwWHZhEeEvFkwOMIkECdAsrsKC1UTWaKiDX3w+qOBogqhAhJSROtKVNCi/tGoEaXiUdfgIvgHFUpeQGinGnuOPZ4HNtOSNO3vp+je+917vvOdeyNF+s4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4y/fLr//uxcp4eKC/s2eoazAkofSnrmId8VkqUyh0NLGOD15af+1vX9u+N8al2tl0ExMBAAAANZ6+aNbZlXHsw2PrnYRcyKaXh2ySmZCXL+8D5MtxS/voed6SsDK19+8vTQotI/HpyWkT8nLlvFw5TpXz+rZtv3l9b2/35i/wolSn+j2q15OEMLJ9Me/UsGbJzhf2JR2j79E2yXu0lPOWbrnl1qV927aft+GW9Td139S9ccWKlRcsX7H8/AtWLL1xQ2/3stFjyE4yXwihMPG7TPIXCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8COn+79UmU8PNDf2TPUNdiWhJA0yCnWEZ+lMoVCRxPreOOhR+ekZt2/P8al2tl0ExMBAAAANX709KyLK+PYh8fWOwm5kE1nQirMGokXjA9Nh1AsxvuLqu4fi7UDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH1oHDnb+ujIcH+jt7hroGT0pCSBrkFOuIz1KZQqGjiXWsXfGti/9t9j0PxrhUO9/EPAAAAECtV85uvacyjn14SzlOQi7kw8LQmsyakBf3Bs6smq96XJxn7hTHVe8d1IwrbzUsnOJ8Z01x3DmTjLu8fL4zAAAAwInnmvafra2MY//fWo6T0B6y6XxIlePJ+vi4LzC/alzMn6y/j/kLGuRP1vfH/Oq+HwAAAP6WnffuM59WxrX9fz5k07mx/nuy39MvK5/9Tg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPLjw5f+oDIeHujv7BnqGkwlISQNcop1xGepTKHQ0cQ61vzhnV13X3nH9BiXamfTTUwEAAAA1Hgy8493VMaxD4+tdxJyIZtuC63hpJG+/63MtOkb/n/23BBCYWRAJhPuXL9ly+bzR49x3H8ke/5l8S0D59aMWz56PPZvCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/KlWPLF7XWU8PNDf2TPUNfh3SQhJg5xiHfFZKlModDSxjld2n3P0uvueG4hxqXa+iXkAAACAWnN6n/9NZRz78Nj7JyEX8iETMmHmSFzZ65e0VM3XaM8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+OvRt237zet7e7s3u3DhwsXYxfH+lwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhevr/xa+9XxsMD/Z09Q12DuSSEpEFOsY74LJUpFDqaWMc/XDfvgrkHt94e41LtfBPzAAAAALXWvbf1YGUc+/DY+ychF/KhNbSGGeW41kj/334sVgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxP80MSip/TGauP96oBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL8KhV9c8VBkPD/R39gx1DZ6ShJA0yCnWEZ+lMoVCRxPruHb/l//r1j0vnhPjUu1suomJAAAAgBqt777635Vx7MNj652EXMim54RsmFO+0ztxgiQVB9bdFxjP+98Jaakp5+2qWvHoynLlfYjc2DrDyLbDeN59n5mXL99taZ/adwIAAIAT2Yxdl/9fZRz7/9ZynIT2kE3PqOirb52Q3zblPv7+CXmnTDnvuxPy2ifJ+zN8EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgSfeufumMynh4oL+zZ6hrMElCSBrkFOuIz1KZQqGjiXUUuh96/vGrB2bFuFQ738Q8AAAAQK0r38l9tTKOfXjs/ZOQC/kwN5wa5o70/aF9Yn4cd1Lh56+v2vvaNSEsm/nyvHTDet/cd9X74cg/v/XR6GEkDKFl4qCWEKaV6yUN6l3/iyfWvPDpzkdCWDYjNadxvfFS44cqSaF4+o5Fj189c/+qhtMAAADACS336KHvVMax/48ddRLaQza9sWH/H8d9rv6/s2/2jumhUL41sgNQldHSXq7X0qBe/4ePdBxe95+HS/3/y/NyY/9X4OyFE8ePlqo9Vu05JIXi/GfOWnv00G1XjN6I9VMN6q9rXXDa7vdmL4j1c+X7N4Sp1g9V9fu6jixc0nbyJRPrhxA66tX/9qVPf7zmwQ+vGa3f+Hsv/dXwv04Pm76R643H0Tu19Vc/vHL39szb0ybWTxrUX/ziswefunPNvdXvf2a6Xv3aY5VS1XSx/8Ddi+9a1X1hRf2WBvVv73jjg69874ePleofmN82Vn/xZ7z/pPX3Ldx1YM/OB9ZN/P6FevWvP2/zs9s2XHtf9fu3VU1c+eUrj7Xf/805yWVb+17fXP0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxNb11CdHKuPhgf7OnqGuwZYkhKRBTrGO+CyVKRQ6mljHT1L7PnnsYP7kGJdq55uYBwAAAKh1xao3b6qMYx8ee/8k5EI+ZEImtI30/afvWPT41TP3rwrt5eflc7p3U9+Wc2/ctHXjDcf6FQAAAIBJ7Lno41WVcez/0+U4Ce0hm14UWsv9/+qHV+7ennl7Wuz/QwgjP/enb9zQ270sjO0T9HUdWbik7eRL4rhU+ZwrjVty/abe8jZBnPe5J/9p+YVXXTk2vqVy/Pnj4+Y/c9bao4duu6LuuBXj496ck1y2te/1zRXrLIyNWz4+rv/A3YvvWtV9YXyPpHzOld8njtu3cNeBPTsfWBfHtZTPbeX5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAQTvvo9/9TGQ8P9Hf2DHUNhlQISYOcYh3xWSpTKHQ0sY5PLn55+Gj7vz8a41LtbLqJiQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX9+gmNo+zjAP48u9s3227ad1MLTbSGFHtpQSgEiz1Ic/EPErVUFC0UoxgvKhZEK/Zg22Ao6qGg0NJeSiuelRyK2kMotoqCWMWDeFLQk0oOSZFUVJLMs9lMOiSOGqR8PjA8+3tm5zvPPPvs7A4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Kc9+t3dtfa6o9Y921569fkr999456dHhqdeueeDZw9v/HDDlebI4H2v7bzry6FPugZ6twzveG/sgdGRC3f8duH4ycElT/TSXLMtK+shxJ9jCL0/jB0fvfjZxpm+OHP+2DwUurri+uqihO3TIYQnW+NcuHNsqv+pmfbw6x0L+v+fC8lfV2hU03jmNBeOl+tLPVtnBx974sz40wMXx/r29/80edtzh+bfEutt6ymEdUPtx68KIazOthlptXWng7N2dwhhTdtxty8xrluWOf5bC+pNWfu/rG0skZP2b87VtWWOo5ZrO5Z5XFmVfzk/Lz9/cYXOm65zXdaey9ptfzGnmrYYKjHUWsN/Js6vkdD2ucUQZ9d2vVVXZuvQqkO+jrm6kqurq3LXNXvebGKrMS7sT+/L9afbcS3r39x+r76GPQX9PVlbz76ov6Y65F/MaSx6MX8doW1cEyu1MApUCr57qb81vOzDaGR9jbh+0TF/XEPaN/Hx43t/+eblc82CccR3Y5YfS+UPDJ8af+eR8z3dRflDlSy/Uir/UvXz6bcnuzsL84+l/Gqp/Id+//HokQcPbCicn4k0P7VS+Vve6Dw4dWBPR19R/umUXy+Vv2Nf786bJ194sXD829P8rC6V//WbW6/uO/b++cL8kPLXlMr/9tTZTdWety4X5o+n+WmUyn+4/8Sue28aOVk4/1+k/LWl8vdeHh3af+ajrYXrc3ean2ap/OldX31/tTl4tujeGU+v9C8swPXlhuw/1tGsLvuc+Xe1PS+c6KvN/efrzLa1/+SJcmLbswv8yQ4cCwAAAAAI87fuymIDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYAQAA//9S+mTO")
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)

5.565340728s ago: executing program 2:
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYRES16=0x0], 0x1, 0x54f6, &(0x7f0000005800)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Bb1V18wS7Fl4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJlnKltfQGm2sdvPB6bfmSeT3/yeUFqeSUgAp9Zi9stPlbgSFyJiPiIuRxT7lXIrrKZ4LiKuRsTcI1ulHP9j4GxEXIyIK5PiqWalfOiz6+Nrt3984+evvz135tLnX303u1kDs/Z8RPS30v5uP2XeSfmgHG+Mu0X2b43LTA/0H5bHecrd9kZRYbdxcF6jyJuddH6+tTOc5Gav0Zxkp7tZjG8N0gWH485BneIJDxrbxXGrvVFkd5gX2dlPfe3tp79t+8NRqtMq631YlI/R6CDTeHuvneaz9bDI5mBUjqe6eau9N8lxmeXlopn3WkUfG0d5pf/f3uwOdvaycXt72M0H2e1a/YVa/U61vp232qP2rWqj37pzK1vq9CanVUftRn+1k+edXrvWzPvL2VKn2azW69nS3fZGtzHI6vXazdqN6u3lcu969ur9d7NeK1ua5Mvdwc6o2xtmm/l2lp6xnK3Ubr64nF2rZ2+vrWfrb927t7b+zvt337v/0trrr5Qn/aWtbGnlxspKtX6julJfPrnzn/yv/0/z/7hseorzhyOpzLoBgJPH+h+YhZO+/g/r/6mw/j/d84cjsf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi1vl/44rViZzEdXyrHnyqHnimPKxExFxG//Y35OHuo5nxZZ+Efzl/4Uw/fVKKoMLnGuXK7GBGr5fbr04/7VQAAAIAn15cfXf00rdbTj8VZN8RxSjdt5i5/MKV6lYhYWPxhClWivNkUzx69q2Ty+30m9qZUrbiBdX5KxdIttzPTqvavzB+K849EJcXcsbYDAAAci8MrgeNdhQAAAHCcPpl1A8xG8U5r+Vn88gP851KUbwheOHQEAAAAnECVWTcAAAAAPHbF+t/3/wEAAMCTLX3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxPTupQFAfg00Lf4/0xEuPcrTiDZbgEhw4NC3ATLAG34AZYA85cggFDW6I1mJj0to3k+5L2chvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpediNX+8v3pom7PdtZPmbgAAAIBjNsVqXr6YVvN/9fWz+tJFPc8iIo+IY737KH41Mkd1TvHF+4tPNTxFlAn7z/hdH38j4ro+Xs+7/hYAAADgdK0Xy1nVrVen6dAF0adq0Sb/f5MoL4uIYvqSKC3fny4ThZW/73HcJUorF7AmicKqJbdxqrRvGTWGyYchq4a813IAAIBeNDuBfrsQAAAA+nQ7dAEMI4vDVuZhL7j85/37huCfxgwAAAD4gbKhCwAAAAA6V/b/nv8HAAAAp616/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2hSr+XqxnLXN2e7aSXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAn+3zlRYQR0A3BCGQGGCh12tp6coAihj4E5Ci9FoCV360GWhVIWVhQ5m7IBgRQgKFrf9D51bqUrYONxSJiQFkn528HpE4iGJfks9Hen5fW5bf9zlRlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa5J3dOCs2vWmcVsfuPb61VvT3Z/rCna0Hy0Ur4qTJpA+Hl+OdpN9eIgAAABwfWV3fhxAe5tsrRZ/2yvo/r88pav7vnp3GdT0/W/fXfV37F+3XXx69uDNQbzpOcdHL6+PRmX+m0jm4WS625/71jE5558tnL1n5A0nf33xhkpf3M/nm7t13u2V4oolsAYD/43TdV0H9/1DRD9tMDIBjoxMV3nX9n/XazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCd3N8HQdJyGE5c5uXLj/+NZa2c/s39l6sFy3C7dvb8XXLC6RhxAur49HZ5qayCFw/cbNT1bH49G15oNXQgjtjV4FH85xTghtZijYb5BWv+uLks/hCFr+wwQAwJGTV62o6x/m2yvFsWQphL++f7L+fz2KQ1z/z/Rx/f/oowv34rHi+n/Y2AwX32Dj6ueD6zduvrl+dfXK6Mro07fODt8enrt4/vzFQfmsZOCJCQAAAPvTrVpc/6dLIUxm1v9PRXGYs/7/4tvhV/FYmfp/T7uLfm1nAgAAcLw9/+ofvyd7HE+63fDl6sbGteF0u7N/drptIdX/7ETV4vo/W2o7KwAAAKAJk83kifX/S1Ec5lz/f+aHl36Kr5mFEE5W6/+n1z4bX2puOi35c66zmvg48YFPFQAAgIV2smrx+n9evv+f7rzykIYQ3nhtGldfAzhX/Z+99/WP8Vjx+//nmpviQkr70/tR9v0QOv22MwIAAOAoe6pqRbH/W7698vHPpz7oev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGl/BwAA//+S5D5T")
ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x161040, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x4}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r3}, &(0x7f0000000800), &(0x7f0000000840)=r4}, 0x20)
fchmodat(0xffffffffffffffff, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

5.422326075s ago: executing program 0:
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000280)={[{@nossd_spread}, {@compress_force_algo={'compress-force', 0x3d, 'no'}}, {@compress_force}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@flushoncommit}, {@autodefrag}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000380), 0x208e24b)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000640)={<r2=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000740)={0x16, 0x98, 0xfa00, {0x0, 0x0, r2, 0x10, 0x0, @ib={0x1b, 0x0, 0x0, {"253d8b919dd7c83639e2c81d330884d1"}, 0x65c8, 0x0, 0x1f}}}, 0xa0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x13, r0, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, 0x0)

4.06962155s ago: executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = open(&(0x7f0000007fc0)='./bus\x00', 0x60142, 0x0)
r5 = open(&(0x7f0000000380)='./file1\x00', 0x42042, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES32], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x90)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00'}, 0x10)
openat$full(0xffffffffffffff9c, &(0x7f0000001780), 0x4a0800, 0x0)
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
r9 = bpf$ITER_CREATE(0x21, &(0x7f00000010c0)={r4}, 0x8)
r10 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600), 0x70}}, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa}, 0x48)
sendmmsg$unix(r3, &(0x7f00000003c0)=[{{&(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000540)="8326705d4dc215df0051d933fd48a0e9c1035681545705897a3748cb3da8f4ae7ef5cb0b9e5304", 0x27}], 0x1, &(0x7f0000000800)=ANY=[@ANYRESHEX, @ANYBLOB="eea4f7a7aef029d1b102c7e3e1c0059aef9f950df3", @ANYRES32=0x0, @ANYBLOB="000000001c00000000000000a3cf47", @ANYRES32, @ANYRES32=0x0, @ANYBLOB, @ANYRES16=r0, @ANYBLOB="000000001c00000000ff", @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0xee00, @ANYBLOB="000000001c00000000000000010000000200000075b1fc1d24635f84c1ddff0300002a00131309a8b391bca68a33a7c87e21f69f771bb2caf64998a7c63539b2fa8fea0a66a6d02ca3be2c1c8d46f4e97ed31331655f8ed356fd1a064fd57d82d15e089b80b7c5f4288af4407bd61f8b2061232cb31028709842c0ece04b41911347bb7fa7548212d5b86ec71a93e7f99f801c900cc7360f15dc6bd6a686b3cfc24266cedaafa718de2b37a2b937aef08ee113b7895ce9ed5f8243eb00a27233067676772ee06ee99af69c8d13713c234c2a07a1c63a804d4db9e265100e785568206d59a692ed96715dcbcd79684e40909dbe7754b1dcd2900998fce3e3a06da4c9eb3f7ed8a0c8e60df96cbacaa43e5926afa267e835a33567d3bec5a0a2d19f472c955204d12bce7e9e1d3886b7295b58d462633bd9105cd3ebc7c945bf24baae6494e394118182bee14f69d77a793aeb2318a552f9c9cd443e480067", @ANYRES32, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00'], 0xb8, 0x4090}}, {{0x0, 0x0, &(0x7f0000000c80)=[{0x0}, {&(0x7f0000000a40)}, {0x0}, {&(0x7f0000000b00)="6455089ab9075e64c4bedb2b941533bc71ec4be38eeb5e2e6c9ecdda0c6ed7bd4706c3fb85575d0034077bb770e214219d50542e7e671050c17a8022b175ce074558fe4e94f15f588cb4a56928bae16bd7f992b843c5011456ed86b60133edc2903c9f6bdf9a3620f7577841abe2e06fef85eb3ee0091a527f0977e3ba534f7fa31caf7465d30df85587b36f219c23d089bbff7e259bffa1157b2393f0a3cd0a5bd97fadc821f6596440b1cc9bfb", 0xae}], 0x4, &(0x7f0000000cc0)=ANY=[@ANYBLOB="28000000000000000100000001000000b5376e51ab324160b1445009bfc3f82936bb8364a6e2f1156c4edfa76c8fd8a62c975d37d61c58094e0f4f8a9c48d4e621360d15ca9ab3e8ffa4ab41ed51e8cda603426f09bdeed81216d158e19abc17785c", @ANYRESHEX=r4, @ANYRES32=r5, @ANYRES32, @ANYRES64=r7, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRESHEX=r6, @ANYBLOB="1c00000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRESHEX=r7, @ANYRES32=r10, @ANYRESHEX, @ANYBLOB="00000000280000000100cc8d26e9ce24e5c36be347000001000000", @ANYRESOCT=r1, @ANYRES32=r8, @ANYRES32, @ANYRES32=r0, @ANYRES32=r9, @ANYRES32=r10], 0xa8, 0x40040}}], 0x2, 0x4000)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x200, 0x54)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000040)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x11)
ioctl$sock_SIOCSIFBR(r8, 0x8941, &(0x7f0000000680)=@add_del={0x2, &(0x7f00000001c0)='syzkaller1\x00'})
ftruncate(r5, 0x2007ffb)
sendfile(r4, r5, 0x0, 0x1000000211005)

3.667523207s ago: executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000002d000000000000005504000001ed0a002500000017ffffffde040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d876e42f2429d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc0000000000d7c5af73cd83625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a87608bb698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fe4f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6cc448e05d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44ce288b4b27a12174bc4c191e21015d0c431a71906d59c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae8157fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d6800000000000000000000009f7393b85ee7ba2ccefdd798b1d2890a5260a51d9b0d05309159b14c64ad6a9473387f661aa4665270ded0fad79b7ed471d4e5d752f67e25d8a55fb2c944aef0cea0cbe7c3f3dd2612c140e827afe00ebc3bc675e31a783f27b0a8b4bb8e0efedc53bf503728338c466af30f1af2f34484b378eb778672475a5803bdc7c1be3dcc2a174a6a3442ce6e8c52e427cfdbed58cd1c24e1fab092054be4e5035e6acf06e607b49548308518784525bda8ea5054b5a675"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x81)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x8})
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
sendmsg$AUDIT_DEL_RULE(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000b40)={0x430, 0x3f4, 0x10, 0x70bd25, 0x25dfdbff, {0x5, 0x0, 0x19, [0x1f, 0x5, 0x7160, 0x4, 0x4, 0x1, 0xfffffffb, 0x5, 0x4, 0x401, 0x0, 0x101, 0x2, 0x8, 0xe86, 0x3, 0x6, 0xffff, 0x0, 0x9, 0x3, 0x1, 0xb2c, 0x5, 0x2, 0x1, 0x7a15, 0x2, 0x11, 0x5, 0x0, 0x1, 0x6, 0xf3de, 0x5, 0x40, 0x8, 0x1b, 0x4, 0x8, 0x8, 0x0, 0x9, 0xa8d, 0x2cf7, 0x5e, 0x0, 0x80, 0xfffffb01, 0x1, 0x9, 0x7, 0xffff, 0x74c4, 0x1a7a8000, 0x0, 0x400, 0x7ff, 0x5ab, 0x4, 0x0, 0x929b, 0xaa04, 0x800], [0x3ff, 0x0, 0x800, 0xffffff8c, 0x14f, 0xb1, 0x3, 0x401, 0x9, 0x80000000, 0x1, 0x3, 0x400, 0x8fc, 0x0, 0x7fffffff, 0x81, 0xffffffff, 0x3, 0x400, 0x4, 0xf0b7, 0x5, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x4d0, 0x6, 0x9, 0x9, 0x3, 0xffffffc0, 0x400, 0x4, 0x100, 0xfffffe00, 0x80000001, 0xffffff7f, 0x8000, 0x5, 0x75, 0xd02, 0x2, 0xd0a, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x7, 0x1f, 0x65, 0x80000000, 0xfffff7c2, 0xfff, 0x5d, 0x10001, 0x1ff, 0x1], [0x0, 0x0, 0xcc, 0xffff2709, 0x4, 0x800, 0x6, 0x1, 0x80, 0x7, 0x0, 0xffff, 0x2, 0x0, 0x40, 0x0, 0x4, 0xafd, 0x0, 0x1b5, 0x800, 0x1, 0x0, 0x1, 0xfffff358, 0x1, 0x7ff, 0xde8, 0x1, 0x3, 0x4, 0x4, 0x8, 0x1, 0x0, 0x6, 0x7, 0x1, 0x1f, 0x3, 0x38, 0xc13, 0x0, 0x0, 0x1000, 0x20, 0x189c, 0x10001, 0x4, 0xffffffff, 0x3, 0x4e, 0x6c, 0x101, 0x9, 0x0, 0x0, 0x8, 0x800100, 0x1000, 0x9, 0x7, 0x6], [0x7, 0x4, 0x1, 0x3, 0x3, 0x7, 0x8, 0x3, 0x1f, 0x10001, 0x1f, 0x400000, 0x5, 0x8, 0x4, 0xffffff80, 0x200, 0x89, 0x5, 0x2, 0x0, 0x9, 0x6, 0x0, 0x86000, 0x8, 0x4, 0x5, 0x9, 0x7fff, 0x4, 0x0, 0x2, 0x4, 0x0, 0x40, 0x0, 0x7fff, 0x401, 0x0, 0x7fffffff, 0x1, 0x0, 0x8, 0xfff, 0x400, 0x9ea, 0x5, 0xbf62, 0x8, 0x5f9, 0x8, 0x2, 0x7, 0x5, 0x1, 0x0, 0x3, 0x16d9a8b8, 0x6, 0x6, 0x0, 0x6, 0x1000], 0xf, ['.#)\x00', '(\x16!#\\\x00', '\x00', '-\x00', '#\x00']}, [""]}, 0x430}, 0x1, 0x0, 0x0, 0x24004840}, 0x8004)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000540)={{0x1, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00]})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000c40)={0x4c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {}, @device_b}, @ext_ch_sw={0x4, 0x4, {{}, @void}}}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x4c}}, 0x0)

2.281656135s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x15, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071101e00000000009500007000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="34000000120001000000000000000000fe80000000000000000000000000000000000000000032"], 0x34}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x5, 0x1, 0xffffffff, 0xc02, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x3, 0x7}, 0x48)
syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x10, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000fc00000000f2483e2f7e7fb1c59e8bc16d523100000000000a3c000003120a09000000000000008000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000000140000001100010000000000000000000000000a"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0x4008094}, 0x8051)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'geneve1\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='X\x00\x00\x00U\x00=\t\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES64=r3, @ANYBLOB="20000220", @ANYRES16, @ANYRES64=r2, @ANYRES32=r4, @ANYBLOB="00000000ac14140000000000000000000000000086dd"], 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x1d, 0x0, 0x0, 0x8}, {0x6, 0x0, 0x10, 0x9}]})
r6 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "e5c7f20eae1fae974c170f6484d0a76b00489afd264e96c242f5c35d8cb35b43221114174dd08e6a34da6c9cb5dcb0fcccd12f9b47b8ea086c1c1c593c15de94"}, 0x48, 0xffffffffffffffff)
r8 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0, r6)
keyctl$KEYCTL_MOVE(0x1e, r7, r7, r8, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$sndseq(r5, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x1}, {}, {}, @raw8={"853a797c6fabac60bd12d8de"}}], 0x1c)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x198, [], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000000004ff8d978fa7ef9850000000000e5ffffffffffffff000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000013000000e2d0be86000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000799e3b3c00000001000000000000000000ffffffff01000000110000000000000000000300736630000011000000000008000064756d6d793000000000000000000000010000000000000000000000000000006c6f00000000200000000000f8fffffffeffffffffff000000000000ffffffffffff000000000000000070000000a8000000d8000000646e6174000000000000200000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa00000100000000000000726564697265637400000000f6f678c1bcc95568ee000000000000000000000008000000000000000008"]}, 0x20a)
socket(0x2, 0x1, 0x0)

2.077883591s ago: executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000240)=0x8, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
writev(r0, &(0x7f0000000680)=[{&(0x7f0000000040)='9', 0x4101}], 0x1)

1.910195399s ago: executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000c00)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0xc, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}]}]}, 0x2c}}, 0x0)

1.738202498s ago: executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010010905"], 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x80802)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

1.559712357s ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c9"], 0x0}, 0x90)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
pipe2$9p(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
pipe2$9p(&(0x7f00000001c0)={<r3=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}})
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x0, 0xb00, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14, 0x10}}, 0xa0}}, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000800000003003c02ffffffef3501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
utime(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540))

1.265563929s ago: executing program 3:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)

985.218266ms ago: executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioperm(0x0, 0x4, 0x7)
r1 = dup(0xffffffffffffffff)
fanotify_mark(0xffffffffffffffff, 0x69c, 0x0, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
futex(&(0x7f000000cffc)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
chown(0x0, 0xee01, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r4 = openat(r1, &(0x7f0000000ac0)='./file1\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext2\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000b00)={[], [{@hash}, {@subj_user}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@smackfshat={'smackfshat', 0x3d, '\\%'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}, {@audit}]}, 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r6 = creat(&(0x7f0000002440)='./file0\x00', 0x0)
write$cgroup_type(r6, &(0x7f0000000240), 0xfb3f)
fallocate(r5, 0x8, 0x0, 0x8000)
pwritev(r5, &(0x7f0000000040)=[{&(0x7f0000000180)}], 0x1, 0x0, 0x0)
write$binfmt_elf64(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c460000000000000000000000000040000000000000000000000000000000000000000019380001000000000000000300000000000000000000000000000000000000000000000000008e212877800022000000000000000000000000001b3351061616a8376dc900000000000000000000000000000aa8cbd8626e4b79ce321d357bc2e2fe443ac8cb0d723ece810be3ac73e5ee7e3682a212a1c6d05ea73cc224bdae78f718464303cfc8b8ec2e2ca0d9282a6a3ffac432fa7801fdec1b5c787bfcabb763955620bb88561b780bd64916e0ccf98fbf6b18075d1c1874c99e38cd539ac4c4e0f32d39934f6febd5ab14681fec"], 0x78)
inotify_init1(0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000340)={[{@grpquota}, {@oldalloc}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@orlov}, {@orlov}, {@usrquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x40d2}}]}, 0x0, 0x5de, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcS18x2pnTb2ZYubadhPp9k6Zv3dnhvuv32vX19bzaAyhpM/6lF7I2I6SSiP5lfLOuMrHBw4Xn3/v3sdPpIol5/6+8kkiwvf36Sfe3LTu6JiF9/SWJPx8p6Z+aunB+fmpq8nB0Pz16YHp6Zu3Lw3IXxs5NnJy+OvjJ67OiRo8dGDrV1XVcL8k5e//Dj/i/G3v3hu/vJyI9/jCVxPF7Pnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXriohnoj864sGL1x+fv1Fq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4tiv+kEf8D0RMDjfivNcV/Oi44lX1N899ss/7lU8XiH7bOQvz3rBr/0SL+31sS/++3Wf/gg+QHvU3x39vuJQEAAAAAAEBl3TwRES8X/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXitc/1vLV/8OdGSpJxrrAbqSM+emJg9FxJMRcSC6dqTHI6vUcfDLPd+2KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/qjXDUTcvRbxXOH632Sx/08K+v/098H0Q9ax58Ubp1qVrR3/wGapfx+xv7D/f3DXimT1+3MMN8YDw/moYKXnP/3qp1b1txv/bjEBjy7t/3euHv8DydL79cysv47Dc531VmXtjv+7k7cbt5zpzvI+GZ+dvTwS0Z2c7Ehzm/JH199meBzl8ZDHSxr/B15Yff6vaPzfGxHzy/7v5J/mPcW5p//r+7NVe4z/oTxp/E+sq/9ff2L0xsDPrep/uP7/SKOvP5DlmP+DBd/kYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4HNQiYlcktaHFdK02NBTRFxFPxc7a1KWZ2ZfOXPro4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxdUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dZTdOmDTdZbdAKA0BfH/WxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwWNm97+bvSUTMv9rbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffoRTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4p3t0YytTNTr9avpT8F2ac+2Tdyv1+trPzlfCr892rwike/1e7izyvudBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPs/AAD//0f2Jwc=")
quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xee01, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5})
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000009f2e000000052300000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294634073ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000008010000030a41030000000000000000050000000900010073797a30000000000800054000000000040008800900030073797a32000000000b00070066696c7465720000c400048008000240000000000800014000000004080002401367d26d140003006261746164765f736c6176655f300000080001"], 0x22c}}, 0x0)

385.009625ms ago: executing program 4:
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$IOC_PR_PREEMPT(r3, 0x40046109, &(0x7f0000000040)={0xf0})
ioctl$CEC_S_MODE(r3, 0x40046109, &(0x7f0000000080))
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r4 = syz_open_dev$sg(0x0, 0x0, 0x2)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x40, 0x0, 0x7f}, 0x48)
dup(r4)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r6=>0xffffffffffffffff})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r9 = openat$cgroup_freezer_state(r8, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_freezer_state(r9, &(0x7f0000000040)='FROZEN\x00', 0x7)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380), 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000800)={0x0})

282.69254ms ago: executing program 0:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x280008a, &(0x7f0000000040)={[{@numtail}, {@shortname_win95}, {@shortname_win95}, {@fat=@nfs}, {@numtail}, {@rodir}, {@utf8no}, {@fat=@flush}, {@shortname_mixed}, {@shortname_win95}, {@shortname_winnt}, {@shortname_win95}, {@fat=@uid}, {@uni_xlateno}, {@utf8no}, {@uni_xlate}, {@uni_xlateno}, {@shortname_winnt}]}, 0x97, 0x2a9, &(0x7f0000002300)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO")
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x7ff7ffff, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xf, 0x4, 0x4, 0x10}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@ifindex, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

11.961807ms ago: executing program 4:
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000180)={[{@nls={'nls', 0x3d, 'macgreek'}}, {@nodecompose}, {@creator={'creator', 0x3d, "eed69362"}}]}, 0x1, 0x5ca, &(0x7f00000006c0)="$eJzs3cFvHFcdB/DvbGLHDlK6SZOmICSscgA1IlnvRiZISEApyEIVqsSlVyvZ1FY2aWRvkdsDCohz+y+Ugzlz4ISClANn/gWjHhHcfUs1s7PeTbJ1ncb1rtvPR5p9782befObn2dGM7OyNsA31uo7mXuUIqtX3tou27s7nd7uTufusJ7kTJJGspCkKGf/PcmnyYMMpnx72DFWPqP4ePXm+sOPLg9aC/VULV8ctN7h7MfSHMRalUc1XvuFxxvt4VKSC3UJU/d46D8Tu1/wvAQAZlmRnJo0v5mcrW/Wy+eAwV3x4B77RHsw7QAAAADgGLy0l71s59y04wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICTpP79/6KeGsP6Uorh7//P1/NS10+0R9MOAAAAAAAAAACOwPf2spftnBu2HxfVd/6vVY2L1ee38n620s1mrmY7a+mnn80sJ2mODTS/vdbvby4fYs32xDXbx7O/AAAAAAAAAPA19aesjr7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAWVAkpwZFNV0c1ptpnE6ykGS+XO5B8nBYP8keTTsAAAAAOAYv7WUv2zk3bD8uqmf+V6rn/oW8n3vpZyP99NLNrepdwOCpv7G70+nt7nTultOz4/7i/88VRjViBu8eJm+5VS1xaX+N1fw6v8uVLOXtbGYjv89a+ulmKW9WtbUUadZvL5rDOCfH+/MnWm9/UayvVpEs5nY2qtiu5mbeSy+30qj2oVrm4C3+scxO8bPaIXN0qy7LPfpNXc6GZpWRuf2MtOrcl9k4f3AmnvM4eXpLy2nsv4O6+BXk/Gxdlrl+c6Zz3h47+l45OBNJq/2/++u9e3fWb29dmZ1d+pKezkRnLBOXv1GZmK+zMbiKPt/V8rVq3XPZyG/zXm6lmxtp5UZWcj2drOQnWRnL66VDnGuN5zvXvv/DujKX5Fd1ORvKvJ4fy+v4la5Z9Y3PGWXpwtFfkU5/p66UB+sbM3dFOv/UtXmYiZcPzsRfHpefW717dzbX1+4fcns/qMsyA7+cqUyUx8uF8o9VtZ48Osq+lyf2LVd9F/f7Gs/0Xdrv+6Izdb6+h3t2pHbVd3liX6fqe3Wsb9JdDgAz7+zrZ+cX/7v478VPFv+8uL741sIbZ26c+e585v51+h+n/tb4a+Onxev5JH8YPf8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf3tYHH95Z6/W6myoqKir7lWlfmYCv2rX+3fvXtj748Ecbd9fe7b7bvXd9eaV9/Xpr5cc3rt3e6HVbg89phwkAHKHRTf+0IwEAAAAAAAAAAAAAAD7Pcfw78bT3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HpbfSdzj1JkuXW1VbZ3dzq9chrWR0suJCnKyj+TfJo8yGBKc2y44vO2U3y8enP94UeXR2MtDJcvDlrvcJ6IpfFUTC86XvuFxxvt4VKSC3UJU/dZAAAA//94/wNT")
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_RESET(r0, 0x80044dfb, 0x1000000000000)
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
add_key(0x0, 0x0, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)

0s ago: executing program 3:
r0 = gettid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r1, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000480)={0x0, 0x0, 'client0\x00', 0x0, "6a3dd68b75e5deb0", "3c7889a6e4459964e7b5a1702fc99a15d8645e08c4f81dd7c4c0e71b786c8ac7"})
tkill(r0, 0x7)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

kernel console output (not intermixed with test programs):

NFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  555.290456][T11693] loop2: detected capacity change from 0 to 512
[  555.304234][T11694] ALSA: seq fatal error: cannot create timer (-22)
[  555.497791][T11693] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz-executor.2: bg 0: block 5: invalid block bitmap
[  555.554117][T11693] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  556.387299][T11693] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 3 (level 2)
[  556.430473][T11693] EXT4-fs (loop2): 1 orphan inode deleted
[  556.442889][T11693] EXT4-fs (loop2): 1 truncate cleaned up
[  556.471262][T11693] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  556.600172][ T5461] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  556.810713][T11711] loop3: detected capacity change from 0 to 2048
[  556.838978][T11711] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  557.850322][T11716] loop2: detected capacity change from 0 to 2048
[  557.898150][T11716] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  557.929041][T11726] loop0: detected capacity change from 0 to 512
[  558.077953][T11726] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor.0: bg 0: block 5: invalid block bitmap
[  558.091095][T11726] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  558.101273][T11726] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz-executor.0: invalid indirect mapped block 3 (level 2)
[  558.490909][   T45] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  558.512873][T11726] EXT4-fs (loop0): 1 orphan inode deleted
[  558.569594][ T5461] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  558.581518][T11726] EXT4-fs (loop0): 1 truncate cleaned up
[  558.592590][T11726] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  558.625300][T11733] loop1: detected capacity change from 0 to 2048
[  558.636648][T11733] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  558.691028][T11726] 9pnet_fd: Insufficient options for proto=fd
[  558.755993][   T45] usb 5-1: device descriptor read/64, error -71
[  558.776776][T10574] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.035586][T11742] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  559.078417][T11743] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.2'.
[  559.172682][   T45] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  559.352738][   T45] usb 5-1: device descriptor read/64, error -71
[  559.507464][   T45] usb usb5-port1: attempt power cycle
[  559.809957][   T29] audit: type=1326 audit(1717932361.632:3056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11741 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x0
[  560.183004][   T45] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  560.438578][   T45] usb 5-1: device descriptor read/8, error -71
[  560.828542][T11755] ALSA: seq fatal error: cannot create timer (-22)
[  560.880572][   T45] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  561.123092][   T45] usb 5-1: device not accepting address 31, error -71
[  561.150319][T11769] Driver unsupported XDP return value 0 on prog  (id 265) dev N/A, expect packet loss!
[  561.169077][   T45] usb usb5-port1: unable to enumerate USB device
[  561.272116][   T29] audit: type=1326 audit(1717932363.082:3057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.369949][   T29] audit: type=1326 audit(1717932363.082:3058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.433077][   T29] audit: type=1326 audit(1717932363.082:3059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.485807][   T29] audit: type=1326 audit(1717932363.082:3060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.526132][   T29] audit: type=1326 audit(1717932363.092:3061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.602079][   T29] audit: type=1326 audit(1717932363.092:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.659804][   T29] audit: type=1326 audit(1717932363.092:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.752372][   T29] audit: type=1326 audit(1717932363.122:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.814504][T11780] loop0: detected capacity change from 0 to 2048
[  561.820748][   T29] audit: type=1326 audit(1717932363.122:3065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414a27cf69 code=0x7ffc0000
[  561.912176][T11780] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  562.087423][T11784] loop3: detected capacity change from 0 to 512
[  562.608830][T11784] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz-executor.3: bg 0: block 5: invalid block bitmap
[  562.881010][T11784] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  562.980128][T11793] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.2'.
[  563.021995][T11784] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz-executor.3: invalid indirect mapped block 3 (level 2)
[  563.157245][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  563.177639][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  563.353215][T11784] EXT4-fs (loop3): 1 orphan inode deleted
[  563.672570][T11784] EXT4-fs (loop3): 1 truncate cleaned up
[  563.693876][T10574] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  563.704273][T11784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  563.816693][T11777] loop1: detected capacity change from 0 to 32768
[  563.831313][T11777] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (11777)
[  563.925446][T11784] 9pnet_fd: Insufficient options for proto=fd
[  563.975668][T11777] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  564.000576][T11777] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  564.053032][T11777] BTRFS info (device loop1): using free-space-tree
[  564.362379][T11777] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  564.396223][T11777] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  564.730847][T11777] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  564.748072][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  564.819745][T11777] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  564.828825][T11777] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  564.871038][T11777] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  564.968911][    T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  565.023498][T11819] ALSA: seq fatal error: cannot create timer (-22)
[  565.063129][T11777] BTRFS error (device loop1): open_ctree failed
[  565.213010][    T9] usb 3-1: device descriptor read/64, error -71
[  565.482880][    T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  565.637090][T11813] loop0: detected capacity change from 0 to 32768
[  565.652556][    T9] usb 3-1: device descriptor read/64, error -71
[  565.662876][T11813] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (11813)
[  565.695397][T11813] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  565.718360][T11813] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  565.739214][T11813] BTRFS info (device loop0): using free-space-tree
[  565.793079][    T9] usb usb3-port1: attempt power cycle
[  565.868504][   T29] kauditd_printk_skb: 40 callbacks suppressed
[  565.868525][   T29] audit: type=1800 audit(1717932367.692:3106): pid=11813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=263 res=0 errno=0
[  566.028019][T10574] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  566.342758][    T9] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  566.385291][    T9] usb 3-1: device descriptor read/8, error -71
[  566.636617][T11829] loop1: detected capacity change from 0 to 32768
[  566.649317][T11829] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (11829)
[  566.680864][T11829] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  566.712373][T11829] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  566.722628][    T9] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  566.727463][T11829] BTRFS info (device loop1): using free-space-tree
[  566.757208][    T9] usb 3-1: device descriptor read/8, error -71
[  566.807596][   T29] audit: type=1326 audit(1717932368.632:3107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  566.903152][    T9] usb usb3-port1: unable to enumerate USB device
[  566.917694][   T29] audit: type=1326 audit(1717932368.652:3108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.076561][   T29] audit: type=1326 audit(1717932368.652:3109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.099784][   T29] audit: type=1326 audit(1717932368.652:3110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.236360][ T6658] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  567.251975][   T29] audit: type=1326 audit(1717932368.652:3111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.292283][T11879] loop2: detected capacity change from 0 to 2048
[  567.313857][   T29] audit: type=1326 audit(1717932368.652:3112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.337340][   T29] audit: type=1326 audit(1717932368.652:3113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.360722][   T29] audit: type=1326 audit(1717932368.662:3114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.384574][   T29] audit: type=1326 audit(1717932368.662:3115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x7ffc0000
[  567.461587][T11879] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  568.030179][T11885] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.4'.
[  568.768164][T11886] loop1: detected capacity change from 0 to 512
[  568.891103][T11886] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz-executor.1: bg 0: block 5: invalid block bitmap
[  568.927081][T11886] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  568.997292][T11886] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 3 (level 2)
[  569.083012][T11886] EXT4-fs (loop1): 1 orphan inode deleted
[  569.091679][T11886] EXT4-fs (loop1): 1 truncate cleaned up
[  569.108692][T11886] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  569.146055][T11886] 9pnet_fd: Insufficient options for proto=fd
[  569.224934][ T6658] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  569.311162][T11899] ALSA: seq fatal error: cannot create timer (-22)
[  569.470992][T11888] loop0: detected capacity change from 0 to 32768
[  569.485091][T11888] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (11888)
[  569.511829][T11888] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  569.530227][T11888] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  569.541179][T11888] BTRFS info (device loop0): using free-space-tree
[  569.912694][   T25] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  570.072870][   T25] usb 4-1: device descriptor read/64, error -71
[  570.168720][T10574] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  570.332269][T11898] loop2: detected capacity change from 0 to 32768
[  570.362569][   T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  570.365414][T11898] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11898)
[  570.486663][T11898] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  570.552787][   T25] usb 4-1: device descriptor read/64, error -71
[  570.564879][T11898] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  570.591329][T11898] BTRFS info (device loop2): using free-space-tree
[  570.873218][   T25] usb usb4-port1: attempt power cycle
[  570.896697][ T5461] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  570.920802][T11928] loop4: detected capacity change from 0 to 32768
[  570.960339][T11928] BTRFS: device /dev/loop4 (7:4) using temp-fsid 2aef15a1-7b58-4585-83c0-7ba20bafaaaf
[  570.971980][T11928] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (11928)
[  570.999108][T11928] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  571.013027][T11928] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  571.021800][T11928] BTRFS info (device loop4): using free-space-tree
[  571.032659][  T783] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  571.215911][   T29] kauditd_printk_skb: 43 callbacks suppressed
[  571.215929][   T29] audit: type=1800 audit(1717932373.042:3159): pid=11928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0
[  571.253956][  T783] usb 1-1: Using ep0 maxpacket: 32
[  571.264810][  T783] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  571.289989][  T783] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  571.302095][  T783] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  571.323990][   T25] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  571.333356][T11966] loop2: detected capacity change from 0 to 2048
[  571.346192][T11966] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  571.355170][  T783] usb 1-1: Product: syz
[  571.359888][  T783] usb 1-1: Manufacturer: syz
[  571.370711][ T5109] BTRFS info (device loop4): last unmount of filesystem 2aef15a1-7b58-4585-83c0-7ba20bafaaaf
[  571.383645][  T783] usb 1-1: SerialNumber: syz
[  571.388767][   T25] usb 4-1: device descriptor read/8, error -71
[  571.400992][  T783] usb 1-1: config 0 descriptor??
[  571.413943][T11937] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  571.705600][   T45] usb 1-1: USB disconnect, device number 19
[  571.732843][   T25] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  571.786069][   T25] usb 4-1: device descriptor read/8, error -71
[  571.915430][   T25] usb usb4-port1: unable to enumerate USB device
[  572.491563][T11982] ALSA: seq fatal error: cannot create timer (-22)
[  572.715509][T11977] loop1: detected capacity change from 0 to 40427
[  572.747090][T11977] F2FS-fs (loop1): Found nat_bits in checkpoint
[  572.776767][   T29] audit: type=1326 audit(1717932374.602:3160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x0
[  572.837149][T11977] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  572.886480][T11996] loop3: detected capacity change from 0 to 256
[  572.931007][   T29] audit: type=1800 audit(1717932374.752:3161): pid=11977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0
[  572.994048][ T6658] syz-executor.1: attempt to access beyond end of device
[  572.994048][ T6658] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  573.037936][ T6658] F2FS-fs (loop1): Remounting filesystem read-only
[  573.656038][T12002] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
[  574.376833][T11994] loop2: detected capacity change from 0 to 32768
[  574.437144][T11994] btrfs: Deprecated parameter 'usebackuproot'
[  574.461543][T11994] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  574.523587][T11994] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11994)
[  574.583371][T11994] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  574.611195][T11994] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  574.635137][T11994] BTRFS info (device loop2): using free-space-tree
[  574.877329][T11998] loop4: detected capacity change from 0 to 32768
[  574.885997][T11998] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (11998)
[  574.908906][T11998] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  575.282638][T11998] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  575.339762][T11994] BTRFS info (device loop2): rebuilding free space tree
[  575.407999][T11998] BTRFS info (device loop4): using free-space-tree
[  575.762693][   T45] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  575.781886][T11994] overlayfs: missing 'lowerdir'
[  575.859351][   T29] audit: type=1800 audit(1717932377.682:3162): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0
[  575.928146][   T45] usb 2-1: device descriptor read/64, error -71
[  575.940176][ T5461] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  576.059676][ T5109] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  576.262539][   T45] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  576.434854][   T45] usb 2-1: device descriptor read/64, error -71
[  576.566250][   T45] usb usb2-port1: attempt power cycle
[  576.660488][T12052] loop3: detected capacity change from 0 to 32768
[  576.694115][T12052] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (12052)
[  576.722929][T12033] loop0: detected capacity change from 0 to 32768
[  576.737299][T12052] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  576.770756][T12033] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (12033)
[  576.772598][T12052] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  576.791021][   T25] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  576.801682][T12052] BTRFS info (device loop3): using free-space-tree
[  576.814393][T12033] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  576.824758][T12033] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  576.833598][T12033] BTRFS info (device loop0): using free-space-tree
[  576.864332][T12062] ALSA: seq fatal error: cannot create timer (-22)
[  576.905839][   T29] audit: type=1800 audit(1717932378.732:3163): pid=12052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=263 res=0 errno=0
[  576.982861][   T25] usb 5-1: Using ep0 maxpacket: 32
[  576.990804][   T25] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  577.002600][   T45] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  577.019315][   T25] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  577.029687][   T25] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  577.035911][T10989] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  577.038072][   T25] usb 5-1: Product: syz
[  577.055066][   T25] usb 5-1: Manufacturer: syz
[  577.063786][   T45] usb 2-1: device descriptor read/8, error -71
[  577.071207][   T25] usb 5-1: SerialNumber: syz
[  577.086035][   T25] usb 5-1: config 0 descriptor??
[  577.092333][T12057] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  577.122379][T10574] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  577.325144][   T25] usb 5-1: USB disconnect, device number 32
[  577.342659][   T45] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  577.375492][   T45] usb 2-1: device descriptor read/8, error -71
[  577.478644][   T29] audit: type=1326 audit(1717932379.302:3164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x0
[  577.503276][   T45] usb usb2-port1: unable to enumerate USB device
[  577.589507][T12100] loop3: detected capacity change from 0 to 256
[  579.503457][   T29] audit: type=1800 audit(1717932380.552:3165): pid=12110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="sda1" ino=1967 res=0 errno=0
[  581.955059][ T5162] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  582.060502][T12120] loop1: detected capacity change from 0 to 2048
[  582.097156][T12120] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  582.182846][ T5162] usb 4-1: Using ep0 maxpacket: 32
[  582.195999][ T5162] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  582.234657][ T5162] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  582.253440][ T5162] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  582.268346][ T5162] usb 4-1: Product: syz
[  582.283651][ T5162] usb 4-1: Manufacturer: syz
[  582.288363][ T5162] usb 4-1: SerialNumber: syz
[  582.310355][ T5162] usb 4-1: config 0 descriptor??
[  582.323080][T12118] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  582.601475][ T5162] usb 4-1: USB disconnect, device number 27
[  583.544712][T10783] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  583.753394][T10783] usb 4-1: Using ep0 maxpacket: 32
[  583.771744][T10783] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  583.800694][T10783] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  583.813913][T10783] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  583.829598][T10783] usb 4-1: Product: syz
[  583.841721][T10783] usb 4-1: Manufacturer: syz
[  583.871666][T10783] usb 4-1: SerialNumber: syz
[  583.913784][T10783] usb 4-1: config 0 descriptor??
[  583.926375][T12147] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  585.987432][   T29] audit: type=1800 audit(1717932386.782:3166): pid=12158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="sda1" ino=1960 res=0 errno=0
[  586.181636][ T5208] usb 4-1: USB disconnect, device number 28
[  586.382631][T10783] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  587.281284][T10783] usb 3-1: device descriptor read/64, error -71
[  587.464835][T12173] xt_TPROXY: Can be used only with -p tcp or -p udp
[  587.524791][T12173] loop2: detected capacity change from 0 to 2048
[  588.108978][T12166] loop1: detected capacity change from 0 to 32768
[  588.129205][T12166] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12166)
[  588.170733][T12166] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  588.193460][T12166] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  588.209219][T12166] BTRFS info (device loop1): using free-space-tree
[  589.262094][T12219] fuse: Unknown parameter '0x0000000000000003'
[  589.343974][ T6658] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  589.375208][T12219] loop0: detected capacity change from 0 to 1024
[  589.692844][   T61] hfsplus: b-tree write err: -5, ino 4
[  590.836211][ T5127] Bluetooth: hci3: command 0x0406 tx timeout
[  591.046081][T10783] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  591.218081][T12236] loop1: detected capacity change from 0 to 4096
[  591.229492][T12236] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512).
[  591.232573][T10783] usb 4-1: device descriptor read/64, error -71
[  591.325459][T12236] ntfs3: loop1: Failed to initialize $Extend/$ObjId.
[  591.372725][ T5208] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  591.542775][T10783] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  591.542800][ T5208] usb 3-1: device descriptor read/64, error -71
[  591.722577][T10783] usb 4-1: device descriptor read/64, error -71
[  591.844081][T10783] usb usb4-port1: attempt power cycle
[  591.852626][ T5208] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  592.033115][ T5208] usb 3-1: device descriptor read/64, error -71
[  592.167859][ T5208] usb usb3-port1: attempt power cycle
[  593.606119][T12239] loop4: detected capacity change from 0 to 40427
[  593.913509][T10783] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  593.991293][T12239] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  594.013698][T10783] usb 4-1: device descriptor read/8, error -71
[  594.027755][T12239] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  594.069651][T12239] F2FS-fs (loop4): invalid crc value
[  594.138565][T12239] F2FS-fs (loop4): Found nat_bits in checkpoint
[  594.172847][ T5208] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  594.327490][T12239] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  594.367467][T12239] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  594.626472][ T5208] usb 3-1: device not accepting address 42, error -71
[  594.867719][T12261] evm: overlay not supported
[  595.892393][   T29] audit: type=1800 audit(1717932397.712:3167): pid=12278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1961 res=0 errno=0
[  596.024610][T12277] loop1: detected capacity change from 0 to 4096
[  596.056286][T12277] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512).
[  596.125625][T12277] ntfs3: loop1: Failed to initialize $Extend/$ObjId.
[  598.755778][ T5112] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  599.214014][   T25] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  599.664919][   T25] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  599.711044][   T25] usb 3-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  599.742531][ T5112] usb 4-1: device descriptor read/64, error -71
[  599.750744][   T25] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  599.775550][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.802976][T12307] loop1: detected capacity change from 0 to 512
[  599.831756][T12307] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  599.860401][T12307] ext4 filesystem being mounted at /root/syzkaller-testdir164575106/syzkaller.Hl7ogu/276/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  599.947423][T12288] loop0: detected capacity change from 0 to 32768
[  599.981059][T12288] jfs: Unrecognized mount option "01777777777777777777777ÿ00000000000000000000000ñ¼ÊíX�c¥vÌ:ýQºòœÞ"�¨C’ôæo÷ï"ªš÷'ήŠŽÉ_Á·0ƒÞ-è% Ë+çtý³6P×ÚÎ'ÁkÂ;/|·%…T‰9i�(Š©%ZŠ’@øG~‚ºͱý\¢ñ«œâÌÄÒÚøÚÇ%S:U�VTúõà’OvO7MfO­Jj²NÀè"çùBnŽ]áþXZ
[  599.981059][T12288] èoÐ*‹“e–4Ôb¹ûL±¡ú–*‹" or missing value
[  600.021807][ T5162] usb 3-1: USB disconnect, device number 44
[  600.032563][ T5112] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  600.202848][T10783] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  600.224678][ T5112] usb 4-1: device descriptor read/64, error -71
[  600.254594][T12305] loop4: detected capacity change from 0 to 40427
[  600.268419][T12305] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  600.277858][T12305] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  600.314797][T12305] F2FS-fs (loop4): invalid crc value
[  600.377635][T12305] F2FS-fs (loop4): Found nat_bits in checkpoint
[  600.452927][ T5112] usb usb4-port1: attempt power cycle
[  600.486407][T12305] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  600.493897][T12305] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  600.552767][T10783] usb 2-1: Using ep0 maxpacket: 16
[  600.928439][T10783] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  601.000938][   T29] audit: type=1800 audit(1717932402.802:3168): pid=12305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=10 res=0 errno=0
[  601.203487][   T29] audit: type=1800 audit(1717932402.852:3169): pid=12319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=10 res=0 errno=0
[  601.281592][T10783] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  601.291483][T10783] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  601.304494][T10783] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  601.313646][T10783] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.329360][T10783] usb 2-1: config 0 descriptor??
[  601.339267][T10783] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input8
[  602.264901][T10783] bcm5974 2-1:0.0: could not read from device
[  602.299946][T10783] input: failed to attach handler mousedev to device input8, error: -5
[  603.605701][T12342] loop2: detected capacity change from 0 to 2048
[  603.642731][T12342] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  604.755412][   T25] usb 2-1: USB disconnect, device number 40
[  604.778236][   T29] audit: type=1800 audit(1717932406.602:3170): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=1367 res=0 errno=0
[  604.895293][ T6658] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  606.025553][ T5112] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  606.414087][ T5112] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  606.425920][ T5112] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  606.435048][ T5112] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  606.444228][ T5112] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.523766][    C0] raw-gadget.0 gadget.0: ignoring, device is not running
[  608.535982][ T5112] usb 1-1: can't set config #27, error -32
[  608.563652][ T5112] usb 1-1: USB disconnect, device number 20
[  619.912666][   T45] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  620.407680][   T45] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  620.595917][   T45] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  621.913231][   T45] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  621.922317][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.019300][   T45] usb 4-1: can't set config #27, error -71
[  622.076225][   T45] usb 4-1: USB disconnect, device number 36
[  624.301904][T12461] loop0: detected capacity change from 0 to 2048
[  624.415698][T12461] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  624.574007][T12467] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  624.663438][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  624.669837][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  625.950692][T12485] xt_TPROXY: Can be used only with -p tcp or -p udp
[  626.315107][    T8] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  627.701614][T12497] loop1: detected capacity change from 0 to 512
[  627.739247][T12497] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  628.517769][T12501] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  629.345217][    T8] usb 5-1: device not accepting address 33, error -71
[  631.615996][T12519] ALSA: seq fatal error: cannot create timer (-22)
[  632.780451][T12526] loop2: detected capacity change from 0 to 2048
[  632.847613][T12526] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  632.938564][T12530] xt_TPROXY: Can be used only with -p tcp or -p udp
[  633.393254][ T5114] Bluetooth: hci4: command 0x0406 tx timeout
[  634.045863][T12543] loop3: detected capacity change from 0 to 128
[  634.069758][T12543] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  634.164610][T12545] loop2: detected capacity change from 0 to 512
[  634.173876][   T25] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  634.180442][T12545] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  634.424628][   T25] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  634.451808][   T25] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  634.473943][   T25] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  634.966715][T12550] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  635.366578][   T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  635.375741][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.528683][   T25] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -2
[  635.618103][T12529] loop1: detected capacity change from 0 to 32768
[  635.653558][T12529] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12529)
[  635.690034][   T25] usb 1-1: USB disconnect, device number 21
[  635.712218][T12529] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  635.732280][T12529] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  635.757693][T12529] BTRFS info (device loop1): using free-space-tree
[  635.875179][T12529] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  635.875976][T12529] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  636.047334][T12529] BTRFS error (device loop1): open_ctree failed
[  637.136206][T12579] ALSA: seq fatal error: cannot create timer (-22)
[  637.267646][T12554] loop2: detected capacity change from 0 to 32768
[  637.286425][T12554] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12554)
[  637.488649][T12554] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  637.517519][T12554] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  637.534301][T12554] BTRFS info (device loop2): using free-space-tree
[  637.541911][T12556] loop3: detected capacity change from 0 to 32768
[  637.550317][T12556] XFS: attr2 mount option is deprecated.
[  637.764147][T12556] XFS: noikeep mount option is deprecated.
[  638.307925][T12556] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  638.550899][T12556] XFS (loop3): Ending clean mount
[  639.020525][T12556] XFS (loop3): Quotacheck needed: Please wait.
[  639.218749][T12554] BTRFS error (device loop2): open_ctree failed
[  639.336206][T12556] XFS (loop3): Quotacheck: Done.
[  639.460962][T10989] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  639.665009][   T29] audit: type=1326 audit(1717932441.492:3171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12615 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54c447cf69 code=0x0
[  639.753319][T12584] loop4: detected capacity change from 0 to 32768
[  639.787228][T12619] loop0: detected capacity change from 0 to 256
[  639.837156][T12584] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  639.918101][T12625] loop2: detected capacity change from 0 to 2048
[  639.978546][T12603] loop1: detected capacity change from 0 to 32768
[  639.987281][T12603] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12603)
[  640.000968][T12584] XFS (loop4): Ending clean mount
[  640.034095][T12625] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  640.047325][T12603] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  640.080950][T12603] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  640.092598][T12603] BTRFS info (device loop1): using free-space-tree
[  640.115301][T12630] loop3: detected capacity change from 0 to 512
[  640.125746][T12584] XFS (loop4): Metadata CRC error detected at xfs_rmapbt_read_verify+0x41/0xd0, xfs_rmapbt block 0x14 
[  640.128294][T12630] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  640.149699][T12584] XFS (loop4): Unmount and run xfs_repair
[  640.156538][T12584] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  640.165816][T12584] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  640.187882][T12584] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80  ..P.............
[  640.432651][T12584] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  640.441567][T12584] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  640.983607][T12648] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  641.329866][T12584] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  641.341655][T12584] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  641.439112][T12584] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  641.452622][T12584] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  641.494729][ T6658] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  641.498239][T12584] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x14 len 4 error 74
[  641.685545][T12584] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  641.731925][T12584] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  641.810412][ T5109] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  642.002575][   T25] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  642.516935][T12661] loop1: detected capacity change from 0 to 256
[  642.528256][T12661] exfat: Deprecated parameter 'utf8'
[  642.535051][T12661] exfat: Deprecated parameter 'utf8'
[  642.540439][T12661] exfat: Unknown parameter 'öÔ„ŠÛµ.Ý)'
[  642.563636][   T25] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  642.679578][  T783] IPVS: starting estimator thread 0...
[  642.764978][   T25] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  643.029595][T12662] IPVS: using max 17 ests per chain, 40800 per kthread
[  643.133395][   T25] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  643.149003][   T25] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  643.158283][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.183435][T12653] loop3: detected capacity change from 0 to 32768
[  643.212730][T12653] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (12653)
[  643.217596][   T25] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2
[  643.253748][T12653] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  643.271479][T12653] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  643.280518][T12653] BTRFS info (device loop3): using free-space-tree
[  643.380653][   T25] usb 3-1: USB disconnect, device number 45
[  643.407828][T12655] loop0: detected capacity change from 0 to 40427
[  643.428319][T12655] F2FS-fs (loop0): Found nat_bits in checkpoint
[  643.521408][T12655] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  643.522917][T10989] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  643.622318][T12687] loop4: detected capacity change from 0 to 512
[  643.635406][T12687] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  645.042980][T10574] syz-executor.0: attempt to access beyond end of device
[  645.042980][T10574] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  645.245611][T10574] syz-executor.0: attempt to access beyond end of device
[  645.245611][T10574] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  646.005196][T12702] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  648.378023][T12714] loop4: detected capacity change from 0 to 512
[  648.412735][   T29] audit: type=1326 audit(1717932450.222:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12711 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f414a27cf69 code=0x0
[  648.448048][   T12] kworker/u8:1: attempt to access beyond end of device
[  648.448048][   T12] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  648.480733][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  648.507444][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  648.510287][T12719] loop2: detected capacity change from 0 to 256
[  648.533046][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  648.540150][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  648.731606][T12721] loop3: detected capacity change from 0 to 2048
[  648.785690][T12721] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  649.031811][ T2436] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.282351][ T2436] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.690990][T12732] loop3: detected capacity change from 0 to 256
[  649.698540][T12732] exfat: Deprecated parameter 'utf8'
[  649.704601][T12732] exfat: Deprecated parameter 'utf8'
[  649.709952][T12732] exfat: Unknown parameter 'öÔ„ŠÛµ.Ý)'
[  649.843108][   T25] IPVS: starting estimator thread 0...
[  650.032703][T12733] IPVS: using max 16 ests per chain, 38400 per kthread
[  650.108559][ T2436] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.479455][T12716] loop1: detected capacity change from 0 to 40427
[  650.550193][ T2436] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.623999][T12716] F2FS-fs (loop1): Found nat_bits in checkpoint
[  651.495433][ T2436] bridge_slave_1: left allmulticast mode
[  651.524054][ T2436] bridge_slave_1: left promiscuous mode
[  651.547946][ T2436] bridge0: port 2(bridge_slave_1) entered disabled state
[  651.561021][ T5163] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  651.613328][ T2436] bridge_slave_0: left allmulticast mode
[  651.632923][ T2436] bridge_slave_0: left promiscuous mode
[  651.640041][ T2436] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.765428][ T5163] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  651.822480][ T5163] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  651.880843][ T5163] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  652.625621][ T5114] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  652.628779][ T5163] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  652.636847][ T5114] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  652.641922][ T5163] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.661462][ T5114] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  652.673696][ T5114] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  652.681419][ T5114] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  652.685741][ T5163] usb 4-1: invalid MIDI out EP 0
[  652.688910][ T5114] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  653.018872][ T5163] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  653.030057][T12758] loop2: detected capacity change from 0 to 512
[  653.031211][T12758] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  653.807600][T12760] loop4: detected capacity change from 0 to 2048
[  653.823018][ T5163] usb 4-1: USB disconnect, device number 37
[  653.850176][T12760] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  654.594834][T12765] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  654.938422][ T5114] Bluetooth: hci3: command tx timeout
[  655.146279][T12769] loop3: detected capacity change from 0 to 512
[  656.079132][ T2436] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  656.165322][ T2436] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  656.221316][T12780] loop3: detected capacity change from 0 to 1024
[  656.233714][ T2436] bond0 (unregistering): Released all slaves
[  656.993405][ T5114] Bluetooth: hci3: command tx timeout
[  657.419699][T12772] loop2: detected capacity change from 0 to 40427
[  657.468729][T12772] F2FS-fs (loop2): Found nat_bits in checkpoint
[  657.627646][T12772] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  657.885865][ T2436] hsr_slave_0: left promiscuous mode
[  657.905209][ T2436] hsr_slave_1: left promiscuous mode
[  657.926256][ T2436] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  657.937142][ T2436] batman_adv: batadv0: Removing interface: batadv_slave_0
[  658.391378][ T2436] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  658.689428][ T2436] batman_adv: batadv0: Removing interface: batadv_slave_1
[  658.699710][ T5461] syz-executor.2: attempt to access beyond end of device
[  658.699710][ T5461] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  658.733670][ T5461] syz-executor.2: attempt to access beyond end of device
[  658.733670][ T5461] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  658.797295][ T2436] veth1_macvtap: left promiscuous mode
[  658.829394][ T2436] veth0_macvtap: left promiscuous mode
[  658.842863][ T2436] veth1_vlan: left promiscuous mode
[  658.869267][ T2436] veth0_vlan: left promiscuous mode
[  658.958292][  T958] kworker/u8:5: attempt to access beyond end of device
[  658.958292][  T958] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  659.012143][  T958] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  659.021615][  T958] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  659.035172][  T958] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  659.042721][  T958] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  659.080036][ T5114] Bluetooth: hci3: command tx timeout
[  659.427306][   T29] audit: type=1326 audit(1717932461.242:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.504774][   T29] audit: type=1326 audit(1717932461.242:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.560328][   T29] audit: type=1326 audit(1717932461.242:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.612682][   T29] audit: type=1326 audit(1717932461.242:3176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.655881][   T29] audit: type=1326 audit(1717932461.252:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.706673][   T29] audit: type=1326 audit(1717932461.252:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.775307][   T29] audit: type=1326 audit(1717932461.252:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.842154][   T29] audit: type=1326 audit(1717932461.252:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.892689][   T29] audit: type=1326 audit(1717932461.252:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  659.956352][   T29] audit: type=1326 audit(1717932461.252:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  660.164525][ T2436] team0 (unregistering): Port device team_slave_1 removed
[  660.242584][ T2436] team0 (unregistering): Port device team_slave_0 removed
[  661.154326][ T5114] Bluetooth: hci3: command tx timeout
[  661.239715][T12850] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  661.426166][T12750] chnl_net:caif_netlink_parms(): no params data found
[  661.770365][T12750] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.803612][T12750] bridge0: port 1(bridge_slave_0) entered disabled state
[  661.810841][T12750] bridge_slave_0: entered allmulticast mode
[  661.835721][T12750] bridge_slave_0: entered promiscuous mode
[  661.860172][T12750] bridge0: port 2(bridge_slave_1) entered blocking state
[  661.892261][T12750] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.907473][T12750] bridge_slave_1: entered allmulticast mode
[  661.927354][T12750] bridge_slave_1: entered promiscuous mode
[  662.022120][T12750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  662.065873][T12750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  662.169176][ T2436] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.341873][T12879] loop1: detected capacity change from 0 to 2048
[  662.449336][T12879] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  662.466003][ T2436] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.517671][T12879] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz-executor.1: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  662.538422][ T5127] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  662.549083][T12750] team0: Port device team_slave_0 added
[  662.549176][ T5127] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  662.564069][ T5127] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  662.576331][T12879] EXT4-fs (loop1): Remounting filesystem read-only
[  662.587038][ T5127] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  662.596247][ T5127] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  662.604580][ T5127] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  662.678846][ T2436] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.753825][T12750] team0: Port device team_slave_1 added
[  662.944499][ T2436] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.993551][T12750] batman_adv: batadv0: Adding interface: batadv_slave_0
[  663.000526][T12750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  663.027396][T12899] loop3: detected capacity change from 0 to 512
[  663.035758][T12899] EXT4-fs: Ignoring removed nomblk_io_submit option
[  663.049658][T12750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  663.063654][T12750] batman_adv: batadv0: Adding interface: batadv_slave_1
[  663.076340][T12899] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=846c118, mo2=0002]
[  663.084685][T12899] EXT4-fs (loop3): orphan cleanup on readonly fs
[  663.095965][T12899] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  663.104085][T12750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  663.172489][T12750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  663.173277][T12899] EXT4-fs (loop3): 1 truncate cleaned up
[  663.246482][ T6658] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  663.264030][T12899] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  663.302199][T12899] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  663.341258][T12750] hsr_slave_0: entered promiscuous mode
[  663.361915][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  663.376764][T12750] hsr_slave_1: entered promiscuous mode
[  663.673055][ T2436] bridge_slave_1: left allmulticast mode
[  663.681138][ T2436] bridge_slave_1: left promiscuous mode
[  663.696218][ T2436] bridge0: port 2(bridge_slave_1) entered disabled state
[  663.715513][ T2436] bridge_slave_0: left allmulticast mode
[  663.728981][ T2436] bridge_slave_0: left promiscuous mode
[  663.740532][ T2436] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.161840][T12904] loop3: detected capacity change from 0 to 32768
[  664.223879][T12906] loop1: detected capacity change from 0 to 32768
[  664.233661][T12906] bcachefs (/dev/loop1): error reading default superblock: checksum error, type crc32c_nonzero: got 2859f616 should be 29d2fb78
[  664.336433][T12906] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names
[  664.349815][T12906] bcachefs (loop1): recovering from clean shutdown, journal seq 7
[  664.358429][T12906] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  664.358429][T12906]   running recovery passes: check_allocations
[  664.359935][T12904] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  664.393341][T12904] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  664.405567][T12904] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  664.405567][T12904]   running recovery passes: check_allocations
[  664.454309][T12904] bcachefs (loop3): accounting_read... done
[  664.461497][T12906] bcachefs (loop1): accounting_read... done
[  664.470080][T12906] bcachefs (loop1): alloc_read... done
[  664.475852][T12906] bcachefs (loop1): stripes_read... done
[  664.479481][T12904] bcachefs (loop3): alloc_read...
[  664.481601][T12906] bcachefs (loop1): snapshots_read...
[  664.481718][T12904]  done
[  664.487932][T12906]  done
[  664.498136][T12904] bcachefs (loop3): stripes_read...
[  664.498307][T12906] bcachefs (loop1): check_allocations...
[  664.500206][T12904]  done
[  664.513523][T12904] bcachefs (loop3): snapshots_read... done
[  664.517098][T12906] bcachefs (loop1): pointer to nonexistent bucket 0:65660
[  664.519455][T12904] bcachefs (loop3): check_allocations...
[  664.532579][T12906] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 7
[  664.548057][T12904] btree ptr not marked in member info btree allocated bitmap
[  664.548626][T12904]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  664.549952][T12906] bcachefs (loop1): bch2_gc_mark_key(): error EIO
[  664.579869][T12906] bcachefs (loop1): bch2_gc_btree(): error EIO
[  664.587218][T12904] bcachefs (loop3): inconsistency detected - emergency read only at journal seq 10
[  664.598952][T12906] btree node read error for alloc, shutting down
[  664.600172][T12904] bcachefs (loop3): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  664.614640][T12904] bcachefs (loop3): bch2_gc_btree(): error fsck_errors_not_fixed
[  664.620717][T12906] bcachefs (loop1): bch2_gc_btrees(): error fsck_errors_not_fixed
[  664.629548][T12904] bcachefs (loop3): bch2_gc_btrees(): error fsck_errors_not_fixed
[  664.656805][T12904] bcachefs (loop3): bch2_check_allocations(): error fsck_errors_not_fixed
[  664.656805][T12906] bcachefs (loop1): bch2_check_allocations(): error fsck_errors_not_fixed
[  664.666295][T12904] bcachefs (loop3): bch2_fs_recovery(): error fsck_errors_not_fixed
[  664.674112][ T5127] Bluetooth: hci1: command tx timeout
[  664.682229][T12904] bcachefs (loop3): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  664.695179][T12906] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed
[  664.707984][T12906] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  664.714074][T12904] bcachefs (loop3): shutting down
[  664.722834][T12906] bcachefs (loop1): shutting down
[  664.779070][T12906] bcachefs (loop1): shutdown complete
[  664.786186][T12904] bcachefs (loop3): shutdown complete
[  664.870569][ T2436] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  664.884560][ T2436] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  664.897382][ T2436] bond0 (unregistering): Released all slaves
[  665.547982][T12926] loop4: detected capacity change from 0 to 32768
[  665.573591][T12926] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (12926)
[  665.591593][T12926] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  665.609471][T12926] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  665.620959][T12926] BTRFS info (device loop4): using free-space-tree
[  665.673632][T12906] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  665.711739][T12906] overlayfs: overlapping lowerdir path
[  665.773603][ T2436] hsr_slave_0: left promiscuous mode
[  665.803541][T12926] BTRFS info (device loop4): rebuilding free space tree
[  665.813361][ T2436] hsr_slave_1: left promiscuous mode
[  665.830174][ T2436] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  665.839576][ T2436] batman_adv: batadv0: Removing interface: batadv_slave_0
[  665.848900][ T2436] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  665.856627][ T2436] batman_adv: batadv0: Removing interface: batadv_slave_1
[  665.891390][ T2436] veth1_macvtap: left promiscuous mode
[  665.897089][ T2436] veth0_macvtap: left promiscuous mode
[  665.903044][ T2436] veth1_vlan: left promiscuous mode
[  665.914913][ T2436] veth0_vlan: left promiscuous mode
[  665.920680][ T5109] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  666.583616][T12957] loop3: detected capacity change from 0 to 2048
[  666.601469][T12957] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  666.611520][T12957] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  666.630760][T12957] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 1)!
[  666.641319][T12957] EXT4-fs (loop3): group descriptors corrupted!
[  666.763887][ T5127] Bluetooth: hci1: command tx timeout
[  666.874215][T12949] loop4: detected capacity change from 0 to 32768
[  666.895324][T12949] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (12949)
[  666.949411][T12949] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  666.976913][T12949] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  666.996288][T12949] BTRFS error (device loop4): cannot disable free-space-tree
[  667.019481][T12949] BTRFS error (device loop4): open_ctree failed
[  667.184767][ T2436] team0 (unregistering): Port device team_slave_1 removed
[  667.271591][T12969] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program
[  667.281066][ T2436] team0 (unregistering): Port device team_slave_0 removed
[  667.494148][ T5163] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  667.501596][ T5163] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  667.546367][ T5163] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  667.798062][T12979] loop4: detected capacity change from 0 to 32768
[  667.829612][T12979] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (12979)
[  667.851918][T12979] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  667.862249][T12979] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  667.871025][T12979] BTRFS info (device loop4): using free-space-tree
[  668.449521][ T5109] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  668.489131][T13008] trusted_key: syz-executor.3 sent an empty control message without MSG_MORE.
[  668.640051][T13010] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  668.760264][T12888] chnl_net:caif_netlink_parms(): no params data found
[  668.795427][T13013] syz-executor.4[13013] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  668.795586][T13013] syz-executor.4[13013] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  668.833217][ T5127] Bluetooth: hci1: command tx timeout
[  668.838517][T13013] syz-executor.4[13013] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  668.869387][T13016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  668.908020][T13013] syz-executor.4[13013] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  669.128226][T12888] bridge0: port 1(bridge_slave_0) entered blocking state
[  669.147885][T12888] bridge0: port 1(bridge_slave_0) entered disabled state
[  669.155813][T12888] bridge_slave_0: entered allmulticast mode
[  669.165501][T12888] bridge_slave_0: entered promiscuous mode
[  669.174692][T12888] bridge0: port 2(bridge_slave_1) entered blocking state
[  669.181978][T12888] bridge0: port 2(bridge_slave_1) entered disabled state
[  669.227377][T12888] bridge_slave_1: entered allmulticast mode
[  669.261475][T12888] bridge_slave_1: entered promiscuous mode
[  669.320496][T12888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  669.390516][T12888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  669.495969][T12888] team0: Port device team_slave_0 added
[  669.520916][T12750] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  669.549330][T12888] team0: Port device team_slave_1 added
[  669.587882][T12750] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  669.608184][T12750] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  669.642950][T12750] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  669.681158][T12888] batman_adv: batadv0: Adding interface: batadv_slave_0
[  669.701315][T12888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  669.749095][T12888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  669.775309][T12888] batman_adv: batadv0: Adding interface: batadv_slave_1
[  669.792444][T12888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  669.843618][T12888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  670.003366][T12888] hsr_slave_0: entered promiscuous mode
[  670.027748][T12888] hsr_slave_1: entered promiscuous mode
[  670.034382][T12888] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  670.041955][T12888] Cannot create hsr debugfs directory
[  670.300625][T13039] loop3: detected capacity change from 0 to 32768
[  670.308923][T13039] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (13039)
[  670.349565][T13039] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  670.360104][T13039] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  670.368846][T13039] BTRFS info (device loop3): using free-space-tree
[  670.691988][T12750] 8021q: adding VLAN 0 to HW filter on device bond0
[  670.718018][T12750] 8021q: adding VLAN 0 to HW filter on device team0
[  670.933575][ T5127] Bluetooth: hci1: command tx timeout
[  671.260289][ T5208] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.267517][ T5208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  671.303206][  T783] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.303718][T10989] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  671.310469][  T783] bridge0: port 2(bridge_slave_1) entered forwarding state
[  672.030892][T12888] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  672.068708][T12888] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  672.124368][T12888] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  672.150054][T12888] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  672.178047][T12750] 8021q: adding VLAN 0 to HW filter on device batadv0
[  672.182520][ T5162] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  672.382583][ T5162] usb 4-1: Using ep0 maxpacket: 8
[  672.390753][ T5162] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  672.394577][T12750] veth0_vlan: entered promiscuous mode
[  672.417855][ T5162] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.456404][T13090] loop4: detected capacity change from 0 to 2048
[  672.458633][T12888] 8021q: adding VLAN 0 to HW filter on device bond0
[  672.471631][ T5162] usb 4-1: config 0 descriptor??
[  672.489680][T12750] veth1_vlan: entered promiscuous mode
[  672.545272][T12888] 8021q: adding VLAN 0 to HW filter on device team0
[  672.587520][T13090]  loop4: p1 < > p4
[  672.618833][  T783] bridge0: port 1(bridge_slave_0) entered blocking state
[  672.622352][T13090] loop4: p4 size 8388608 extends beyond EOD, 
[  672.626025][  T783] bridge0: port 1(bridge_slave_0) entered forwarding state
[  672.650102][T13090] truncated
[  672.668249][  T783] bridge0: port 2(bridge_slave_1) entered blocking state
[  672.675456][  T783] bridge0: port 2(bridge_slave_1) entered forwarding state
[  672.692126][ T5162] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  672.730308][ T5162] asix 4-1:0.0: probe with driver asix failed with error -71
[  672.765333][ T5162] usb 4-1: USB disconnect, device number 38
[  672.797540][T12750] veth0_macvtap: entered promiscuous mode
[  672.828317][T12750] veth1_macvtap: entered promiscuous mode
[  672.896988][T12750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.922703][T12750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.942834][T12750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.967140][T12750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.989492][T12750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  673.012633][T12750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.027679][T12750] batman_adv: batadv0: Interface activated: batadv_slave_0
[  673.051892][T12750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.078398][T12750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.112586][T12750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.132547][T12750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.148180][T12750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.160740][T12750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.174414][T12750] batman_adv: batadv0: Interface activated: batadv_slave_1
[  673.210942][T12750] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  673.242163][T12750] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  673.262455][T12750] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  673.271180][T12750] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  673.326381][T12888] 8021q: adding VLAN 0 to HW filter on device batadv0
[  673.488685][ T2436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  673.508462][ T2436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.538638][T12888] veth0_vlan: entered promiscuous mode
[  673.602517][  T958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  673.609353][T12888] veth1_vlan: entered promiscuous mode
[  673.616797][  T958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.708755][T12888] veth0_macvtap: entered promiscuous mode
[  673.723679][T12888] veth1_macvtap: entered promiscuous mode
[  673.766934][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  673.791952][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.817740][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  673.842933][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.862537][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  673.887411][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.909572][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  673.931494][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.964975][T12888] batman_adv: batadv0: Interface activated: batadv_slave_0
[  673.987326][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.998063][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.025728][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  674.055577][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.076311][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  674.093028][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.104479][T12888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  674.122371][T12888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.146603][T12888] batman_adv: batadv0: Interface activated: batadv_slave_1
[  674.183313][T12888] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  674.198606][T12888] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  674.216367][T12888] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  674.225913][T12888] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  674.382069][T12406] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  674.429602][T12406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  674.496178][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  674.516065][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  674.723958][T13120] loop0: detected capacity change from 0 to 1024
[  674.808326][T13120] loop0: detected capacity change from 0 to 256
[  674.911096][T13120] FAT-fs (loop0): Directory bread(block 64) failed
[  674.941144][T13120] FAT-fs (loop0): Directory bread(block 65) failed
[  674.960694][T13120] FAT-fs (loop0): Directory bread(block 66) failed
[  674.987081][T13120] FAT-fs (loop0): Directory bread(block 67) failed
[  675.011757][T13120] FAT-fs (loop0): Directory bread(block 68) failed
[  675.026391][T13120] FAT-fs (loop0): Directory bread(block 69) failed
[  675.041098][T13120] FAT-fs (loop0): Directory bread(block 70) failed
[  675.054578][T13120] FAT-fs (loop0): Directory bread(block 71) failed
[  675.069217][T13120] FAT-fs (loop0): Directory bread(block 72) failed
[  675.083828][T13120] FAT-fs (loop0): Directory bread(block 73) failed
[  675.347751][T13118] loop3: detected capacity change from 0 to 32768
[  675.356887][T13118] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (13118)
[  675.379376][T13118] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  675.391837][T13118] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  675.408734][T13118] BTRFS info (device loop3): using free-space-tree
[  675.531571][T13118] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  675.627954][T10989] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  676.314504][T13176] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  676.352805][T13176] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  676.806945][T13189] loop2: detected capacity change from 0 to 256
[  676.848407][T13189] FAT-fs (loop2): Unrecognized mount option "iocharset=" or missing value
[  677.074892][T13157] loop4: detected capacity change from 0 to 32768
[  677.110839][T13197] loop2: detected capacity change from 0 to 1024
[  677.123037][T13157] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (13157)
[  677.339170][T13157] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  677.369633][T13157] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  678.702721][T13157] BTRFS info (device loop4): using free-space-tree
[  678.731367][T13198] loop3: detected capacity change from 0 to 256
[  678.972717][T13198] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d)
[  679.060539][ T5109] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  679.543158][T13233] loop2: detected capacity change from 0 to 2048
[  679.579936][T13233] EXT4-fs: Ignoring removed mblk_io_submit option
[  679.634080][T13238] loop0: detected capacity change from 0 to 512
[  679.675978][T13238] EXT4-fs (loop0): blocks per group (71) and clusters per group (20800) inconsistent
[  679.689350][T13233] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  679.784869][T12888] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  679.918130][T13246] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  679.967011][T13249] loop2: detected capacity change from 0 to 256
[  680.019842][T13246] team0: Failed to send options change via netlink (err -105)
[  680.020491][T13249] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  680.037902][T13246] team0: Port device netdevsim0 added
[  680.056657][   T25] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  680.076102][T13249] FAT-fs (loop2): Filesystem has been set read-only
[  680.083303][T13250] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  680.132788][T13249] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  680.148055][T13249] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  680.148559][T13250] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  680.180246][   T29] kauditd_printk_skb: 24 callbacks suppressed
[  680.180263][   T29] audit: type=1800 audit(1717932481.992:3207): pid=13249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file1" dev="loop2" ino=1048630 res=0 errno=0
[  680.232748][T13250] team0: Failed to send options change via netlink (err -105)
[  680.246828][T13250] team0: Port device dummy0 added
[  680.367812][T13257] vlan2: entered allmulticast mode
[  680.372553][ T5208] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  680.388169][T13257] team0: entered allmulticast mode
[  680.403932][T13257] team_slave_0: entered allmulticast mode
[  680.416367][T13257] team_slave_1: entered allmulticast mode
[  680.454952][T13257] team0: left allmulticast mode
[  680.460073][T13257] team_slave_0: left allmulticast mode
[  680.468310][T13257] team_slave_1: left allmulticast mode
[  680.545113][T13259] mac80211_hwsim hwsim27 wlan1: entered promiscuous mode
[  680.558797][T13259] mac80211_hwsim hwsim27 wlan1: entered allmulticast mode
[  680.567923][ T5208] usb 5-1: config 0 has an invalid interface number: 98 but max is 0
[  680.578602][ T5208] usb 5-1: config 0 has no interface number 0
[  680.585458][ T5208] usb 5-1: New USB device found, idVendor=2040, idProduct=7201, bcdDevice=1f.2f
[  680.617257][ T5208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.630203][ T5208] usb 5-1: config 0 descriptor??
[  680.804665][T13255] loop1: detected capacity change from 0 to 32768
[  680.815907][T13255] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (13255)
[  680.853874][T10783] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  680.862865][ T5208] usb 5-1: USB disconnect, device number 35
[  680.880123][T13255] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  680.894055][T13255] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  680.906372][T13255] BTRFS info (device loop1): using free-space-tree
[  681.056735][T10783] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  681.067177][T10783] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10
[  681.084724][T10783] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  681.102487][T10783] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  681.111723][T10783] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.127875][T10783] usb 4-1: invalid MIDI out EP 0
[  681.176469][T10783] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  681.327885][ T5208] usb 4-1: USB disconnect, device number 39
[  681.353865][T13255] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  681.525655][T13294] loop0: detected capacity change from 0 to 16384
[  681.611941][ T6658] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  681.827385][   T57] I/O error, dev loop0, sector 384 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  681.843018][   T57] buffer_io_error: 6 callbacks suppressed
[  681.843036][   T57] Buffer I/O error on dev loop0, logical block 48, lost async page write
[  681.862123][T12750] I/O error, dev loop0, sector 392 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  681.874293][T12750] Buffer I/O error on dev loop0, logical block 49, lost async page write
[  683.061418][T13313] ptrace attach of "/root/syz-executor.4 exec"[5109] was attempted by "/root/syz-executor.4 exec"[13313]
[  683.098480][T13313] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  683.683588][ T5208] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  683.882654][ T5208] usb 3-1: Using ep0 maxpacket: 16
[  683.893089][T13304] loop3: detected capacity change from 0 to 32768
[  683.905924][ T5208] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  683.926770][T13304] gfs2: fsid=_œ[{{{+: Trying to join cluster "lock_nolock", "_œ[{{{+"
[  683.938778][T13304] gfs2: fsid=_œ[{{{+: unknown hostdata (2)
[  683.942459][ T5208] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.971681][ T5208] usb 3-1: Product: syz
[  683.976161][ T5208] usb 3-1: Manufacturer: syz
[  683.980801][ T5208] usb 3-1: SerialNumber: syz
[  683.993070][ T5208] usb 3-1: config 0 descriptor??
[  684.000561][ T5208] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  684.034492][ T5208] usb 3-1: Detected FT232H
[  684.155427][T13337] loop0: detected capacity change from 0 to 256
[  684.171832][T13329] loop1: detected capacity change from 0 to 32768
[  684.201481][T13337] FAT-fs (loop0): Directory bread(block 64) failed
[  684.211966][T13337] FAT-fs (loop0): Directory bread(block 65) failed
[  684.212095][T13329] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (13329)
[  684.222738][ T5208] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  684.239015][T13337] FAT-fs (loop0): Directory bread(block 66) failed
[  684.247339][T13337] FAT-fs (loop0): Directory bread(block 67) failed
[  684.254486][T13337] FAT-fs (loop0): Directory bread(block 68) failed
[  684.261234][T13337] FAT-fs (loop0): Directory bread(block 69) failed
[  684.270517][T13329] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  684.280995][T13337] FAT-fs (loop0): Directory bread(block 70) failed
[  684.293318][T13337] FAT-fs (loop0): Directory bread(block 71) failed
[  684.300097][T13329] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  684.318810][T13337] FAT-fs (loop0): Directory bread(block 72) failed
[  684.325712][T13329] BTRFS info (device loop1): using free-space-tree
[  684.332649][T13337] FAT-fs (loop0): Directory bread(block 73) failed
[  684.410271][T13337] syz-executor.0: attempt to access beyond end of device
[  684.410271][T13337] loop0: rw=2049, sector=1224, nr_sectors = 120 limit=256
[  684.492767][ T5208] ftdi_sio 3-1:0.0: GPIO initialisation failed: -5
[  684.536295][ T5208] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  684.615678][T13333] loop4: detected capacity change from 0 to 32768
[  684.639728][T13329] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  684.787054][T13333] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names
[  684.800032][T13333] bcachefs (loop4): recovering from clean shutdown, journal seq 7
[  684.808055][T13333] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  684.808055][T13333]   running recovery passes: check_allocations
[  684.958216][T13333] bcachefs (loop4): accounting_read... done
[  684.994665][T13333] bcachefs (loop4): alloc_read... done
[  685.006305][T13333] bcachefs (loop4): stripes_read... done
[  685.020082][T13333] bcachefs (loop4): snapshots_read... done
[  685.041835][T13333] bcachefs (loop4): check_allocations...
[  685.047972][T13333] btree ptr not marked in member info btree allocated bitmap
[  685.047992][T13333]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  685.062067][T13329] syz-executor.1 (13329) used greatest stack depth: 17560 bytes left
[  685.095536][T13333] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 7
[  685.107891][T13333] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  685.117003][T13333] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed
[  685.123169][ T6658] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  685.142565][T13333] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed
[  685.159503][T13333] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed
[  685.168644][T13333] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed
[  685.181341][T13333] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  685.203130][T13333] bcachefs (loop4): shutting down
[  685.263332][T13333] bcachefs (loop4): shutdown complete
[  685.939548][T13380] loop3: detected capacity change from 0 to 32768
[  686.020201][T13380] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  686.039284][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  686.045673][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  686.140084][T13391] ptrace attach of "/root/syz-executor.0 exec"[12750] was attempted by "/root/syz-executor.0 exec"[13391]
[  686.159385][T13391] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  686.185589][T13380] XFS (loop3): Ending clean mount
[  686.197249][T13380] XFS (loop3): Quotacheck needed: Please wait.
[  686.272989][T13380] XFS (loop3): Quotacheck: Done.
[  686.370562][ T5162] usb 3-1: USB disconnect, device number 46
[  686.419074][ T5162] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  686.452919][T10989] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  686.460910][ T5162] ftdi_sio 3-1:0.0: device disconnected
[  686.758910][T13398] loop0: detected capacity change from 0 to 256
[  686.822338][T13396] loop2: detected capacity change from 0 to 2048
[  687.002029][T13398] syz-executor.0: attempt to access beyond end of device
[  687.002029][T13398] loop0: rw=2049, sector=256, nr_sectors = 96 limit=256
[  687.076257][T13402] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  687.097373][T13403] warning: `syz-executor.4' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  687.676665][T13378] loop1: detected capacity change from 0 to 32768
[  687.716983][T13378] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (13378)
[  687.753678][   T29] audit: type=1800 audit(1717932489.522:3208): pid=13396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="loop2" ino=16 res=0 errno=0
[  687.837606][T13378] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  687.865708][T13378] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  687.932610][T13378] BTRFS info (device loop1): using free-space-tree
[  688.071326][T13426] loop0: detected capacity change from 0 to 512
[  688.195284][ T6658] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  688.379042][T13426] EXT4-fs: Ignoring removed nobh option
[  688.411286][T13426] EXT4-fs (loop0): Test dummy encryption mode enabled
[  688.438013][T13426] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  688.465394][T13442] loop2: detected capacity change from 0 to 2048
[  688.472496][T13426] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  688.536625][T13426] EXT4-fs (loop0): 1 truncate cleaned up
[  688.546947][T13426] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  688.595931][T13442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  688.735714][T12750] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  688.791271][T13449] loop1: detected capacity change from 0 to 256
[  688.861024][T13449] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  688.891623][T12888] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  688.929730][T13449] syz-executor.1: attempt to access beyond end of device
[  688.929730][T13449] loop1: rw=524288, sector=280, nr_sectors = 128 limit=256
[  688.959839][T13449] syz-executor.1: attempt to access beyond end of device
[  688.959839][T13449] loop1: rw=524288, sector=408, nr_sectors = 256 limit=256
[  688.986756][T13451] loop0: detected capacity change from 0 to 2048
[  688.996416][T13449] syz-executor.1: attempt to access beyond end of device
[  688.996416][T13449] loop1: rw=0, sector=280, nr_sectors = 8 limit=256
[  689.029959][   T29] audit: type=1800 audit(1717932490.852:3209): pid=13449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="file1" dev="loop1" ino=1048633 res=0 errno=0
[  689.051714][T13451] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  689.906672][T13466] ptrace attach of "/root/syz-executor.3 exec"[10989] was attempted by "/root/syz-executor.3 exec"[13466]
[  690.000654][T13466] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  690.025133][T13457] loop2: detected capacity change from 0 to 4096
[  690.055972][T12750] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  690.067109][T13457] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  690.111047][T13457] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  690.258773][T13471] loop0: detected capacity change from 0 to 256
[  690.294266][   T61] ntfs3: loop2: ino=5, ntfs3_write_inode failed, -22.
[  690.317187][T13471] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x72685a33, utbl_chksum : 0xe619d30d)
[  690.332058][T13474] loop3: detected capacity change from 0 to 512
[  690.383701][T13474] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  690.416244][T13478] loop4: detected capacity change from 0 to 256
[  690.428056][T13474] ext4 filesystem being mounted at /root/syzkaller-testdir2875248258/syzkaller.bBFHU0/132/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  690.521936][T13478] FAT-fs (loop4): Directory bread(block 64) failed
[  690.558530][T13478] FAT-fs (loop4): Directory bread(block 65) failed
[  690.572611][T13478] FAT-fs (loop4): Directory bread(block 66) failed
[  690.579169][T13478] FAT-fs (loop4): Directory bread(block 67) failed
[  690.642594][T13478] FAT-fs (loop4): Directory bread(block 68) failed
[  690.649159][T13478] FAT-fs (loop4): Directory bread(block 69) failed
[  690.702699][T13478] FAT-fs (loop4): Directory bread(block 70) failed
[  690.707965][T13467] loop1: detected capacity change from 0 to 32768
[  690.710445][T13478] FAT-fs (loop4): Directory bread(block 71) failed
[  690.728919][T13478] FAT-fs (loop4): Directory bread(block 72) failed
[  690.736955][T13478] FAT-fs (loop4): Directory bread(block 73) failed
[  690.755345][T13482] loop0: detected capacity change from 0 to 4096
[  690.768097][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  690.774747][T13482] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512).
[  690.872146][T13482] ntfs3: loop0: Failed to initialize $Extend/$ObjId.
[  690.931722][T13467] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names
[  690.956418][T13467] bcachefs (loop1): recovering from clean shutdown, journal seq 8
[  690.967054][T13467] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  690.967054][T13467]   running recovery passes: check_allocations
[  691.020847][T13467] bcachefs (loop1): accounting_read... done
[  691.031012][T13494] loop3: detected capacity change from 0 to 2048
[  691.033188][T13467] bcachefs (loop1): alloc_read... done
[  691.053008][T13467] bcachefs (loop1): stripes_read... done
[  691.065583][T13496] loop2: detected capacity change from 0 to 64
[  691.073276][T13467] bcachefs (loop1): snapshots_read... done
[  691.079430][T13467] bcachefs (loop1): check_allocations...
[  691.081263][T13467] btree ptr not marked in member info btree allocated bitmap
[  691.081281][T13467]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  691.083771][T13494] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  691.093497][T13467] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 8
[  691.133767][T13467] bcachefs (loop1): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  691.149425][T13467] bcachefs (loop1): bch2_gc_btree(): error fsck_errors_not_fixed
[  691.157148][T13496] Trying to free block not in datazone
[  691.157467][T13496] Trying to free block not in datazone
[  691.157481][T13496] Trying to free block not in datazone
[  691.157489][T13496] Trying to free block not in datazone
[  691.157499][T13496] minix_free_block (loop2:6): bit already cleared
[  691.157622][T13496] Trying to free block not in datazone
[  691.159328][T13496] Trying to free block not in datazone
[  691.176462][T13467] bcachefs (loop1): bch2_gc_btrees(): error fsck_errors_not_fixed
[  691.176529][T13467] bcachefs (loop1): bch2_check_allocations(): error fsck_errors_not_fixed
[  691.176609][T13467] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed
[  691.176624][T13467] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  691.177136][T13467] bcachefs (loop1): shutting down
[  691.270035][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  691.395587][T13467] bcachefs (loop1): shutdown complete
[  691.457549][T13511] loop2: detected capacity change from 0 to 2048
[  691.539407][T13511] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  691.702778][T13524] ptrace attach of "/root/syz-executor.0 exec"[12750] was attempted by "/root/syz-executor.0 exec"[13524]
[  691.718199][T13524] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  692.455292][   T29] audit: type=1800 audit(1717932494.222:3210): pid=13527 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file1" dev="loop2" ino=15 res=0 errno=0
[  692.503081][T12888] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  692.765489][T13540] loop0: detected capacity change from 0 to 2048
[  692.833261][T13540] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  692.975267][T12750] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  693.326795][T13567] loop3: detected capacity change from 0 to 2048
[  693.388913][T13567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  694.207738][T13546] loop2: detected capacity change from 0 to 32768
[  694.266415][T13546] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (13546)
[  694.354938][T13546] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  694.386861][T13546] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  694.414142][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  694.459422][T13546] BTRFS info (device loop2): using free-space-tree
[  694.940557][T13557] loop4: detected capacity change from 0 to 40427
[  694.982262][T13557] F2FS-fs (loop4): Unrecognized mount option "grpquota=sched_switch" or missing value
[  695.025531][T13597] loop3: detected capacity change from 0 to 40427
[  695.040173][T13597] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  695.048022][T13597] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  695.079230][T13597] F2FS-fs (loop3): Found nat_bits in checkpoint
[  695.131931][T13597] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  695.139080][T13597] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  695.181077][T13578] loop1: detected capacity change from 0 to 32768
[  695.224869][T13578] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section replicas_v0: no devices in entry journal: 1/0 []
[  695.224869][T13578] replicas_v0 (size 24):
[  695.224869][T13578] btree: 1 [0] journal: 1 [0] journal: 0 []
[  695.224869][T13578] 
[  695.504319][T13602] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  695.682709][T12888] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  697.931553][T13632] loop1: detected capacity change from 0 to 2048
[  697.980333][T13632] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  698.172592][   T29] audit: type=1326 audit(1717932499.962:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  698.226152][T13639] loop4: detected capacity change from 0 to 2048
[  698.317917][T13639] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  698.330185][T13639] ext4 filesystem being mounted at /root/syzkaller-testdir3801779541/syzkaller.C7wZQx/425/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  699.055661][   T29] audit: type=1326 audit(1717932499.962:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  700.170807][T13644] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.4'.
[  700.186151][   T29] audit: type=1326 audit(1717932499.962:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  700.209516][   T29] audit: type=1326 audit(1717932499.962:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  700.330101][   T29] audit: type=1326 audit(1717932499.962:3215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  700.395723][ T6658] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  700.402473][   T29] audit: type=1326 audit(1717932499.962:3216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  700.464199][   T29] audit: type=1326 audit(1717932499.962:3217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  700.487347][   T29] audit: type=1326 audit(1717932499.962:3218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3ddf27a6e7 code=0x7ffc0000
[  700.511895][   T29] audit: type=1326 audit(1717932499.962:3219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3ddf2403b9 code=0x7ffc0000
[  700.547680][   T29] audit: type=1326 audit(1717932499.962:3220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3ddf27a6e7 code=0x7ffc0000
[  700.645624][ T5109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  700.738411][T13647] syzkaller0: entered promiscuous mode
[  700.744080][T13647] syzkaller0: entered allmulticast mode
[  702.046961][T13652] loop4: detected capacity change from 0 to 32768
[  702.903510][T13652] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section replicas_v0: no devices in entry journal: 1/0 []
[  702.903510][T13652] replicas_v0 (size 24):
[  702.903510][T13652] btree: 1 [0] journal: 1 [0] journal: 0 []
[  702.903510][T13652] 
[  703.308963][T13675] loop3: detected capacity change from 0 to 512
[  703.394841][T13675] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  703.425179][T13679] loop4: detected capacity change from 0 to 2048
[  703.443081][T13675] ext4 filesystem being mounted at /root/syzkaller-testdir2875248258/syzkaller.bBFHU0/150/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  703.526800][T13679] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  703.842558][T10783] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  704.602619][T10783] usb 4-1: Using ep0 maxpacket: 16
[  704.634320][T10783] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  704.652530][T10783] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  704.693031][T10783] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  704.726759][T10783] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  704.762643][T10783] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.783394][T10783] usb 4-1: config 0 descriptor??
[  704.804046][T10783] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input9
[  704.889168][T13672] loop2: detected capacity change from 0 to 40427
[  704.990207][T13672] F2FS-fs (loop2): Found nat_bits in checkpoint
[  705.059065][T10783] bcm5974 4-1:0.0: could not read from device
[  705.075476][T10783] input: failed to attach handler mousedev to device input9, error: -5
[  705.106197][T10783] usb 4-1: USB disconnect, device number 40
[  705.111905][T13672] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  706.192994][T12888] syz-executor.2: attempt to access beyond end of device
[  706.192994][T12888] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  706.214037][T12888] syz-executor.2: attempt to access beyond end of device
[  706.214037][T12888] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  706.314018][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  706.393541][   T12] kworker/u8:1: attempt to access beyond end of device
[  706.393541][   T12] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  706.413691][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  706.421116][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  706.438984][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  706.448023][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  706.630237][   T29] kauditd_printk_skb: 56 callbacks suppressed
[  706.630254][   T29] audit: type=1326 audit(1717932508.462:3277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  706.689651][T13696] loop3: detected capacity change from 0 to 2048
[  706.719121][   T29] audit: type=1326 audit(1717932508.462:3278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  706.751139][   T29] audit: type=1326 audit(1717932508.482:3279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  706.752798][T13696] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  706.780305][   T29] audit: type=1326 audit(1717932508.482:3280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  706.786538][T13696] ext4 filesystem being mounted at /root/syzkaller-testdir2875248258/syzkaller.bBFHU0/151/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  706.833592][   T29] audit: type=1326 audit(1717932508.492:3281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  706.858250][   T29] audit: type=1326 audit(1717932508.492:3282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  706.881364][   T29] audit: type=1326 audit(1717932508.492:3283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  706.904417][   T29] audit: type=1326 audit(1717932508.492:3284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa9ea47a6e7 code=0x7ffc0000
[  706.927506][   T29] audit: type=1326 audit(1717932508.492:3285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9ea4403b9 code=0x7ffc0000
[  706.954700][   T29] audit: type=1326 audit(1717932508.492:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  707.066182][T13696] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.3'.
[  707.428988][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  707.450887][T13700] loop0: detected capacity change from 0 to 2048
[  707.464349][T13700] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  707.860276][T13706] loop0: detected capacity change from 0 to 256
[  707.867951][T13706] exfat: Deprecated parameter 'utf8'
[  707.873433][T13706] exfat: Deprecated parameter 'utf8'
[  707.878737][T13706] exfat: Unknown parameter 'öÔ„ŠÛµ.Ý)'
[  709.033089][ T5208] IPVS: starting estimator thread 0...
[  709.182561][T13707] IPVS: using max 23 ests per chain, 55200 per kthread
[  709.407930][T13716] loop3: detected capacity change from 0 to 256
[  709.431660][T13717] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  709.978455][ T5109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  710.340146][T13725] loop1: detected capacity change from 0 to 256
[  710.348533][T13725] exfat: Deprecated parameter 'utf8'
[  710.354263][T13725] exfat: Deprecated parameter 'utf8'
[  710.359602][T13725] exfat: Unknown parameter 'öÔ„ŠÛµ.Ý)'
[  711.110443][ T2450] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.264219][T13739] loop4: detected capacity change from 0 to 2048
[  711.289386][T13739] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  711.301590][T13739] ext4 filesystem being mounted at /root/syzkaller-testdir3801779541/syzkaller.C7wZQx/429/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  711.418777][T13739] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.4'.
[  711.645097][   T29] kauditd_printk_skb: 2356 callbacks suppressed
[  711.645115][   T29] audit: type=1326 audit(1717932513.452:5643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  711.676804][   T29] audit: type=1326 audit(1717932513.452:5644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3ddf27a6e7 code=0x7ffc0000
[  711.699862][   T29] audit: type=1326 audit(1717932513.452:5645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3ddf2403b9 code=0x7ffc0000
[  711.700984][ T2450] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.722745][   T29] audit: type=1326 audit(1717932513.452:5646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  711.722788][   T29] audit: type=1326 audit(1717932513.452:5647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3ddf27a6e7 code=0x7ffc0000
[  711.723941][   T29] audit: type=1326 audit(1717932513.452:5648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3ddf2403b9 code=0x7ffc0000
[  711.814716][   T29] audit: type=1326 audit(1717932513.452:5649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  711.839861][   T29] audit: type=1326 audit(1717932513.452:5650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3ddf27a6e7 code=0x7ffc0000
[  711.888833][   T29] audit: type=1326 audit(1717932513.452:5651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3ddf2403b9 code=0x7ffc0000
[  711.965337][ T2450] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.978004][   T29] audit: type=1326 audit(1717932513.452:5652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13732 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ddf27cf69 code=0x7ffc0000
[  712.076155][ T5109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  712.175573][ T2450] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  712.608512][ T2450] bridge_slave_1: left allmulticast mode
[  712.642601][ T2450] bridge_slave_1: left promiscuous mode
[  712.648413][ T2450] bridge0: port 2(bridge_slave_1) entered disabled state
[  712.723427][ T2450] bridge_slave_0: left allmulticast mode
[  712.729107][ T2450] bridge_slave_0: left promiscuous mode
[  712.752812][ T2450] bridge0: port 1(bridge_slave_0) entered disabled state
[  713.029901][T13745] loop3: detected capacity change from 0 to 32768
[  713.088592][T13745] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (13745)
[  713.141255][ T5114] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  713.154045][ T5114] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  713.173039][ T5114] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  713.181743][T13745] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  713.195205][ T5114] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  713.219318][ T5114] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  713.229506][ T5114] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  713.229964][T13745] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  713.269699][T13745] BTRFS info (device loop3): using free-space-tree
[  713.423781][T13752] loop0: detected capacity change from 0 to 32768
[  713.434963][T13752] BTRFS: device /dev/loop0 (7:0) using temp-fsid ea5c74b5-1e7d-40a8-9cae-fba42641d94c
[  713.444957][T13752] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (13752)
[  713.546051][T13752] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  713.587295][T13752] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  713.601412][T13752] BTRFS info (device loop0): using free-space-tree
[  713.740060][T13754] loop4: detected capacity change from 0 to 32768
[  713.850588][T10989] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  714.025136][T13754] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names
[  714.062926][T13754] bcachefs (loop4): recovering from clean shutdown, journal seq 7
[  714.090933][T13754] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  714.090933][T13754]   running recovery passes: check_allocations
[  714.228322][T13754] bcachefs (loop4): accounting_read... done
[  714.260090][T12750] BTRFS info (device loop0): last unmount of filesystem ea5c74b5-1e7d-40a8-9cae-fba42641d94c
[  714.262502][T13754] bcachefs (loop4): alloc_read... done
[  714.313571][T13754] bcachefs (loop4): stripes_read... done
[  714.332561][T13754] bcachefs (loop4): snapshots_read... done
[  714.339235][T13754] bcachefs (loop4): check_allocations...
[  714.358229][T13798] loop3: detected capacity change from 0 to 2048
[  714.378845][T13754] btree ptr not marked in member info btree allocated bitmap
[  714.378863][T13754]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  714.450734][T13798] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  714.642346][T13754] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 7
[  714.664680][ T2450] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  714.696897][T13754] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  714.705106][T13754] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed
[  714.716189][T13754] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed
[  714.732545][T13754] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed
[  714.741601][ T2450] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  714.752505][T13754] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed
[  714.770602][T13754] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  714.827458][T13754] bcachefs (loop4): shutting down
[  715.314144][ T5114] Bluetooth: hci1: command tx timeout
[  715.367490][ T2450] bond0 (unregistering): Released all slaves
[  715.394227][T13754] bcachefs (loop4): shutdown complete
[  715.572964][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  715.720521][T13811] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  716.142778][ T2450] hsr_slave_0: left promiscuous mode
[  716.150049][ T2450] hsr_slave_1: left promiscuous mode
[  716.207211][ T2450] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  716.218337][ T2450] batman_adv: batadv0: Removing interface: batadv_slave_0
[  716.248659][ T2450] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  716.265899][ T2450] batman_adv: batadv0: Removing interface: batadv_slave_1
[  716.338177][ T2450] veth1_macvtap: left promiscuous mode
[  716.352529][ T2450] veth0_macvtap: left promiscuous mode
[  716.366940][ T2450] veth1_vlan: left promiscuous mode
[  716.377949][ T2450] veth0_vlan: left promiscuous mode
[  716.463273][   T25] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  716.654639][   T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  716.679536][   T25] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  716.702729][   T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  716.724817][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.756477][   T25] usb 1-1: invalid MIDI out EP 0
[  716.885753][   T25] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  716.956645][   T25] usb 1-1: USB disconnect, device number 22
[  717.001625][   T29] kauditd_printk_skb: 62 callbacks suppressed
[  717.001643][   T29] audit: type=1326 audit(1717932518.822:5715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  717.030814][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.092713][   T29] audit: type=1326 audit(1717932518.822:5716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  717.137734][T13833] loop3: detected capacity change from 0 to 2048
[  717.150476][   T29] audit: type=1326 audit(1717932518.822:5717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  717.173949][   T29] audit: type=1326 audit(1717932518.822:5718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  717.199213][   T29] audit: type=1326 audit(1717932518.822:5719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  717.224689][   T29] audit: type=1326 audit(1717932518.822:5720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  717.248616][   T29] audit: type=1326 audit(1717932518.852:5721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ea47cf69 code=0x7ffc0000
[  717.274284][T13833] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  717.287123][T13833] ext4 filesystem being mounted at /root/syzkaller-testdir2875248258/syzkaller.bBFHU0/158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  717.328751][   T29] audit: type=1326 audit(1717932518.852:5722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa9ea47a6e7 code=0x7ffc0000
[  717.351607][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.365445][T13833] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.3'.
[  717.366652][   T29] audit: type=1326 audit(1717932518.852:5723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9ea4403b9 code=0x7ffc0000
[  717.392562][ T5114] Bluetooth: hci1: command tx timeout
[  717.397659][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.406259][   T29] audit: type=1326 audit(1717932518.852:5724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13830 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa9ea47a6e7 code=0x7ffc0000
[  717.856492][T10989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  717.860516][T13841] loop4: detected capacity change from 0 to 1024
[  717.888627][T13842] loop0: detected capacity change from 0 to 256
[  718.463877][T13848] ==================================================================
[  718.471978][T13848] BUG: KASAN: slab-use-after-free in finish_fault+0xf87/0x1460
[  718.479551][T13848] Read of size 8 at addr ffff88802c50d000 by task syz-executor.4/13848
[  718.487795][T13848] 
[  718.490117][T13848] CPU: 0 PID: 13848 Comm: syz-executor.4 Not tainted 6.10.0-rc2-next-20240607-syzkaller #0
[  718.500090][T13848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  718.510136][T13848] Call Trace:
[  718.513409][T13848]  <TASK>
[  718.516349][T13848]  dump_stack_lvl+0x241/0x360
[  718.521033][T13848]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.526256][T13848]  ? __pfx__printk+0x10/0x10
[  718.530838][T13848]  ? _printk+0xd5/0x120
[  718.534997][T13848]  ? __virt_addr_valid+0x183/0x520
[  718.540118][T13848]  ? __virt_addr_valid+0x183/0x520
[  718.545226][T13848]  print_report+0x169/0x550
[  718.549719][T13848]  ? __virt_addr_valid+0x183/0x520
[  718.554823][T13848]  ? __virt_addr_valid+0x183/0x520
[  718.559921][T13848]  ? __virt_addr_valid+0x44e/0x520
[  718.565027][T13848]  ? __phys_addr+0xba/0x170
[  718.569560][T13848]  ? finish_fault+0xf87/0x1460
[  718.574312][T13848]  kasan_report+0x143/0x180
[  718.578803][T13848]  ? finish_fault+0xf87/0x1460
[  718.583557][T13848]  finish_fault+0xf87/0x1460
[  718.588140][T13848]  ? __pfx_finish_fault+0x10/0x10
[  718.593152][T13848]  ? __pfx_lock_release+0x10/0x10
[  718.598164][T13848]  ? pte_alloc_one+0x443/0x5d0
[  718.602916][T13848]  ? validate_chain+0x11e/0x5920
[  718.607843][T13848]  ? __do_fault+0x258/0x460
[  718.612336][T13848]  ? handle_pte_fault+0x2bf5/0x7130
[  718.617526][T13848]  handle_pte_fault+0x3db5/0x7130
[  718.622554][T13848]  ? mark_lock+0x9a/0x360
[  718.626879][T13848]  ? __pfx_validate_chain+0x10/0x10
[  718.632090][T13848]  ? __pfx_handle_pte_fault+0x10/0x10
[  718.637459][T13848]  ? mark_lock+0x9a/0x360
[  718.641778][T13848]  ? __lock_acquire+0x1359/0x2000
[  718.646798][T13848]  ? __thp_vma_allowable_orders+0x7bf/0x860
[  718.652690][T13848]  handle_mm_fault+0x10df/0x1ba0
[  718.657627][T13848]  ? __pfx_handle_mm_fault+0x10/0x10
[  718.662902][T13848]  ? __pfx_find_vma+0x10/0x10
[  718.667582][T13848]  ? vma_is_secretmem+0xd/0x50
[  718.672340][T13848]  ? check_vma_flags+0x500/0x5a0
[  718.677267][T13848]  __get_user_pages+0x6ef/0x1590
[  718.682196][T13848]  ? mt_find+0x62d/0x850
[  718.686431][T13848]  ? __pfx___get_user_pages+0x10/0x10
[  718.691795][T13848]  populate_vma_page_range+0x264/0x330
[  718.697243][T13848]  ? __pfx_populate_vma_page_range+0x10/0x10
[  718.703216][T13848]  __mm_populate+0x27a/0x460
[  718.707805][T13848]  ? __pfx___mm_populate+0x10/0x10
[  718.712917][T13848]  __se_sys_remap_file_pages+0x7a1/0x9a0
[  718.718552][T13848]  ? __pfx___se_sys_remap_file_pages+0x10/0x10
[  718.724704][T13848]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  718.730677][T13848]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  718.736994][T13848]  ? do_syscall_64+0x100/0x230
[  718.741743][T13848]  ? __x64_sys_remap_file_pages+0x20/0xc0
[  718.747453][T13848]  do_syscall_64+0xf3/0x230
[  718.751944][T13848]  ? clear_bhb_loop+0x35/0x90
[  718.756609][T13848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.762488][T13848] RIP: 0033:0x7f3ddf27cf69
[  718.766905][T13848] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  718.786503][T13848] RSP: 002b:00007f3de00090c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[  718.794904][T13848] RAX: ffffffffffffffda RBX: 00007f3ddf3b4120 RCX: 00007f3ddf27cf69
[  718.802865][T13848] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 00000000202ec000
[  718.810822][T13848] RBP: 00007f3ddf2da6fe R08: 0000000000000000 R09: 0000000000000000
[  718.818777][T13848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  718.826736][T13848] R13: 000000000000006e R14: 00007f3ddf3b4120 R15: 00007ffc2110ea38
[  718.834701][T13848]  </TASK>
[  718.837702][T13848] 
[  718.840006][T13848] Allocated by task 13632:
[  718.844409][T13848]  kasan_save_track+0x3f/0x80
[  718.849082][T13848]  __kasan_slab_alloc+0x66/0x80
[  718.853920][T13848]  kmem_cache_alloc_noprof+0x135/0x2a0
[  718.859366][T13848]  __sigqueue_alloc+0x42e/0x540
[  718.864207][T13848]  __send_signal_locked+0x22f/0xdc0
[  718.869391][T13848]  group_send_sig_info+0x292/0x310
[  718.874487][T13848]  bpf_send_signal_common+0x2dd/0x430
[  718.879843][T13848]  bpf_send_signal+0x19/0x30
[  718.884419][T13848]  0xffffffffa0001fb2
[  718.888388][T13848]  bpf_trace_run2+0x2ec/0x540
[  718.893057][T13848]  kfree+0x2bb/0x360
[  718.896939][T13848]  do_recvmmsg+0x498/0xae0
[  718.901341][T13848]  __x64_sys_recvmmsg+0x199/0x250
[  718.906352][T13848]  do_syscall_64+0xf3/0x230
[  718.910839][T13848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.916717][T13848] 
[  718.919043][T13848] Freed by task 13631:
[  718.923097][T13848]  kasan_save_track+0x3f/0x80
[  718.927765][T13848]  kasan_save_free_info+0x40/0x50
[  718.932773][T13848]  poison_slab_object+0xe0/0x150
[  718.937696][T13848]  __kasan_slab_free+0x37/0x60
[  718.942447][T13848]  kmem_cache_free+0x145/0x350
[  718.947201][T13848]  __dequeue_signal+0x4ac/0x5c0
[  718.952038][T13848]  dequeue_signal+0x169/0x5a0
[  718.956703][T13848]  get_signal+0x602/0x1740
[  718.961105][T13848]  arch_do_signal_or_restart+0x96/0x830
[  718.966636][T13848]  syscall_exit_to_user_mode+0xc9/0x370
[  718.972170][T13848]  do_syscall_64+0x100/0x230
[  718.976741][T13848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.982618][T13848] 
[  718.984923][T13848] The buggy address belongs to the object at ffff88802c50d000
[  718.984923][T13848]  which belongs to the cache sigqueue of size 80
[  718.998612][T13848] The buggy address is located 0 bytes inside of
[  718.998612][T13848]  freed 80-byte region [ffff88802c50d000, ffff88802c50d050)
[  719.012129][T13848] 
[  719.014437][T13848] The buggy address belongs to the physical page:
[  719.020835][T13848] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802c50df50 pfn:0x2c50d
[  719.030879][T13848] memcg:ffff888064413001
[  719.035104][T13848] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[  719.043155][T13848] page_type: 0xfdffffff(slab)
[  719.047815][T13848] raw: 00fff00000000200 ffff888016ad73c0 ffff888015eefb88 ffffea0000b14390
[  719.056379][T13848] raw: ffff88802c50df50 000000000024000c 00000001fdffffff ffff888064413001
[  719.064939][T13848] page dumped because: kasan: bad access detected
[  719.071335][T13848] page_owner tracks the page as allocated
[  719.077043][T13848] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 13632, tgid 13631 (syz-executor.1), ts 699248633687, free_ts 681838118961
[  719.098212][T13848]  post_alloc_hook+0x1f3/0x230
[  719.102963][T13848]  get_page_from_freelist+0x2cbd/0x2d70
[  719.108492][T13848]  __alloc_pages_noprof+0x256/0x6c0
[  719.113673][T13848]  alloc_slab_page+0x5f/0x120
[  719.118354][T13848]  allocate_slab+0x5a/0x2f0
[  719.122842][T13848]  ___slab_alloc+0xcd1/0x14b0
[  719.127507][T13848]  __slab_alloc+0x58/0xa0
[  719.131825][T13848]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[  719.137303][T13848]  __sigqueue_alloc+0x42e/0x540
[  719.142145][T13848]  __send_signal_locked+0x22f/0xdc0
[  719.147330][T13848]  group_send_sig_info+0x292/0x310
[  719.152425][T13848]  bpf_send_signal_common+0x2dd/0x430
[  719.157781][T13848]  bpf_send_signal+0x19/0x30
[  719.162358][T13848]  0xffffffffa0001fb2
[  719.166323][T13848]  bpf_trace_run2+0x2ec/0x540
[  719.170989][T13848]  kfree+0x2bb/0x360
[  719.174873][T13848] page last free pid 10783 tgid 10783 stack trace:
[  719.181351][T13848]  free_unref_page+0xd22/0xea0
[  719.186099][T13848]  kasan_depopulate_vmalloc_pte+0x74/0x90
[  719.191804][T13848]  __apply_to_page_range+0x8a8/0xe50
[  719.197072][T13848]  kasan_release_vmalloc+0x9a/0xb0
[  719.202168][T13848]  purge_vmap_node+0x3e3/0x770
[  719.206916][T13848]  __purge_vmap_area_lazy+0x708/0xae0
[  719.212273][T13848]  drain_vmap_area_work+0x27/0x40
[  719.217287][T13848]  process_scheduled_works+0xa2c/0x1830
[  719.222816][T13848]  worker_thread+0x86d/0xd50
[  719.227396][T13848]  kthread+0x2f0/0x390
[  719.231458][T13848]  ret_from_fork+0x4b/0x80
[  719.235863][T13848]  ret_from_fork_asm+0x1a/0x30
[  719.240614][T13848] 
[  719.242920][T13848] Memory state around the buggy address:
[  719.248531][T13848]  ffff88802c50cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  719.256572][T13848]  ffff88802c50cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  719.264611][T13848] >ffff88802c50d000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb
[  719.272649][T13848]                    ^
[  719.276697][T13848]  ffff88802c50d080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb
[  719.284737][T13848]  ffff88802c50d100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb
[  719.292775][T13848] ==================================================================
[  719.300826][    C0] vkms_vblank_simulate: vblank timer overrun
[  719.309865][T13848] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  719.317075][T13848] CPU: 0 PID: 13848 Comm: syz-executor.4 Not tainted 6.10.0-rc2-next-20240607-syzkaller #0
[  719.327054][T13848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  719.337115][T13848] Call Trace:
[  719.340394][T13848]  <TASK>
[  719.343328][T13848]  dump_stack_lvl+0x241/0x360
[  719.348021][T13848]  ? __pfx_dump_stack_lvl+0x10/0x10
[  719.353231][T13848]  ? __pfx__printk+0x10/0x10
[  719.357829][T13848]  ? lock_release+0xbf/0x9f0
[  719.362420][T13848]  ? vscnprintf+0x5d/0x90
[  719.366755][T13848]  panic+0x349/0x870
[  719.370662][T13848]  ? check_panic_on_warn+0x21/0xb0
[  719.375785][T13848]  ? __pfx_panic+0x10/0x10
[  719.380211][T13848]  ? mark_lock+0x9a/0x360
[  719.384545][T13848]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  719.390449][T13848]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  719.396350][T13848]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  719.402681][T13848]  ? print_report+0x502/0x550
[  719.407362][T13848]  check_panic_on_warn+0x86/0xb0
[  719.412306][T13848]  ? finish_fault+0xf87/0x1460
2024/06/09 11:28:41 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  719.417078][T13848]  end_report+0x77/0x160
[  719.421334][T13848]  kasan_report+0x154/0x180
[  719.425847][T13848]  ? finish_fault+0xf87/0x1460
[  719.430620][T13848]  finish_fault+0xf87/0x1460
[  719.435224][T13848]  ? __pfx_finish_fault+0x10/0x10
[  719.440261][T13848]  ? __pfx_lock_release+0x10/0x10
[  719.445294][T13848]  ? pte_alloc_one+0x443/0x5d0
[  719.450074][T13848]  ? validate_chain+0x11e/0x5920
[  719.455032][T13848]  ? __do_fault+0x258/0x460
[  719.459554][T13848]  ? handle_pte_fault+0x2bf5/0x7130
[  719.464775][T13848]  handle_pte_fault+0x3db5/0x7130
[  719.469839][T13848]  ? mark_lock+0x9a/0x360
[  719.474189][T13848]  ? __pfx_validate_chain+0x10/0x10
[  719.479411][T13848]  ? __pfx_handle_pte_fault+0x10/0x10
[  719.484803][T13848]  ? mark_lock+0x9a/0x360
[  719.489147][T13848]  ? __lock_acquire+0x1359/0x2000
[  719.494189][T13848]  ? __thp_vma_allowable_orders+0x7bf/0x860
[  719.500102][T13848]  handle_mm_fault+0x10df/0x1ba0
[  719.505059][T13848]  ? __pfx_handle_mm_fault+0x10/0x10
[  719.510356][T13848]  ? __pfx_find_vma+0x10/0x10
[  719.515045][T13848]  ? vma_is_secretmem+0xd/0x50
[  719.519819][T13848]  ? check_vma_flags+0x500/0x5a0
[  719.524770][T13848]  __get_user_pages+0x6ef/0x1590
[  719.529724][T13848]  ? mt_find+0x62d/0x850
[  719.533986][T13848]  ? __pfx___get_user_pages+0x10/0x10
[  719.539374][T13848]  populate_vma_page_range+0x264/0x330
[  719.544847][T13848]  ? __pfx_populate_vma_page_range+0x10/0x10
[  719.550842][T13848]  __mm_populate+0x27a/0x460
[  719.555444][T13848]  ? __pfx___mm_populate+0x10/0x10
[  719.560568][T13848]  __se_sys_remap_file_pages+0x7a1/0x9a0
[  719.566220][T13848]  ? __pfx___se_sys_remap_file_pages+0x10/0x10
[  719.572394][T13848]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  719.578380][T13848]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  719.584718][T13848]  ? do_syscall_64+0x100/0x230
[  719.589498][T13848]  ? __x64_sys_remap_file_pages+0x20/0xc0
[  719.595242][T13848]  do_syscall_64+0xf3/0x230
[  719.599758][T13848]  ? clear_bhb_loop+0x35/0x90
[  719.604448][T13848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  719.610350][T13848] RIP: 0033:0x7f3ddf27cf69
[  719.614769][T13848] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  719.634387][T13848] RSP: 002b:00007f3de00090c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[  719.642817][T13848] RAX: ffffffffffffffda RBX: 00007f3ddf3b4120 RCX: 00007f3ddf27cf69
[  719.650803][T13848] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 00000000202ec000
[  719.658777][T13848] RBP: 00007f3ddf2da6fe R08: 0000000000000000 R09: 0000000000000000
[  719.666755][T13848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  719.674732][T13848] R13: 000000000000006e R14: 00007f3ddf3b4120 R15: 00007ffc2110ea38
[  719.682720][T13848]  </TASK>
[  719.685981][T13848] Kernel Offset: disabled
[  719.690297][T13848] Rebooting in 86400 seconds..