last executing test programs:

1m26.066991148s ago: executing program 2 (id=50):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0x7, 0x4)
syz_emit_ethernet(0x52, &(0x7f00000001c0)={@local, @random="fad1e0480102", @void, {@ipv4={0x800, @udp={{0xf, 0x4, 0x0, 0x2, 0x44, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x27, 0x23, [@remote, @private=0xa010101, @loopback, @dev={0xac, 0x14, 0x14, 0x36}, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x3f}, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @dev={0xac, 0x14, 0x14, 0x36}]}]}}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)

1m25.920508639s ago: executing program 2 (id=52):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000540)={0x8, 0x0, 0x0, 'queue1\x00', 0x72})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x14f, @time={0x8, 0x7}, 0x0, {0x0, 0x2}, 0xff, 0x0, 0x40})

1m25.62416339s ago: executing program 2 (id=53):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000040)={&(0x7f0000001800)=[{0x63, 0x2800, 0x0, 0x0}, {0x63, 0x1011, 0x0, 0x0}], 0x2})

1m23.766811392s ago: executing program 2 (id=63):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file2\x00', 0x1010051, &(0x7f0000000240)={[{@debug}, {@inlinecrypt}, {@noblock_validity}, {@dioread_lock}, {@nouid32}, {@resuid}]}, 0x1, 0x550, &(0x7f00000002c0)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSebxm2DD6uC6FNBrfgkrDGZhLCTzJJM2k1YbIqvgiCiBV/0yRfBP0CQvvguQqG+i4oiddc+KLS9cmfudJPJTJLSmblL8vvB2XvPPTP3+86EOXPuzN17AziznoyIKxExERHPRMRMsT0tSux1Sv64+/fuLuUliSx78a0kkmJbd1/ni+Wl4mlTEfGtr0d8Pzkcd2tn99Zio1HfLOqzrfXknSzbvbq2vrhaX61vzM/PPbfw/ML1hWtD6Wc1Im589e8/+/Gvv3bj959/+S83/3nlB3la/8uyV6KnH8PU6Xql/Vp0TUbE5iiClWSy3cOO6yXnAgDA0fL5/kcj4tPt+f9MTLRncwAAAMBpkn1pOt5JIjIAAADg1EojYjqStFac7ztdnLF6KSI+HhfTRnOr9bmV5vbGct4WUY1KurLWqF+Lqfa5A9WoJHl9rjjHtlt/tqc+HxGPRsRPZy6067WlZmO57C8/AAAA4Iy41HP8//ZMmtZqReNeyckBAAAAw1MtOwEAAABg5Bz/AwAAwOlXzfrcoeuwdPSZAAAAACPwjRdeyEvWvf/18ks727eaL11drm/dqq1vL9WWmpu3a6vN5mr7mn3rx+2v0Wze/kJsbN+ZbdW3WrNbO7s315vbG62bawdugQ0AAACM0aOfev3PSUTsffFCu+TOFW2ViGxi/4Mny8gQGJUPdE7P30aXBzB++z/fL5SYBzB+pvRwdlXKTgAo3XH/AWjgyTt/HH4uAADAaFz+xODf/99aKTU1YMSK3/+TE10ABDhVJspOAChN5/e/97KOsrMBxqly1AzAQQGceulwfv8/5lTCxIACAAAlm26XJK0VxwHTkaa1WsQj7dsCVpKVtUb9WkR8JCLenKmcz+tz7WcmZvMAAAAAAAAAAAAAAAAAAAAAAAAAcEJZlkQGAAAAnGoR6T+6d+a6PPP0dO/3A+eS/860lxHx8i9e/PmdxVZrcy7f/u/3t7deK7Y/W8Y3GAAAAECv7nF69zgeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbp/r27S/ezLMvu3V2KeHt6XHH/9ZWIqBbxi9JpmYyp9nIqKhFx8T9JTO57XhIRE0OIv/dqRDzWL36SpxXVIosD8c9FpBFxYVjx4wPGj078S0OID2fZ6/n48+V+7780nmwv+7//JovyYQ0e/9L3x7+JAePfI4N2WjlYffyN384OjP9qxOOT/cefbvwk31+f+E+dsI/f+/bu7qC27FcRl/uNf8nBWLOt9duzWzu7V9fWF1frq/WN+fm55xaeX7i+cG12Za1RL/7tG+Mnn/zdew9q7x7q/8Ujxt92/we8/k+fsP/vvnHn3sc6qz1/majEL7PsylP9//6P5YvPHo7f/ez7TPE5kNfz1zB97Tt94z/xmz89MSi3vP/LA/o/1dP/8z39v3LC/j/zzR/+9YQPBQDGYGtn99Zio1HftLJ/JaoPRRoP70o+7xxTrBsR0b8piSTylTcPNC2OK7HjVl4p3mOLje67bUh7/kNxcDTK5EsajwAAgNF5MOnvbUnKSQgAAAAAAAAAAAAAAAAAAADOoGMvAzaoKY2IB1u++6MjrkbWG3OvnK4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzp/wEAAP//muXWAg==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
getxattr(0x0, 0x0, 0x0, 0x0)
lstat(&(0x7f0000000880)='./file2\x00', &(0x7f00000008c0))

1m23.186887355s ago: executing program 2 (id=66):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r0, 0x5)
r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x8)
flock(r1, 0x2)
flock(r1, 0x2)

1m19.02412861s ago: executing program 2 (id=87):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900462b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f00000002c0)="c67f0d7df9", 0x5}, {&(0x7f0000000280)="0e3b", 0x2}], 0x3)

1m18.277203755s ago: executing program 32 (id=87):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900462b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f00000002c0)="c67f0d7df9", 0x5}, {&(0x7f0000000280)="0e3b", 0x2}], 0x3)

43.196101848s ago: executing program 0 (id=249):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file0\x00', 0x40, &(0x7f0000000000)=ANY=[], 0x4, 0xf82, &(0x7f0000003080)="$eJzs3U9sHNX9APA36/W/2MRr4AcGfoQUWhEo2CGJ1PQWBOqlEuLSOygkNMJQ1NBKREBMD4hKiCIhThUHEBdKpRSpSKBKFeqp7alVb+0F9UKlKpWCemgjJa5iv1nvPu9k12N7dtf7+UjffX7zZuf7HXsTz4xn3wZgZNXWHo8dW8hCeOeztx99+ansk2vL7mqucXDtMYu9RghhvKWfJdv7Ii64cumlk53aLBxZe8z74bGLzefOhBBWwsHweWiEj5aWv/rw3UcOffza1C1vnnvmlV3a/aZ0PwAAYC+68Mflv973jz88MH/5woETYbK5PD8+b8T+TDzuPxwPlPPj5Vpo72ct0WoiWW8sRi1ZbyxZr57kqRfkG0+2M16w3kSXfGMtyzrtJwAAAAyj/Ly2EbLaYlu/VltcXD/vv+aLuYls8bkzy6fP9qlQAAAAoLR/n1+76XaIY2oAahBpTOcvsK0976Pvbv0524paxfnqFecbmSj3ehNCCCGE2LlwPCKGIFbnKrzYAAAAANBhvrBNVnZ2pq7m1hq95b/4cK3z82EHJK+/zdNO7PDr//r5pzavUGn+DnY//3if8193/z941f84AACUt1ePJvP9yo+j83kM0nkEx9qeNTO21fOPWrKd+hbrLJpXcFjmGyyqc6ziOsoqqn+rP8d+Kao/nQ9zUBXVn87TOaiK6p+suI6yiurvcOUnDOI/66L6pyuuo6yi+vdVXEdZRfXPVFxHWUX1z1ZcR1lF9d9QcR1lFdW/v+I6yiqqf1huqy2qv1FxHWUV1T+/3gz8YURR/TdWXEdZRfXfVHEdZRXVf3PFdfTLnbHNvw8HCtab6XDwN3AHgwAAAEBH/x36+f9GNOoDUIMQQgx9vLr+y7B9+VSHZWJbURuAGnYrpju9hoQQQoiBjPN9vPYAAAAADIb8fQH5u95Xo3x8bNP4396/9piP11vHpzY2kI+Pd9n+RJfxyS7jAAAAQAi/ef30bW9lG/Pdpe/p3+p8ePm8UdPhk6uhxDxG6XyEW82/3XnPtpu/84QjwzIbGwAAAHtV9p3Pr97/6HsvzF++cOBEy9nv1Xi+m88DWo/XBj6N/fy+gNmkn+Xn0Cfa89QK1kuvD9xQtL3Ht7mjAAAAMMLy8/dGyGqLLefdjVCrLS5unI8vhPHs9JnlU4djP/98lt/PjU9eW/5QxXUDAAAAvds43+98/p9/ju9CmMgWnzuzfPrsen+2uXy81npdYG5jedZ6XaCRLD9SsPxo7MfP7wzfn5teW7548gfLT+30zgMAAMCIOPviuWeeXF4+9cPR+aIeQtjWdsIg7IUvfLGrX/T7fyYAAGCnffnl2+M/Ojr72/X3/2/Mf3c1fnEw9htxbr8/xeX5fQL5+wA2vV//ifY8c0XrPd++XiNZbyzGZFL3VMt2wtp8g+3Pmy/K12jfzkRBvpkk32ySL52noJ6sn3WYSzB0mAkwX28uWZ7Ow1hPcmRJ/rs75AIAAIDc0gvPPr909sVzD5559smnTz196rmjR45/+/jxww9966Gltfv6l1rv7gcAAACG0cZNv/2uBAAAAAAAAAAAAAAAAAAAAEZXFR8n1u99BAAAgFH3r/MhhBUhCiL/gMF+1zHskQ1ADbsXq5P9r2FvR/DvUAghhBDbjP6e9005lhmMWF1NP2keAAAAYHddufTSydZ2k5VsR/M1t9ZYb67GvHk7++Bf5q9FvtrFh9uvl+zb0WoYdVW//uUf1PyTHcc/eHVn869diG9s9Lv//1dr38CJtcd67E33mvfepV8sNPOHEG6v95g/3f/He83Y7lCS/97QW/7V95L8T7T1ar3mvy/Jv6/H/Jv2//miDFPXzX9/zL8Q+4fu6TV/+y5OJtl6fQF8M9n/p0Kv+ZP9b/SYMPFAzA8Ao6j523z1fH8L2WH5UUJ+PD0T+/n+5ges6d0PWz3+ryXbqW+78vbt5sdBt8Z+86hupT1vbqv159+X2djeULLO1LDcVVJU/079HHdbUf3jFddRVlH9ExXXUVZR/Z3P3gdPUf3XP3scHEX193whos+K6h+W68pF9c9UXEdZRfXPVlxHWUX1b/X3eL8U1b+/4jrKKqp/ruI6yiqqv+RltcoV1T9fcR1lFdV/Y8V1lFVU/00V11FWUf03V1xHv9wR26Lz4fz8cy6O5f1G0p/s8L3s+Y8hAAAAwK7650DO/9dy5aDvtQghhBBiGGJsAGoQYpjjP6vr+l2HEGL3YnW1n1cf6LdsiO4VB2Dn7O5sFgw6P//R5uc/2vz8uZ78L/FZ0s+NdRmvdxkf7zI+kYxnyRMni8ajm5LtrubXNaObu4z/X9yDovH9yfN/nIzf2mX7C13Gb+syfnuX8Tu6jAMAADAabomt80MAAADYu17+5adv/PreJy7NX75w4ESY2DTv/OHYn4x/W3899tN573Pj8W/+P4n992P7u9j+PVnf/ScAAACw+/LPifH3fwAAANi78s8pdf4PAAAAe9d8bJ3/AwAAwN51Y2yd/wMAAMAelk11Xhzb/LrA3bHtdV4/AGDw/X9s74ztgdjeFduvxTY/Drgntl+vqD4AYOf8/Hs/Pf5WtjHf/9Fk/EpcnrebrKxfKchq7TP5T8d2X2y/0WM96ecB9Jo/t7/HPLuVf26b+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvaO29njs2EIWwjufvf3ozybe+PO1ZXc11zi49pjFXiOEMN58Xj660f9VXPHKpZdOtrZXY5uFIyELWXN5eOxiM9NMCGElHAyfh0b4aGn5qw/ffeTQx69N3fLmuWde2cVvQdv+AQAAwF70vwAAAP//7lUWHg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x80)
setxattr$incfs_id(0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x80186e82, &(0x7f00000001c0)={@desc={0x1, 0x0, @desc1}})

42.491948972s ago: executing program 0 (id=253):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000003ec0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x3, 0x9}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000000700)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @local, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="28000000000000002900000002"], 0x28}}], 0x1, 0x40)

42.065606055s ago: executing program 0 (id=255):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0/..\x00', &(0x7f0000000180)={0x0, 0x0, 0x1}, 0x18)

41.923958675s ago: executing program 0 (id=257):
syz_mount_image$jfs(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x1000400, &(0x7f00000001c0)={[{@quota}, {@discard_size={'discard', 0x3d, 0xaff9}}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@usrquota}, {@nodiscard}, {@uid}, {@uid={'uid', 0x3d, 0xee01}}]}, 0x21, 0x61b6, &(0x7f00000075c0)="$eJzs3cuOHFcZB/Cv+jYXE8fKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgixJIVD5AFW3Y8AJZsJFAWKIVq5pxxTaV7esb2dHW7fj9pXPX1qZo+5X9XX6aq+gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/8wY/PFRFx5VfphhMRn4t+RC9iparXImJl7UR9nRdiuzmej4jhUkS1/vY/z0a8HhEfH4+4/+DOenXz+QP24/t//scffnLsR3//0/DMf/9yq//GpOVu3/7tf/5699G3FwAAALqoLMuySB/zT0bEIH22BwCefvn1v0zy7eq5qzfnrD9qtVqtXsC6rhzvbr2IiM36OtV7BofjAWDBbMYnbXeBFsm/0wYRcaztTgBzrWi7AxyJ+w/urBcp36L+erC2057PBdmT/2axe33HpOk0zXNMZvX42op+PDehPysz6sM8yfn3mvlf2WkfpeWOOv9ZmZT/aOfSp87J+feb+Tc8Pfn3xubfVTn/waHy78sfAAAAAADmWP77/4mWj/8uPf6mHMh+x3/XZtQHAAAAAAAAAHjSDjv+36Ax/t8u4/8BAADA3Ko+q1d+d/zhbZO+i626/XIR8UxjeaBj0sUyq233AwAAAAAAAAAAAAC6ZLBzDu/lImIYEc+srpZlWf3UNevDetz1F13Xtx+6rO0neQAA2PHx8ca1/EXEckRcTt/1N1xdXS3L5ZXVcrVcWcrvZ0dLy+VK7XNtnla3LY0O8IZ4MCqrX7ZcW69u2uflae3N31fd16jsH6Bjs9Fi4AAQETuvRvcnvSL9z+vVYirLZ6PlNzksiH32fxaU/Z+DaPtxCgAAABy9sizLIn2d98l0zL/XdqcAgJnIr//N4wJqtVqtVqufvrquHO9uvYiIzfo61XsGw/EDwILZjE/a7gItkn+nDSLihbY7Acy1ou0OcCTuP7izXqR8i/rrQRrfPZ8Lsif/zWJ7vbz+uOk0zXNMZvX42op+PDehP8/PqA/zJOffa+Z/Zad9lJZ7/PzLPX8mbOsco0n5V9t5ooX+tC3n32/m33DU+/+sbEVvbP5dlfMfHCr/vvwBAAAAAGCO5b//n5ir47+jR92cqfY7/rs2do2j6wsAAAAAAAAAPCn3H9xZz9e95uP/XxiznOs/n045/0L+nZTz7zXy/2pjuX5t/t7bD/P/94M763+89a/P5+lB81/KM0V6ZBXpEVGkeyoGafo4W/dZW8P+qLqnYdHrD9I5P+Xw3bgW12Mjzu5Ztpf+Px62n9vTXvV0uN1e9nfaz+9pH+y25/Uv7GkfprOLypXcfjrW4+dxPd7Zbq/alqZs//KU9nJKe86/b//vpJz/oPZT5b+a2ovGtHLvo95n9vv6dNz9vHXti785e/SbM9VW9He3ra7avpda6M/2/8mxUfzy5saN07ev3rp141ykyZ5bz0eaPGE5/2H62X3+f3mnPT/v1/fXex+NDp3/vNiKwcT8X67NV9v7yoz71oac/yj95PzfSe3j9/9Fzn/y/v9qC/0BAAAAAAAAAAAAAACA/ZRluX2J6FsRcTFd/9PWtZkAwGzl1/8yybfPqu7P+P7U6gWviznrz0zrT8v56o9avYh1XTnem/UiIv5WX6d6z/Drcb8MAJhnn0bEP9vuBK2Rf4fl7/urpqfa7gwwUzc/+PCnV69f37hxs+2eAAAAAAAAAACPKo//uVYb//lUWZZ3G8vtGf/17Vh73PE/B3lmd4DRCQNV9w+/TfvZ6o36vdpw4y/GpPG/h7tz+43/PZhyf8Mp7aMp7UtT2pentI+90KMm5/9ibbzzUxFxsjH8ehfGf22Oed8FOf+Xao/nKv+vNJar51/+fpHz7+3J/8yt939x5uYHH7527f2r7228t/GzC+fOnb1w8eKlS5fOvHvt+sbZnX9b7PHRyvnnsa+dB9otOf+cufy7Jef/pVTLv1ty/l9Otfy7Jeef3+/Jv1ty/vmzj/y7Jef/Sqrl3y05/6+lWv7dkvN/NdXy75ac/9dTLf9uyfm/lmr5d0vO/3Sq5d8tOf8zqT5g/itH3S9mI+efj3DZ/7sl55/PbJB/t+T8z6da/t2S87+Qavl3S87/9VTLv1ty/t9Itfy7Jed/MdXy75ac/zdTLf9uyflfSrX8uyXn/61Uy79bcv7fTrX8uyXn/0aq5d8tOf/vpFr+3ZLz/26q5d8tOf/vpVr+3ZLzfzPV8u+Wh9//b8aMGTN5pu1nJgAAAAAAAAAAAACgaRanE7e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkaus74f+Jl989qBxEDI38nfwMYxISSb7NpO/EKbYsJrw1sJhEJfsF3v2iz4Da9dAo1k00CJhFFRRdtw0RYQanNTkQsuaAUoF6gVUiVoL+gNokLlIqoCCkiVaAXZas55nmdnZmdndu3x+sw5n4+U/LIzZ+acOXPm7H53850BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNWtr5//dCPLsuY/+b+2ZtkLmv+9eWprftlrrvUWAgAAAFfqV/m/n7shXXBwDTdqWeafX/7dry0tLS1l7xv98/HPLy2lK6aybHxTluXXRU/96P2N1mWCx7LJxkjL1yN9Vj/a5/qxPteP97l+os/1m/pcP9nn+hU7YIXNxe9j8jvbmf/n1mKXZjdm4/l1O7vc6rHGppGR+LucXCO/zdL4sWwhO5HNZ7NtyxfLNvLlv3Frc11vyeK6RlrWtb15hPzs0aNxGxphH+9sW9fyfUY/eV029fOfPXr0b889e3O32Xc3tN1fsZ137Ghu5yfDJcW2NrJNaZ/E7Rxp2c7tXZ6T0bbtbOS3a/5353Y+t8btHF3ezA3V+ZxPZiP5f38v309jrb/WS/tpe7jsF7dlWXZxebM7l1mxrmwk29J2ycjy8zNZHJHN+2geSi/OxtZ1nN66huO0Oed2th+nna+J+PzfGm43tso2tD5NP/nERMvz/sulyzlOo+ajXu210nkMDvq1UpZjMB4X38sf9ONdj8Gd4fE/evvqx2DXY6fLMZged8sxuKPfMTgyMZpvc3oSGvltlo/BXW3Lj+ZrauTzmdt7H4Mz506emVn82MfvXjh55Pj88flTe3btmt2zd+/+/ftnji2cmJ8t/n2Ze7v8tmQj6TWwI+y7+Bp4VceyrYfq0pcmVpx/L/d1ONnjdbi1Y9lBvw7HOh9cY2NekCuP6eK18Z7mTp+8NJKt8hrLn587r/x1mB53y+twrOV12PV7SpfX4dgaXofNZc7cubafWcZa/um2Dat/L7iyY3BryzHY+fNI5zE46J9HynIMTobj4gd3rv69YHvY3sen1/vzyOiKYzA93HDuaV6Sft6f3J+PbsflLc0rrpvIzi/On73nkSPnzp3dlYWxIV7Scqx0Hq9bWh5TtuJ4HVn38Xpw4eWP39Ll8q1hX03e3fzX5KrPVXOZe+/p/Vzl392678+2S3dnYQzYRu/Pbt/Nm/tzIsu+8O1PPPTNR7/w+lX3ZzNvfnLmyn8WT7m05fw7vsr5N+b+54v1pbt6bHR8rHj9jqa9M952Pm5/qsbyc1cjX/dzM2s7H4+Hfzb6fHxjj/Pxto5lB30+Hu98cPF83Oj3244r0/l8Tobj5MRs7/Nxc5ltu9d7TI71PB/fFmYj7P9Xh6SQclHLsbPacZvWNTY2Hh7XWFxD+3G6p2358ZDNmut6cnf4oTBt5dqO0ztuK5YfbbldtFHH6VTHsoM+TtPvvlY7Thv9fvt2eTqfz8lwXNy4p/dx2lzm6Xuv/Ny5Of5ny7lzot8xOD460dzm8XQQ5uf7bGlzPAbvyY5mp7MT2Vx+7UR+PDXydU3ft7Zz5UT4Z6PPldt6HIN3dCw76GMwfR9b7dhrjK188APQ+XxOhuPiift6H4PNZd6wb7A/u94RLknLtPzs2vn7tdV+53VLx266WsfKWNjOb+/r/bvZ5jIn9q83Z/beT3eFS67rsp86X7+rvabmso3ZT9vCdj67f/X91Nye5jKfP7DG4+lglmUXPvJA/vve8PeVC+e//7W2v7t0+5vOhY888NMXHvun9Ww/AMPv+WJsKb7Xtfxlai1//wcAAACGQsz9I2Em8j8AAABURsz98f8KT+R/AAAAqIyY+8fCTKqQ//+4/yLb3vDswvMXstTMXwri9Wk3PFgsFzuus+HrqaVlzcsf+Mr8f//jhbVt3kiWZb988I+6Lr/twbhdhamwnU+9sf3yFb5295rWffjhC2m9rf31L4b7j49nrYdBtwrubJZl37jhs/l6pt5/KZ9PP3g4nw9dfPyx5jLPHSi+jrd/5iXF8n8Vyr8Hjx1pu/0zYT/8OMzZt3bfH/F2X7306u373ru8vni7xo7r84f9xAeK+43vk/O5x4rl435ebfu/+Zknv9pc/pFXdt/+CyPdt//JcL9fCfN/XlYs3/ocNL+Ot/tU2P64vni7e778ra7b/9Sni+XPvKlY7nCYcf13hK93vunZhdb99UjjSNvjyt5cLBfXP/v9P82vj/cX779z+ycPXWrbH53Hx9P/VtzPTMfy8fK4nugfOtbfvJ/W4zOu/8k/Ody2n/ut/6mHnnlZ8347139Xx3JnPnJnvv7l+2t/x6a//tRnu64vbs/Bvz/T9ngOviu8jsP6n/hAOB7D9f/7VHF/ne+ucPhd7eefuPwXt15oezzRW35erP+p1x7P56bJzVuue8ELr7/4iua+y7LvbSrur9/6j//N6bbt/9JNxf6I18eOfuf6VxPXf/aj06dOL55fmEt79dEb8vfOeVuxPXF7bwjn1s6vD50+98H5s1OzU7NZNlXdt9C7bF8O86fFuNh76aUVZ9A7Hw7P5y1/+Y0tt//rZ+Ll//6e4vJLby2+b70qLPe5cPnW8Pytb/0rPXHrTfnru/F02MKlle8XfCW27/yv/WtaMDz+zp8L4vF+5qUfzPdD87r8+0Z8XV/h9v9wrrifr4f9uhTemXnHTcvra10+vjfCpXcXr/cr3n/hNBef178Lz/fbf1zcf9yu+Hh/GH6O+da29vNdPD6+fmGk8/7zd/G4GM4n2cXi+rhU3N+Xnrup6+bF9yHJLt6cf/1n6X5uXtfDXM3ixxZnTiycOv/IzLn5xXMzix/7+KGTp8+fOncofy/PQx/qd/vl89OW/Pw0N7/33iw/W50uxlV2rbf/zMNH5/bN3j43f+zI+WPnHj4zf/b40cXFo/Nzi7cfOXZs/qP9br8wd/+u3Qf27Ns9fXxh7v79Bw7sOTC9cOp0czOKjepj7+yHp0+dPZTfZPH+ew/suu++e2enT56em79/3+zs9Pl+t8+/N003b/2H02fnTxw5t3Byfnpx4ePz9+86sHfv7r7vBnjyzLHFqZmz50/NnF+cPztTPJapc/nFze99/W5PNS3+R/HzbKdG8UZ82Tvv2pven7XpK59Y9a6KRTreQPTZ8F4033nRmf1r+Trm/vEwkyrkfwAAACAXc/9EmIn8DwAAAJURc/+mMBP5HwAAACoj5v7JMNP/ElCT/F+5/v+2C2tav/6//n/r/tL/r1n//91l6/8X5wv9/8G40v69/n+g/6//r/+v/6//zwCUrf8fc//mLPP3fwAAAKiomPu3hJnI/wAAAFAZMfdfF2Yi/wMAAEBlxNz/gjCTmuR//X/9f/1//X/9/+7r1/8fTvr/ven/96H/P5PVq/9/cZDbfw36/5tbv9D/p4zK1v+Puf+FYSY1yf8AAABQBzH3Xx9mIv8DAABAZcTcf0OYifwPAAAAlRFz/9Ywk5rkf/3/K+r/p86V/n/79uv/t9P/D8eD/r/+/wbQ/+9N/78P/X+f/z9c/f82+v+UUdn6/zH3vyjMpCb5HwAAAOog5v4Xh5nI/wAAAFA+Y5d3s5j7XxJmsiL/X+YKAAAAgGsu5v4bs44ieE3+/q//7/P/9f/1//X/u69/7f3/0Uz/vzz0/3vT/+9D/1//X/9f/5+BKlv/P8/92WT20jCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7v9/YSbyPwAAAFRGzP3bwkxqkv/1/yvT//9F61On/6//32v9+v8+/7/K9P970//vQ/9f/1//X/+fgSpb/z/m/pvDTGqS/wEAAKAOYu6/JcxE/gcAAIDKiLn//4eZyP8AAABQGTH3bw8zqUn+1/8vef8/Nkd9/r/+v/5/Kfv/k/r/paP/35v+fx/6//r/+v/6/wxU2fr/Mfe/LMykJvkfAAAA6iDm/peHmcj/AAAAUBkx978izET+BwAAgMqIuX8qzKQm+X89/f/GRf3/1Vzlz/+fWMPn/7fR/9f/77V+/X+f/19l+v+96f/3of+v/6//r//PQJWt/x9z/61hJjXJ/wAAAFAHMffvCDOR/wEAAKAyYu6/LcxE/gcAAIDKiLl/Z5hJTfK/z/8fiv5/pv+v/6//r/+v/782+v+96f/3of+v/6//r//PQJWt/x9z/yvDTGqS/wEAAKAOYu6/PcxE/gcAAIDKiLn/VWEm8j8AAABURsz9d4SZ1CT/6//r/+v/6//r/3dfv/7/cNL/703/vw/9f/1//X/9fwaqbP3/mPtfHWZSk/wPAAAAdRBz/51hJvI/AAAAVEbM/XeFmcj/AAAAUBkx90+HmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j77w4zqUn+BwAAgDqIuf+eMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJOa5H/9f/1//X/9/3X1/1+xfL/6/wX9/3LR/+9N/78P/X/9/2ve/x/X/6dSytb/j7l/V5hJTfI/AAAA1EHM/bvDTOR/AAAAqIyY+/eEmcj/AAAAUBkx998bZlKT/K//r/+v/6//7/P/u69f/3846f/3Nvj+f3yI+v/6//r/Pv9f/5+Vytb/j7n/vjCTmuR/AAAAqIOY+/eGmcj/AAAAUBkx9+8LM5H/AQAAoDJi7t8fZlKT/K//r/+v/6//r//fff36/8NJ/783n//fh/6//v8Q9/+bx5b+P2VTtv5/zP0Hwkxqkv8BAACgDmLuf02YifwPAAAAlRFz/6+Fmcj/AAAAUBkx9/96mElN8r/+v/6//r/+f9n7/xP6//r/66D/35v+fx/6//r/Q9z/9/n/lFHZ+v8x998fZlKT/A8AAAB1EHP/b4SZyP8AAABQGTH3vzbMRP4HAACAyoi5/2CYSU3yv/7/BvX/44X6//r/+v8+/1///6rS/+9N/78P/X/9f/1//X8Gqmz9/5j7XxdmUpP8DwAAAHUQc/8DYSbyPwAAAFRGzP2vDzOR/wEAAKAyYu5/Q5hJTfK//r/P/7/2/f/xtm3X/1++nf5/Qf9f/3899P970//vQ/9f/1//X/+fgSpb/z/m/jeGmdQk/wMAAEAdxNz/pjAT+R8AAAAqI+b+N4eZyP8AAABQGTH3vyXMpCb5X/9f///a9/99/r/+f0H/X/9/EPT/e9P/70P/X/9f/1//n4EqW/8/5v7fDDOpSf4HAACAOoi5/8EwE/kfAAAAKiPm/reGmcj/AAAAUBkx978tzKQm+V//X/9f/1//X/+/+/r1/4eT/n9vQ9b//9X14XL9/4L+f7m3f739/7GOr69K//9Hq/X/lzZ13l7/n6uhbP3/mPvfHmZSk/wPAAAAdRBz/zvCTOR/AAAAqIyY+98ZZiL/AwAAQGXE3P9bYSY1yf/6/83tWG4v6//r/+cX6P/r/+v/Dy39/96GrP/v8/876P+Xe/t9/r/+PyuVrf8fc/+7wkxqkv8BAACgDmLufyjMRP4HAACAyoi5/91hJvI/AAAAVEbM/e8JM6lJ/tf/9/n/+v/6//r/3dev/z+c9P970//vQ/9f/79s/f//1P9nuJWt/x9z/8NhJjXJ/wAAAFAHMfe/N8xE/gcAAIDKiLn/t8NM5H8AAACojJj73xdmUpP8r/8/LP3/Kf3/dfb/J8Jl+v/6//r/9aL/35v+fx/6//r/Zev/+/x/hlzZ+v8x978/zGTt+X9yzUsCAAAA10TM/b8TZlKTv/8DAABAHcTc/7thJvI/AAAAVEbM/b8XZlKT/K//Pyz9f5//n/n8f/3/jsej/6//383G9f/jmUf/X/9f/z/S/9f/1/+nU9n6/zH3/36YSU3yPwAAANRBzP0fCDOR/wEAAGAodPt/sjvF3H8ozET+BwAAgMqIuf9wmElN8r/+v/6//n9J+/9/seNffvDddxzepf+v/6//vy4b+vn/zRe/z//X/9f/T/T/9f/1/+lUtv5/zP1HwkyWg9/bfMA/AAAADLeY+/8gzKQmf/8HAACAOoi5/2iYifwPAAAAlRFz/1yYSU3yv/6//r/+f0n7/0P8+f9xfwxT/3960xD1/+NJV/+/qw3t/793uSeu/7/e/v9E10s7+/8N/f82+v/r3v7vZFmm/6//zzVUtv5/zP3zYSY1yf8AAABQByH3jxwr5vIV8j8AAABURsz9x8NM5H8AAACojJj7PxhmUpP8r/+v/6//r//v8/+7r7+0/X+f/9+T/n9v5en/d+fz//X/h3n79f/1/1mpbP3/mPsXwkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/4fDTOR/AAAAqIyY+0+EmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j7T4aZ1CT/AwAAQB3E3H8qzOT/2LuPJsvq847jt3FTzBQb77zwwt77JbAwa/sFeMHGC7vK5YWxjXNicI4454BtJRRQAAmhhHICJSSUhSSUc0AZSTUqmOd5Znr69LndM7e7z/0/n89CDzSMzkU1BfrRfDn2PwAAAAwjd//NcYv9DwAAAMPI3f/LcUuT/a//1/8P2///pP7/oOfr//X/I9P/z9P/r6H/1//r//X/bNTS+v/c/b8StzTZ/wAAANBB7v5fjVvsfwAAABhG7v5b4hb7HwAAAIaRu//X4pYm+/+y/n9n1bP/z4xX/z9S/+/9/wc+X/+v/x/Zyfb/tz3xZz79v/5f/x/0//p//T+XW1r/n7v/1+OWJvsfAAAAOsjd/xtxi/0PAAAAw8jd/5txi/0PAAAAw8jd/1txS5P97/3/3v+v/9f/6/+nn6//307e/z+vU/9/y8PX/9Jj9/7ofUd5vv5f/6//1/+zWUvr/3P3/3bc0mT/AwAAQAe5+38nbrH/AQAAYBi5+383brH/AQAAYAudnfxq7v7fi1ua7H/9v/5f/x/9/xn9v/5f/z8C/f+8Tv3/lTxf/6//1//r/9mspfX/uft/P25psv8BAACgg9z9fxC32P8AAACwXFP/IPaM3P23xi32PwAAAAwjd/+5uKXJ/tf/H3///339/3b0/97/r//X/w9B/z9P/7+G/l//r//X/7NRS+v/c/ffFrc02f8AAADQQe7+P4xb7H8AAAAYRu7+P4pb7H8AAAAYRu7+P45bmux//b/3/+v/9f/6/+nn6/+3k/5/nv5/Df3/1fbz1+r/9f/6fy51xP7/8Zk/bW+k/8/d/ydxS5P9DwAAAB3k7v/TuMX+BwAAgGHk7v+zuMX+BwAAgGHk7v/zuKXJ/tf/6//1//r/K+7/9//Ue5L+f5r+/2To/+ctpv/f2Z38sv5/6/t/7//X/+v/2WNp7//P3f8XcUuT/Q8AAAAd5O7/y7hlZv8f+W/mAwAAAKcqd/9fxS2+/w8AAABbL6uz3P1/Hbc02f/6f/2//l//7/3/08+f6//vu+Tz6f+XRf8/bzH9/wH0//r/bf78+n/9P/strf/P3f83cUuT/Q8AAAAd5O6/PW6x/wEAAGAYufv/Nm6x/wEAAGAYufv/Lm5psv+n+/+Lv13/fzj6/72fX/8//fNjU/1//jfq/2f7/xu9/78n/f88/f8a+n/9v/7/oP7/7Lofr/9nytL6/9z9fx+3NNn/AAAA0EHu/n+IW+x/AAAAGEbu/n+MW+x/AAAAGEbu/n+KW5rsf+//1//r/7ev//f+/wtO8/3/qxPv/3f1/4ek/5+n/19D/6//1//Pv/9/5t8CoP9nytL6/9z9/xy3NNn/AAAA0EHu/n+JW+x/AAAA2A6X/rMDl/8DpSF3/7/GLfY/AAAADCN3/7/FLePs/9l3der/9f/6f/2//n/6+cvq/73//7D0//P0/2vo/4+jn98drP+/46Afv4T+/9bj7v9n6P+Zsqf/v//i10+r/8/d/+9xyzj7HwAAANrL3f8fcYv9DwAAAMPI3f+fcYv9DwAAAMPI3f9fcUuT/X/s/f/Mv31A/6//1//r//X/+v9N0//P0/+vof/3/n/v/9f/s1F7+v9LnFb/n7v/v+OWJvsfAAAAOsjd/z9xi/0PAAAAw8jdf0fcYv8DAADAMHL3/2/c0mT/e/+//l//r//X/08/X/+/na6qv79G/1/0//p//b/+X//PBiyt/8/d/39xS5P9DwAAAB3k7v//uMX+BwAAgGHk7n9K3GL/AwAAwDBy9z81bmmy//X/x9v/59f1//r/lf5f/6//PxFt3/+/M/VXov0O6P8f/IVzP733K/p//b/+X/+v/+eQfnjmty2i/z9/8f9d5u5/WtzSZP8DAABAB7n7nx632P8AAAAwjNz9z4hb7H8AAAAYRu7+O+OWI+7/ueZhyfT/3v+v/9f/6/+nn6//305t+/9D8v7/NfT/+n/9v/6fjVpE/3/Jr+fuf2bc4vv/AAAAMIzc/c+KW+x/AAAAGEbu/mfHLfY/AAAADCN3/3Pilib7X/+v/9f/6//1/9PP1/9vJ/3/PP3/GtvU/995Ff3/7vSXT7ufv1qn/fn1//p/9lta/5+7/664pcn+BwAAgA5y9z83brH/AQAAYBi5+58Xt9j/AAAAMIzc/c+PW5rsf/2//l//r//X/08/X/+/nfT/8/T/q9Xq7pkPMNX/n79umf2/9/8v7vPr//X/7Le0/j93/wvilib7HwAAADrI3X933GL/AwAAwDBy998Tt9j/AAAAMIzc/S+MW5rsf/2//l//r//X/08/X/+/nfT/8/T/a2zT+//1/4v7/Pp//T/7La3/z93/orilyf4HAACADnL33xu32P8AAAAwjNz9L45b7H8AAAAYRu7+++KWJvtf/6//1//r//X/08/X/2+n4+v/V/p//b/+fw39v/5f/8/lltb/5+5/SdzSZP8DAABAB7n7Xxq32P8AAAAwjNz9L4tb7H8AAAAYRu7+l8ctTfa//l//r//X/+v/p5+v/99O3v8/T/+/hv5f/6//1/+zUdP9/62n1v/n7n9F3NJk/wMAAEAHufvvj1vsfwAAABhG7v5Xxi32PwAAAAwjd/+r4pYm+1//r//f2/+vVvp//b/+/4IT6P/PrPT/G6f/n6f/X0P/P2b/f81qoP7/7IE/Xv/PEi3t/f+5+18dtzTZ/wAAANBB7v7XxC32PwAAAAwjd/9r4xb7HwAAAIaRu/91cUuT/a//1/97/7/+X/8//Xzv/99O+v95+v819P9j9v/e/6//59Qsrf/P3f/6uKXJ/gcAAIAOcve/IW6x/wEAAGAYufvfGLfY/wAAADCM3P1vilua7H/9v/5f/6//1/9PP1//v530//P0/2vo//X/+n/9Pxu1tP4/d/+b45Ym+x8AAAA6yN3/QNxi/wMAAMAwcvc/GLfY/wAAADCM3P1viVua7H/9v/5f/7+d/f8Z/b/+X/8/aSn9/w03/NRD+n/9v/5f/6//1/93t7T+P3f/W+OWJvsfAAAAOsjd/7a4xf4HAACAYeTuf3vcYv8DAADAMHL3vyNuabL/9/f/164uFKoXTPX/0ajp/y+h/9/7+fX/0z8/vP9f/6//P35L6f+9///KPr/+X/+/zZ//SP3/j+//8fp/RrS0/j93/0NxS5P9DwAAAB3k7n9n3GL/AwAAwDBy978rbrH/AQAAYBi5+x+OW5rsf+//1//r//X/+v/p5+v/t5P+f57+fw39v/7f+/9v/rkf0v+zOUvr/3P3vztuabL/AQAAoIPc/e+JW+x/AAAAGEbu/vfGLfY/AAAADCN3//vilib7X/+v/9f/6//1/9PP1/9vJ/3/PP1/ufwP7YI+/f+ZqS+edj9/tU778w/T/3v/Pxu0tP4/d//745Ym+x8AAAA6yN3/gbjF/gcAAIBh5O7/YNxi/wMAAMAwcvd/KG5psv/1//r/8fv/n9X/X/Z8/b/+f2T6//wr+jT9/xp9+v9Jp93Pb/vn1//r/9lvaf1/7v5H4pYm+x8AAAA6yN3/4bjF/gcAAIBh5O7/SNxi/wMAAMAwcvd/NG5psv/1/736/51Vx/7f+//1//r/TvT/8/T/a+j/9f/6f/0/G7W0/j93/6M7uy33PwAAAGyrn/mJX3zksL/vo0/+55nVx+KWG1fnD/ltbAAAAGDhntj9O7ur1cef/DXf/wcAAIAR5e7/RNzSZP/r/3v1/z3f/6//1//r/zvR/8/T/6+h/9f/6//1/2zU0vr/3P2fjFsuGX67R/6jBAAAAJYkd/+n4pYm3/8HAACADnL3fzpu2bf//esAAQAAYFvl7v9M3NLk+//6/4X3/6tj6v/j99P/X6D/1/9PPV//v530//Ousv8/v6P/1//P0P/r//X/XG5p/X/u/s/GLU32PwAAAAxqz99RyN3/ubjF/gcAAIBh5O7/fNxi/wMAAMAwcvd/IW5psv/1/yfe/2eqfozv/z9bv+T9/837/9vPTD5f/6//H5n+f573/6+h/x+l/79O/6//ZxmW1v/n7v9i3NJk/wMAAEAHufu/FLfY/wAAADCM3P1fjlvsfwAAABhG7v6vxC1N9r/+f+Hv/7+i/v8Q7//X//fo/w94/jj9/49cf+6Bm37+nrv0/1x0kv1//lzQ/+v/9f8XLKj/9/5//T8Lsfn+f3fPF4/a/+fu/2rc0mT/AwAAQAe5+x+LW+x/AAAAGEbu/q/FLfY/AAAADCN3/9fjlib7X/+v/19K/5//W59C/3/uivv/s6vV6lT6/2yKu/f/3v+v/9/P+//n6f/X0P/r//X/+n82avP9/94vHrX/z93/jbilyf4HAACADnL3fzNuyf2/c+S/dQ8AAAAsTO7+b8Utvv8PAAAAw8jd/+24pcn+1//r/5fS/yfv/7/448Z6//9NFaf27P9/rH5J/3+89P/z9P9r6P/1//p//T8btbT+P3f/d+KWJvsfAAAAOsjd/3jcYv8DAADAMHL3fzdusf8BAABgGLn7vxe3NNn/+v9R+/8s4vX/+v+l9P/e/+/9/ydD/z9P/7+G/l//r//X/7NRS+v/c/f/IAAA//9GqnSo")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x9c)
lseek(r0, 0x12, 0x0)
getdents64(r0, 0x0, 0x22)

40.785193412s ago: executing program 0 (id=262):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000580), 0x4, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000080)={0x73, 0x18, 0x4, 0x0, "d80004000000000000957f00003d4a100a000000000020020661e6e66b8b37ff"})

39.776205938s ago: executing program 0 (id=270):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000008000000080000000600000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x18)
timer_create(0x3, 0x0, &(0x7f00000001c0))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

39.295605011s ago: executing program 33 (id=270):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000008000000080000000600000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x18)
timer_create(0x3, 0x0, &(0x7f00000001c0))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

6.58009925s ago: executing program 1 (id=435):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)={0x34, r0, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}, 0x1, 0x0, 0x0, 0x22004804}, 0x4014)

6.49491526s ago: executing program 1 (id=437):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0xffffe000)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020)

5.380091757s ago: executing program 1 (id=441):
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="31010000dccd5e08cb060300000000ea22010902240001000064000904340102d469e70009058acf"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)

4.235886024s ago: executing program 4 (id=445):
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2000000, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
read$FUSE(r0, &(0x7f0000000880)={0x2020}, 0x2020)

3.545595478s ago: executing program 4 (id=450):
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
futex(&(0x7f000000cffc), 0x9, 0x0, 0x0, 0x0, 0x80)
futex(&(0x7f000000cffc), 0xa, 0x301, 0x0, 0x0, 0x2)

3.364104139s ago: executing program 5 (id=451):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0c00cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @remote, @dev, @remote}}}}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)

3.2261249s ago: executing program 5 (id=453):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f00000002c0)={[{@barrier}, {@autodefrag}, {@noacl}, {@compress_algo={'compress', 0x3d, 'no'}}, {@max_inline={'max_inline', 0x3d, [0x30, 0x30, 0x32, 0x74, 0x39, 0x0]}}, {@noacl}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x34, 0x74]}}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x101042, 0x0)
unlink(&(0x7f0000000040)='./file1\x00')
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
pwrite64(r0, &(0x7f00000003c0)="7f", 0x1, 0xf00)

3.18198717s ago: executing program 1 (id=454):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000005c0)=ANY=[], 0x28}}, 0x2000c094)
sendto$llc(r1, 0x0, 0x0, 0x20000001, 0x0, 0x0)

2.957023022s ago: executing program 1 (id=456):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0x8, "9e3ce079"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGSTRING(r1, 0x81044804, &(0x7f0000000580)={0xf01, "c46156586b3c519a0edc9b995e1b981651eab5eb7c74a79f4d5c40167e5b371a335e314c62447265b8ca19141390f98a5603b0afc9a4b1942780b36ca7474449efb3f766e2ef156966aa13834dff3c503594c86be86be88b3e44c5ac232245123748ce3202e01a80e3c55c00b9065585a88c8492d481f743aac6f4d8475ea5f5b8c877fdeeda554ea1b7fe1f55e2be97ba861e5c6604da379d16642667a5bb9c1ad5a7ed6e1edfe80e1a033d8e1f9aa18937059638245f1acdd5225a0622ab9fc39c9cee756d14600bd6b133584269e62901a9c1e2e416d1ff93fe998c73a68ddf37be56cb244730e1ef9743cf98aa6190a2fdfd1f683ab8d57ca665dffe4b075c6f98ad1b6d77414d61111a91f32c1011a5f18c06128a7262717558af8c3f43852b5bf0e86ba20bc6966153af11710171870af7f61d256b160ede423586b6fb4146f440c2aadb685479d1bf9f37a8f6a297d9855b05973dfc6aba4102c4fce75953f2eb0e2027e1ce47e1956d1d113704efc23e7762afc1e7b6e9641108c26f98af99309401eb477f926b33834301ee810f22ecb669766950745a58315a251dcda38c64128377e4517ad555fab7d4e0d8c57597d302d2e65938f0a16e21844becfab87f8294e8524b65ff2f3e95b7a9364560d04ebfd5d5ae12a078e178748fbfc96d9641bab504ccddcd1d062423d10155879c5520a38e492044a68fd8607f7eb128bbd8bc60ca4e4b74b9141e835ec0a7d966df4e74e5c646cda2a4810f32b27ee4fabb849e57f825e362044466c979069ecd4285727872f3501ed1895283bfa9601329ed61f37f855d739e9743446dc773b2efb7e845f48b05339101be6c58f8f044c1aca0a6199804185d9bda4dd10e3f6f60b6c0743e0e5e5ff1a5374495363c2582e9c8688c01cbfdf50b921972485e62d5459612c832fe137bc78df1a2787505dbccd2dd1363f7a8576dab5ab2960f75d0fa0fb5281727f8773fc90b28a6f87878ed83b6abb539a9a7c3a62dd8708c8d0179d89219403d468ee38b7072ad424eaba30e768dac32f65a9f102f16de26d39a1bf1531b310334c3c2c13ea6a843f5ba3509b2a94d5dd2c52a7aeab6834860e038d72d9f70a57adbbfbd46fb5d964fd3f3af80bb787a26e50d6739345b3fc7dfd2559debf6be70d5aad24501375d6af189b65367093620b67bebe326bda7807c64a6376f26ea3d71e99f9fb406758f2066f935a606a69726bd11cf124a85f6574b1e02188ef1b3a59dde60792cff27db02c2870a9f610e7063a7a9cc9f2d3343a854de766a430184ab06d45f6789200db0aeea8b99f29e4a23be2f887bfdd00a7209cf48cea5fa6c545404aea5821e96f7dcddfd09ad95158977cdfbebe470da27af6b6d951a4ab16a333fdd71a1208fecc157248473c08a8fd20c7f9499f8b7220c5eebe704635080bdded3a3423857120043cef086feeb97a299041c4016f88d1b63eb99eeccf44a7566e46f03cbf4c88a23939ea0e4109369f38b5b2de40fa9c95d935bf05c9f5a9d2703a1f2818195d6227bb814c595f97bd39b88d3b38a94180073abafc6f917fb69954e797f3cdd2ef582e4e0fe5bf5485f478e6c54dd944bbf7c74a94a1836f0c44ef645417bf6a31728fcf0f5f80b67586618fa41ac4d7a347a5abe3397c3e766522db35720a49bd463d3dde299c7f0749bd31a78d8f5f5a37691cc839f0990172878c0be7daa1922674ce7039647a22613ed14e2d5566b1aeb5b699f3a4dcd0c033710675aa28f3b6c38920f554483a6873bd4766525ff8a892397ef8818807484f59975c589ff20c2e28f5cd0fbdb7075e318133366c8285bf5e9fe3eb5a3cb40fc94b8047c44c6182442968f9b784ed671fc0445cc5aa363d0e52ec89b04dba1cea9d8871d1f5609c5514bfbaf89b30529748d9d73e8f1537fecd7875737227bde7e8ee89447c24dd17e75f07301b2eddeaf59b7140bce65285fbcbe193c43bcdedd40488d150737f69a8e58807024208ebd2414d0938e0de76cc6a0ca51688fc383ebcb62a1e13db07b75af82a70d23f9ad2fbbc7dc0bfb4e114ecb3867a57b10623adfd12a9ca91c28f341b1d9a261ad6e180a9cac31b059008da175a71c531215efe598dd75b94d69da02e2f69aac316b5310af8006a5b03916bb5c19e30d105ce12713108b237cc1e212474709f082c6a4e7ce5848ee68ddfcb125ff8915f701af0a0f43c532098afe87b5839fb6256d6edfb3e8b15c336ff400c3da55c077918cf006247f27d79070be9aa883703bc761fb947b0a3e0e28a2ccb98e5d564861cb9f9db6b7e2d97dd86f2af13b3ebbf5771b03f7325b3c9d72bf66d9e622f0a9a32241379e6d060c6f50270dc89eeac3ece911eaa862285239e8f5a873c5120f3eb9eaf30f4621ac02bf1b9dedf062760d80e462158ded76748daaec3d5c9c79ea0deabc5eefdb4d6c441497af33e8653fcf2b91a7115267402a31752798a6eee90eadb3d52da14ef89908cd0e344d54c13d5fcc57d07880019dea4849c75f898bf8ab84e4da8292d2deacd1b5b6288934d61db6861cf00061eba35e7081b141434e01f1c094d66c7343534b13772ad9d70576292f219ca8c54c55c287d6c78cc7116fef54e9ee43c5398469619094eef7b1f091ada2bec619883e0f2d780ab08cebfab43dedce6af89da72903416f5b953267c612accbd7bc8e12f53138d273f9f35fca10569ed22d0d37b5af571ff5ee707de59a6e5234d50b5403ae9648c34b0a0967f46db4744ee972a9ad9d399fadb1a2dc468f33f93459f73e19cb6ff05ea2c8a6b0e60b6267e78f5dda1b0bf630fe18b822864e980c858057548d1028adcde432c99dabe1bfc19b5595b556ca03baa23bc0bc9a67eec3ea705cd2b7392024de410a084cee2f8345f86c43758f4453d4b77f33ebd15e0a46514cc61862680601ba60a344e44112c445bf1df0c94bdffb32a11a95630de9eb6f9f258d1abe6fe3ece37d8a76aba743ef6eb8411a9d76927594052205ff2252687772ed75150ac17bb52964a1d960d047ffaf3eae985a4443a3a6cbca1b1e9d313ffa421f66a4762df91b37ca5f7111b1ab56a54153acdb112643c693d3f1e78c7527e9abe6f595fc0d71ffc3f370b4d873ea5daabedf8514a5029556400877d0fff6ff053f4a6859be200d0b695f4a327cd4c1e60c6299fa01ec847d22cdc1757fcac5af187235b6252892bee8339248f63e51fd12beb78c95f2f0e5cab5690f1ba8c59484edadb281e2689c260a61d861bf49c5ba0487f3cef87ec07bda70825409bc5f9c2e1032a65b80571572a1f584342b58329398a8cbb30b850e7388ecde660cdad8f892d06042688dfc16b6f9a4ec7a4f571e3c3bbc5bfe8b1395f08db6ce42cd1348fa764f1797f5e3abf3071e9ffc224c33c14897a52ac58c7cbe40c9b0f082fd994b04d87a123e0e6f69b0a869d41a24ddcea54e95c3fc16b434988873e36d53c29c30fb14878bcc585b491d0a15e05cd686429fcb38184c317fe1507d9ae995b894c301736d8ef4e8327a116f519438a7117b068af7c9997b547b6b4f48bada6c2ca951a0bfb28b598271cd9ebfb4209557d024785d68ca3d3641de3f019c071b26acfa49673fce3c5e17ac5548724626caf441b4dc9df51d497aa4d1b0a86782aa37dada5ae5a80a374a9d6000ed5eb4e732b9f4f38cdd95caf583955dd92516c562467794ca46aac81ea134300f957a33538dfbaa5751e78713cc5b269a733560464309492d0f598d5cd12c5d8621e8ff7aaa3ae9f6ff29fd40cd370264294ded21ebdc8a6bd751c17e5eb97a3b61f8cced1e6ddd1f28f9df08d63684938908c9b123d90b6fa45aa3a251ca8e80e4e53830351e1a86ae1ec0d2bc0a7f2beb1e523b6c036d11781c797f908f2b3344d9fc3869cc3e89ac92197175548eb839aed40a963d54573bab2d00d211919c67b67d52ed173392a472e6f798b649a6aab5926442233b50d87e15aa2b3be9bf7b8d30ccae8fa0a847460d5e0dab5a87bcaf8089144ec045fc4050c64f65b7bc0a007cac245f577cb3697fb7156310195f946a0c5a4cb2dcc070ddc034d4936f98dda35a55375d5e80b0b9e3c666c9b5fd432cb536f697d162b2bfe8d21521e09efb292f3ec2c9c5087fdbe2668d8bf9b5311ba6d52a92ff68a11f8174f98f34f7c1f6b9d4f76199de5f3ea0e46b945234f4c92d3087fbda35def383f55085dbb2c543860d21651f0494e75a709398a1c9de5c8848cd13fd32a126df72b82dcc5ead66eae196c9fa8d365c4230811228cc90ded4b27b0b4cf81643c2db4a6eb395075423a05a3a6b0b6f43b673b57ee45f03e6786774a3ffebffbc0301ae97a67c30f831307a3b8781585f6627c6257f78105031401b1e959079c11ece5f3f932ece2a86130c185ac151bcbc159820912836aace4de311e2d635db4d55d51731afb7658f85b7b47d19f7b2bc0035719b8bbe899da4bc762b9bdec765380ed810dbc8376e6a12938deeab2c64b982bd88624933030999a872cf3fca7942677beaae9d64d49bc9b770953397a317d2d2b54bbd243d3169c1a843a77ee0d4147a29cc67475628dadf4cc1bcf2bfdf1bebf911120c878f564f747891f1b886ce1aba8ac95906c332c312272fe2f416751d561a4cce52c66b02a04b4fb4bbfcaabd7421997dfd418f9a3346d71f19f85fdef8bc5eb877fdacc9dfc6af119480013662ca97341c9681fa521eabd1790e81d982c4ce6c65359d8cb4a4fbd7f0f653f969597448bafe7ea5cb27a9eb36725c17784103d8c1c468635306ee518ecda7348747a68997e68076b555bc2d73049f7bc1e6411ca7b3c1078cfb2fa1def8e9f5ed28bb8b382d4565be72a83cd511939595bf5c514cbd2b578fce3f727bc9713fc789dff6576260165bdc4ff6dfdc5280db7f19aabe204ea677e173f3cb78aa416a93ee1879758ec74159fc8b44479ec9786df91c7e4dbfab42fe81a5c4d500fb8af43a414b49581c57f45473584612c8d0eba56f2f3156312cb447b056eda6aa15171106a3492805e1008aef982691fcf168ebc6ae853c6ad0123a5b146a7d3b90bd00e5c59962ccce73ae0a822819a3ff4126207ceaa97f2cf3458a44313b4e38302ab84efcfe971aea013d0772087bc6fa3848fb350acb9de16a6bc781e110ad809626791cffd36fc249a5c5444b8b948b2e1ff10b8a8061b512c02f219b45f7f2df734c22ef4889e45b95c9a51d696dfd79edcb544bdaf63733c70a345027c463eae36558d58619e08afb8714e90367fe34ad433b7443ec91b79c4cb4f4832f92e4a82f76d5cbc06e932ff401e945cd291c8cbd36ecba63202062c45320aea540a5688790e04d9aee2ae55f4792895ed3273d4ae5f2cbeb96becdb6bfc2fd766d4f7a0af9e8c6c65f4beac828c0"})

2.507634994s ago: executing program 4 (id=457):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xee01)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000001440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setxattr$incfs_id(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x1)

2.211051726s ago: executing program 4 (id=458):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES16=r1], 0x0)

1.901722978s ago: executing program 3 (id=459):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x1, 0x40000003, {0xa, 0x4e20, 0xffff, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}}}, 0x80, 0x0}, 0x886f5cad098fbc1)
ioctl$SIOCSIFHWADDR(r0, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @random="62bcd6224bc6"})

1.832268688s ago: executing program 3 (id=460):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@rand_addr=' \x01\x00', @in=@empty, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xfffffffffffffffd, 0x0, 0x6, 0x0, 0x5, 0x80000000, 0x0, 0x7fffffffffffffff}, {0x0, 0x0, 0xffffffffffffffff, 0x20000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d5, 0x6c}, 0x2, @in=@private=0xa010102, 0x350a, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

1.54306066s ago: executing program 5 (id=461):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0c0009800800014000000080c6bb41e9cbe695331400000011000100"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000000a0a0102"], 0x14}}, 0x0)

1.54257754s ago: executing program 3 (id=462):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000940)=@newlink={0x3c, 0x10, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@IFLA_VF_PORTS={0x1c, 0x18, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "064979d3291c76d0aa977b635a66c66d"}]}]}]}, 0x3c}}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000002040)=0x4, 0x4)
sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000690005"], 0x28}}, 0x0)
recvmmsg(r0, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/91, 0x5b}}, {{&(0x7f0000000000)=@isdn, 0x0, &(0x7f0000000640)=[{&(0x7f0000000080)=""/225}, {&(0x7f00000001c0)=""/65}, {&(0x7f0000000d40)=""/4096}, {&(0x7f0000000240)=""/99}, {&(0x7f00000002c0)=""/122}, {&(0x7f0000000340)=""/217}, {&(0x7f00000008c0)=""/35}, {&(0x7f0000000500)=""/227}, {&(0x7f0000000600)=""/1}]}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000700)=""/27}], 0x0, &(0x7f0000000780)=""/112}}], 0x40000000000024a, 0x40002002, 0x0)

1.182223712s ago: executing program 3 (id=463):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @val={@void, {0x8100, 0x5, 0x1, 0x2}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0xfc, 0x2f, 0x0, @private=0x1fe1, @multicast1}, {0x2000, 0x8100, 0xc, 0x0, @opaque="386ec88a"}}}}}}, 0x32)

921.888504ms ago: executing program 5 (id=464):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")

824.088705ms ago: executing program 1 (id=465):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x10008d0, &(0x7f0000000280)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c7072656665727265645f736c6f743d30303030303030303030303030303030303030312c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00b83578110c8182871d1a888ab910bda6ed5eb8d85850b69e5f00a4b2822944f8a40011442cbdd903ae8f5dbd229f91fe1093b9e1d8042b3023b0ec8f09897497044a104701d3013512e0487b6bd6650f232292d8b0155a94728bba1a8248fed123795bcc184683b33d0d5f4455ea61c1cb567c01edd33f14c229437ce876bf88798ec1e2f28b87b591031c3d50710d9cc51b760aff0105a5c3772f54bdf7395bb2bb7b4a0323ca"], 0x1, 0x4440, &(0x7f00000088c0)="$eJzs3b9vHFkdAPA3Y4fYIQE7pAgSEisRCQTIslMFHAnHceLYiQkKJEI0m7W9SQxrb2SvEUUK00WiQqJAFBFIdK4iF7ThT6ChzNWR7opr7nRSdD7tzqy9M96V96xd+5L7fIqdnfdrnvc78+ZNMX5xqvZkZaOwslEorRWqS482Lhf+WK1srpZDfEzaHv/U8R2f7vTjPDnpc+/r7O71m79+cDmE/y7//83u7u5uqBsMbU20fP/k42dLrdumOFen3m425Vb7xo/sdyGECwf6VTcQQvjtf0KIQgjX0rTpdDscQjgXkrwHz/7ysNCj3rx8Xb5afLvwfGfy0vz2i503HQtGIfyj8t2fPl798AcDkx/8uEeHBwAAAAAAAAAAAAAAAADgHTd77+79X41PhFdRGNyODr6vO5tuO70fu9sz3+//HwsAAAAAAAAAAAAAAAAAAABfUfvv/xei823e/59Jt1Md6u/+ov99pH/mfnl35sb4RLr+e3Qg/0qa9NG1gTDaZt33/Prv13L1D67/HtJV13vjShRlVqsfCVE81tKPkRDHY2Mh/Ctd+P1idCauVDdqP3lU3Vxb7lk33lnZ+Cer92eiky7o3238p3Ptt49/L33nwNlU33/Yu1PsvZaN/0DHcv/+c9RV/K/n6h1H/Dm6bPyToXS4tcBUMgDU4//XwcPjP5Nrvz/xP7X3bTgUMiNAfQ5TiDrPV8jKxj/5XTNDZ/pDdrr+P8vF/0au/ZMa/7fyNyLaysb/G420oUyJ/et/ND78+r+Za/8k4l/v/5b7f1ey8T+dJGZm1MnP2+34P5trvyX+n/ay3/fjtJ/fijJnwHaUpHf6f3VkZeM/dCB///kv7mr+dytXv//Pf9njNp//msP/j6Lk+Y/2svEf7liu2+t/Llev3+P/VGP+x1Fl43+mkdacOyd3/pHGZ7fxn8+136/4N/o21Iz//njy+ekk/Z/mf13Jxv+bSWLcWmKr8dmY/0WHz/9v59o/iflfvf9bcX+P+r7Ixv9sx3L1+P+vi/v/nVy9/sc/hHFz/SPLxv9cx3KN63/o8Pgv5Or1O/4/7GfjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+A6XQ7EqJ4LLMfx2NjIVxP9y+GM9Fiabm4WKku/WEjhJk0vRDOR48r1cVSpbiyVl0uF0uVSnUphBtp/oUwFG1UqrXiaunpzb22hqMn5dJ6bbFcqoUQZtP074VzzbYWV2qrpachhFt7ed+Oq+tPn5TWissr6z8fHx8fD3N7fRiNyn+qlddqydGT3BDm9+qORC2da2Tf3uvL2ej31c31tVKlkX6npU6lulSqtNRZSPP+Fkaj2vrm2lKpVi5Wqo+bxztJU+l2Zu7eb+7dmTiQ/zBKttPH2y0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvqRXkz/7ewhhMNmLQwhTzS9Ru/IvX5evFt8uPN+ZvDS//WLnzanj7S4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBfswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYZf+URoIojgAvxkL/1Qew2rZ7WxXFNHCFcET6DE8jB7FS3gHCwtbCwkkMyRsspAmKcL3NY/dHzPvwTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgINz+zQ8P7ZdRIqT/+OIz9ev79X8vtT3q83nj/YwI7tz9zBc37Rdefe0ll+WXz99nqd/v28vsaxn9bv6GO3JeJ8Wap/Tybmm9m1qvtr3PFJuIqIv+UXKuWm2uwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBk7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZR9G0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA///+NR/5")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x80)

625.508236ms ago: executing program 5 (id=466):
syz_emit_ethernet(0x76, &(0x7f0000000040)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x502, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @remote, [@hopopts={0x3a, 0x0, '\x00', [@pad1]}]}}}}}}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000005fc0)={@remote, @empty, @mcast1, 0x4, 0x8000, 0x40, 0x400, 0x5, 0x1cc0014, r2})

590.929466ms ago: executing program 3 (id=467):
r0 = socket(0x10, 0x80803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYBLOB="1c0000005e000102000000000000000000000000682ce665c9"], 0x1c}, 0x1, 0x0, 0x0, 0x4008001}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
recvmmsg(r0, &(0x7f0000002e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

383.961017ms ago: executing program 5 (id=468):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x9)

360.398038ms ago: executing program 4 (id=469):
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000000)='./file1\x00', 0xa18c14, &(0x7f0000000240)={[{@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@shortname_winnt}, {@fat=@codepage={'codepage', 0x3d, '857'}}, {@iocharset={'iocharset', 0x3d, 'cp866'}}, {@uni_xlateno}, {@shortname_mixed}, {@shortname_win95}, {@shortname_lower}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@shortname_lower}, {@rodir}, {@utf8no}]}, 0x81, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==")
landlock_create_ruleset(&(0x7f0000000040)={0xf0ffc94e915cdaa7, 0x0, 0x2}, 0x18, 0x0)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2436423bc3e16464, &(0x7f0000000000)={[{@dax_inode}, {@dioread_nolock}, {@jqfmt_vfsv0}, {@orlov}, {@init_itable}, {@usrjquota, 0x2e}], [], 0x2c}, 0x0, 0x465, &(0x7f00000009c0)="$eJzs28tvG8UfAPDvrvPo85f8Snn0AQQKIuKRNGmBHriAQOKCVAkO5RjStCpNG9QEiVYVDQiVI+pfAByR+As4wQUBJxBXuKNKFeqFwgEtWnvtGj/S2HHqFn8+0iYz+/DM17tjz854AxhYE/mfJGJHRPwSEWMRUWrcYaLy78b1i/N/Xr84n0SWvf57kh8Wf1y/OF/dNSn+by8yk2lE+lES+1qUu3z+wum5xcWFc0V+euXMO9PL5y88c+rM3MmFkwtnZ48cOXxo5vnnZp/tSZw787rufX9p/55X37zy2vyxK299/2Ve3x3F9vo4KsY3XOZETNTek0aPb/jV7yw769LJUB8rQkfytp6fruFy+x+LUtw8eWPxyod9rRywqbIsy0ab1tZ6AKsZ8B+WRL9rAPRH9Ys+v/+tLrex+9F3116s3ADlcd8olsqWoUiLfYYb7m97aSIijq3+9Wm+RMtxCACA3vo67/883ar/l8Z9dfv9r5gbGo+I/0fEroi4JyJ2R8S9EeV974+IBzosf6Ih39z/+WlrV4GtU97/e6GY2/p3/6/a+4vxUpHbWY5/ODlxanHhYPGeTMbwaJ6fWaOMb17++ZN22+r7f/mSl1/tC0bESER6dahhgO743MrcBsOuufZBeQzwUnP8SW0mIImIPRGxt4vX3xIRp578Yn+77beIf209mGfKPo94onL+V6Mh/qpk7fnJ6S2xuHBwunpVNPvhx8tH25W/ofh7ID//21pe/7X4x5P6+drlzsu4/OvHbe9pbh1/6+t/JHmjnB4p1r03t7JybiZiJFltXj9bZIZu5qv75/FPHmjd/ndF/P1Zcei+iMgv4gcj4qGIeLio+yMR8WhEHFgj/u9eeuzt7uPfXHn8xzs6/9VE0rSmXaJ0+tuv2pV/6/iPXh0aPVxOTRZr1vP5t556dXc1AwAAwN0nLf8GPkmnauk0nZqq/IZ/d2xLF5eWV546sfTu2eOV38qPx3BaHekaqxsPnSnGhqv52Yb8ofK4cZZl2dZyfmp+aXGz5tSB9dnepv3nfiv1u3bAputoHq3dE23AXcnzmjC4tH8YXNo/DC7tHwZXq/Z/KeJGH6oC3Ga+/2Fwaf8wuLR/GFzaPwykNs/GJ7HO5+fbHV7R5eEDlSjdGdXoOBHpHVGN7hLphl+n1Lv6jHbQUi7F7Xqj+vzBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0CP/BAAA//8xr+fd")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)

271.748708ms ago: executing program 3 (id=470):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x65]}, 0x8, 0x80000)
read$FUSE(r0, &(0x7f0000000700)={0x2020}, 0x2020)
unshare(0x22020600)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x9]}, 0x8, 0x80800)
signalfd4(r1, &(0x7f0000000140)={[0x72]}, 0x8, 0x0)

0s ago: executing program 4 (id=471):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000240), 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240))
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

kernel console output (not intermixed with test programs):

_0): Enslaving as an active interface with an up link
[   78.751704][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.784345][ T5787] team0: Port device team_slave_1 added
[   78.814819][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.826800][ T5789] team0: Port device team_slave_0 added
[   78.834982][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.857552][ T5790] team0: Port device team_slave_0 added
[   78.865222][ T5789] team0: Port device team_slave_1 added
[   78.872620][ T5790] team0: Port device team_slave_1 added
[   78.946441][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.953432][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.980032][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.994349][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.001344][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.027828][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.063944][ T5788] team0: Port device team_slave_0 added
[   79.073141][ T5788] team0: Port device team_slave_1 added
[   79.100884][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.108170][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.134296][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.146459][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.153442][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.179854][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.212828][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.219905][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.246687][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.263949][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.270992][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.297238][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.325490][ T5787] hsr_slave_0: entered promiscuous mode
[   79.332897][ T5787] hsr_slave_1: entered promiscuous mode
[   79.363312][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.370527][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.396721][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.407659][ T5803] Bluetooth: hci3: command tx timeout
[   79.446897][ T5789] hsr_slave_0: entered promiscuous mode
[   79.453430][ T5789] hsr_slave_1: entered promiscuous mode
[   79.460064][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.467963][ T5789] Cannot create hsr debugfs directory
[   79.475444][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.482410][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.488857][ T5803] Bluetooth: hci0: command tx timeout
[   79.508705][ T5793] Bluetooth: hci2: command tx timeout
[   79.514278][ T5803] Bluetooth: hci1: command tx timeout
[   79.520702][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.649341][ T5788] hsr_slave_0: entered promiscuous mode
[   79.656571][ T5788] hsr_slave_1: entered promiscuous mode
[   79.662775][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.671410][ T5788] Cannot create hsr debugfs directory
[   79.681389][ T5790] hsr_slave_0: entered promiscuous mode
[   79.688489][ T5790] hsr_slave_1: entered promiscuous mode
[   79.694917][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.702510][ T5790] Cannot create hsr debugfs directory
[   80.064615][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   80.078814][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   80.096675][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   80.107748][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   80.179245][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   80.194712][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   80.213134][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   80.225501][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   80.309517][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.336068][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.348792][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.358937][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.472699][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   80.497439][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   80.511548][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   80.521678][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   80.571681][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.599532][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.624800][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[   80.678594][ T3551] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.686044][ T3551] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.705558][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.712719][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.733050][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.752322][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   80.776635][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.783812][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.793521][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.800671][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.854728][ T5790] 8021q: adding VLAN 0 to HW filter on device team0
[   80.891775][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.898984][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.926504][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.933652][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.057164][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.132290][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   81.181613][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.188874][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.221651][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.228904][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.482354][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.496794][ T5803] Bluetooth: hci3: command tx timeout
[   81.519290][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.564517][ T5803] Bluetooth: hci2: command tx timeout
[   81.565014][ T5796] Bluetooth: hci0: command tx timeout
[   81.574602][ T5803] Bluetooth: hci1: command tx timeout
[   81.600900][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.697871][ T5789] veth0_vlan: entered promiscuous mode
[   81.735786][ T5787] veth0_vlan: entered promiscuous mode
[   81.750378][ T5789] veth1_vlan: entered promiscuous mode
[   81.802127][ T5787] veth1_vlan: entered promiscuous mode
[   81.835818][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.882287][ T5790] veth0_vlan: entered promiscuous mode
[   81.912420][ T5790] veth1_vlan: entered promiscuous mode
[   81.933732][ T5789] veth0_macvtap: entered promiscuous mode
[   81.980116][ T5789] veth1_macvtap: entered promiscuous mode
[   82.003648][ T5787] veth0_macvtap: entered promiscuous mode
[   82.019901][ T5787] veth1_macvtap: entered promiscuous mode
[   82.079741][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.099845][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.121608][ T5790] veth0_macvtap: entered promiscuous mode
[   82.160020][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.169787][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.184790][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.193538][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.210931][ T5790] veth1_macvtap: entered promiscuous mode
[   82.235065][ T5788] veth0_vlan: entered promiscuous mode
[   82.245595][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.258221][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.271421][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.301557][ T5788] veth1_vlan: entered promiscuous mode
[   82.331743][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.351382][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.364623][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.417253][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.449007][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.459534][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.469215][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.548281][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.560219][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.571876][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.582427][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.595158][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.612034][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.622589][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.632973][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.643475][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.655720][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.692122][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.701061][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.710497][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.719358][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.732258][ T5788] veth0_macvtap: entered promiscuous mode
[   82.751446][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.765982][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.797092][ T5788] veth1_macvtap: entered promiscuous mode
[   82.832977][  T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.855529][  T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.883150][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.894247][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.904612][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.915263][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.926517][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.937114][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.948992][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.001090][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.021844][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.031818][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.043021][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.053011][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.064560][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.076333][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.091150][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.094745][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.100808][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.116963][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.128363][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.135036][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.254896][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.282660][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.318561][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.338772][ T5875] overlayfs: "xino" feature enabled using 2 upper inode bits.
[   83.351453][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.502350][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.511370][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.554591][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.557308][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.574446][ T5803] Bluetooth: hci3: command tx timeout
[   83.644403][ T5803] Bluetooth: hci1: command tx timeout
[   83.645415][ T5796] Bluetooth: hci0: command tx timeout
[   83.649910][ T5803] Bluetooth: hci2: command tx timeout
[   83.668256][  T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.677439][  T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.706822][ T5881] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   84.151398][ T5895] syz.1.7[5895]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   84.170390][ T5895] loop1: detected capacity change from 0 to 512
[   84.197712][ T5895] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   84.212866][ T5895] EXT4-fs (loop1): DAX unsupported by block device.
[   84.214728][    T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   84.363467][ T5903] loop1: detected capacity change from 0 to 128
[   84.380289][ T5903] =======================================================
[   84.380289][ T5903] WARNING: The mand mount option has been deprecated and
[   84.380289][ T5903]          and is ignored by this kernel. Remove the mand
[   84.380289][ T5903]          option from the mount to silence this warning.
[   84.380289][ T5903] =======================================================
[   84.478524][    T8] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   84.496946][    T8] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   84.511230][    T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[   84.514839][ T5903] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[   84.567349][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   84.580521][ T5903] hpfs: filesystem error: improperly stopped
[   84.594276][ T5903] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[   84.599103][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   84.602036][ T5903] hpfs: You really don't want any checks? You are crazy...
[   84.602746][ T5903] hpfs: hpfs_map_sector(): read error
[   84.646462][    T8] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   84.655456][ T5903] hpfs: code page support is disabled
[   84.672117][    T8] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   84.675284][ T5903] hpfs: hpfs_map_4sectors(): unaligned read
[   84.700781][    T8] usb 1-1: Product: syz
[   84.710937][    T8] usb 1-1: Manufacturer: syz
[   84.734440][ T5903] hpfs: hpfs_map_4sectors(): unaligned read
[   84.740483][ T5903] hpfs: filesystem error: unable to find root dir
[   84.800353][    T8] cdc_wdm 1-1:1.0: skipping garbage
[   84.814170][    T8] cdc_wdm 1-1:1.0: skipping garbage
[   84.843827][    T8] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[   84.868741][    T8] cdc_wdm 1-1:1.0: Unknown control protocol
[   84.892721][ T5903] hpfs: hpfs_map_4sectors(): unaligned read
[   85.120631][ T5913] loop1: detected capacity change from 0 to 1024
[   85.142089][ T5900] loop2: detected capacity change from 0 to 32768
[   85.270122][ T5900] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   85.505425][ T5787] ocfs2: Unmounting device (7,2) on (node local)
[   85.604661][   T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   85.645044][ T5803] Bluetooth: hci3: command tx timeout
[   85.709950][    T9] usb 1-1: USB disconnect, device number 2
[   85.732495][ T5803] Bluetooth: hci0: command tx timeout
[   85.733321][ T5796] Bluetooth: hci1: command tx timeout
[   85.738126][ T5803] Bluetooth: hci2: command tx timeout
[   85.839272][   T23] usb 4-1: Using ep0 maxpacket: 8
[   85.852917][   T23] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[   85.879517][   T23] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[   85.892735][   T23] usb 4-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[   85.907857][   T23] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[   85.939370][ T5928] loop1: detected capacity change from 0 to 1024
[   85.941117][   T23] usb 4-1: config 250 has no interface number 0
[   85.952523][   T23] usb 4-1: config 250 interface 228 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[   85.977417][   T23] usb 4-1: config 250 interface 228 has no altsetting 0
[   85.990146][ T5928] EXT4-fs: inline encryption not supported
[   85.995601][   T23] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[   86.010568][   T23] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[   86.019340][   T23] usb 4-1: Product: syz
[   86.023550][   T23] usb 4-1: SerialNumber: syz
[   86.035439][ T5928] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   86.040158][   T23] hub 4-1:250.228: bad descriptor, ignoring hub
[   86.071514][   T23] hub: probe of 4-1:250.228 failed with error -5
[   86.110707][ T5928] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.430205][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.472657][   T23] usb 4-1: USB disconnect, device number 2
[   86.472755][ T5935] netlink: 7 bytes leftover after parsing attributes in process `syz.0.19'.
[   86.492947][ T5935] netlink: 16 bytes leftover after parsing attributes in process `syz.0.19'.
[   86.519876][ T5935] netlink: 16 bytes leftover after parsing attributes in process `syz.0.19'.
[   86.705440][ T5939] syzkaller1: entered promiscuous mode
[   86.710993][ T5939] syzkaller1: entered allmulticast mode
[   86.762370][ T5933] loop2: detected capacity change from 0 to 32768
[   86.832979][ T5946] loop1: detected capacity change from 0 to 128
[   86.834930][ T5933] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   86.851863][   T27] cfg80211: failed to load regulatory.db
[   86.872033][ T5946] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   86.928310][ T5946] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   86.956044][ T5946] ext2 filesystem being mounted at /9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   87.107672][ T5946] EXT4-fs error (device loop1): ext4_check_dx_root:2266: inode #2: comm syz.1.22: Corrupt dir, invalid name for '..', running e2fsck is recommended
[   87.163825][ T5933] XFS (loop2): Ending clean mount
[   87.216453][ T5933] XFS (loop2): Quotacheck needed: Please wait.
[   87.272822][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   87.317563][ T5933] XFS (loop2): Quotacheck: Done.
[   87.795819][ T5952] loop3: detected capacity change from 0 to 32768
[   87.856176][ T5952] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   88.066876][ T5788] ocfs2: Unmounting device (7,3) on (node local)
[   88.346335][ T5961] loop1: detected capacity change from 0 to 32768
[   88.402875][ T5961] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   88.480904][ T5979] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   88.480904][ T5979] The task syz.3.27 (5979) triggered the difference, watch for misbehavior.
[   88.498917][ T5961] XFS (loop1): Ending clean mount
[   88.511698][ T5961] XFS (loop1): Quotacheck needed: Please wait.
[   88.563368][ T5961] XFS (loop1): Quotacheck: Done.
[   88.671465][ T5787] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   88.696891][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   89.001756][ T5981] loop2: detected capacity change from 0 to 512
[   89.015453][ T5981] EXT4-fs: Ignoring removed bh option
[   89.025285][ T5981] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   89.067757][ T5981] EXT4-fs (loop2): 1 truncate cleaned up
[   89.098911][ T5981] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.210692][ T5787] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294901760 (level 0)
[   89.251970][ T5787] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294967295 (level 1)
[   89.300324][ T5787] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 65535 (level 2)
[   89.335614][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.509305][ T5992] syz.2.31 uses obsolete (PF_INET,SOCK_PACKET)
[   89.562870][ T5995] warning: `syz.3.34' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   90.017275][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   90.024911][ T5834] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   90.227229][    T9] usb 3-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[   90.238152][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.248702][ T5834] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   90.259784][    T9] usb 3-1: config 0 descriptor??
[   90.265079][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.273441][ T5834] usb 4-1: Product: syz
[   90.278838][ T5834] usb 4-1: Manufacturer: syz
[   90.283612][ T5834] usb 4-1: SerialNumber: syz
[   90.295212][    T9] gspca_main: sunplus-2.14.0 probing 055f:c420
[   90.306409][ T5834] usb 4-1: config 0 descriptor??
[   90.374829][ T5793] Bluetooth: hci4: command 0x1003 tx timeout
[   90.381693][ T5796] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   90.521145][ T5834] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   90.932303][ T5834] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -32
[   90.946252][ T5834] usb 4-1: USB disconnect, device number 3
[   91.106550][    T9] gspca_sunplus: reg_w_riv err -71
[   91.118429][    T9] sunplus: probe of 3-1:0.0 failed with error -71
[   91.132854][    T9] usb 3-1: USB disconnect, device number 2
[   91.353562][ T6016] loop0: detected capacity change from 0 to 512
[   91.376183][ T6016] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   91.440512][ T6016] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.464066][ T6016] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   91.617857][ T6023] loop3: detected capacity change from 0 to 4096
[   91.651884][ T6023] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[   91.675559][ T6016] EXT4-fs: Ignoring removed orlov option
[   91.681385][ T6016] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   91.698312][ T6016] EXT4-fs (loop0): can't enable nombcache during remount
[   91.756158][ T6016] EXT4-fs error (device loop0): __ext4_new_inode:1284: comm syz.0.43: failed to insert inode 16: doubly allocated?
[   91.870855][ T6023] ntfs3: loop3: Failed to initialize $Extend/$Reparse.
[   91.886687][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.027532][ T6028] capability: warning: `syz.3.46' uses 32-bit capabilities (legacy support in use)
[   92.072306][ T6030] netlink: 'syz.2.49': attribute type 6 has an invalid length.
[   92.220263][ T5788] ntfs3: loop3: ino=1a, ntfs_sync_fs failed, -22.
[   92.414198][ T5834] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   92.576621][ T6025] loop1: detected capacity change from 0 to 40427
[   92.614506][ T5834] usb 1-1: Using ep0 maxpacket: 32
[   92.629384][ T5834] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[   92.639668][ T6025] F2FS-fs (loop1): Invalid SB checksum offset: 0
[   92.658755][ T6025] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[   92.669703][ T5834] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[   92.686314][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.702328][ T6025] F2FS-fs (loop1): invalid crc value
[   92.710168][ T5834] usb 1-1: Product: syz
[   92.722685][ T5834] usb 1-1: Manufacturer: syz
[   92.728907][ T5834] usb 1-1: SerialNumber: syz
[   92.758317][ T5834] usb 1-1: config 0 descriptor??
[   92.765372][ T6032] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   92.789032][ T5834] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[   92.989990][ T6025] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[   93.003986][ T6025] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   93.068012][   T27] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   93.175298][ T6036] loop3: detected capacity change from 0 to 32768
[   93.268135][   T27] usb 3-1: Using ep0 maxpacket: 8
[   93.287644][   T27] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[   93.300898][ T6025] syz.1.45: attempt to access beyond end of device
[   93.300898][ T6025] loop1: rw=2049, sector=53248, nr_sectors = 136 limit=40427
[   93.327686][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.356612][    C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[   93.356617][   T23] usb 1-1: USB disconnect, device number 3
[   93.378521][   T27] pvrusb2: Hardware description: Terratec Grabster AV400
[   93.413153][   T27] pvrusb2: **********
[   93.421517][   T27] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[   93.470166][ T5789] syz-executor: attempt to access beyond end of device
[   93.470166][ T5789] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   93.478829][   T27] pvrusb2: Important functionality might not be entirely working.
[   93.489988][ T5789] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   93.506670][   T27] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[   93.549743][   T27] pvrusb2: **********
[   93.603058][ T2322] pvrusb2: Invalid write control endpoint
[   93.739105][ T2322] pvrusb2: Invalid write control endpoint
[   93.749704][ T2322] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[   93.784180][ T2322] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[   93.814384][ T2322] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[   93.849834][ T2322] pvrusb2: Device being rendered inoperable
[   93.878167][ T5834] usb 3-1: USB disconnect, device number 3
[   93.887537][ T2322] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[   93.914334][ T2322] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[   93.928287][ T2322] pvrusb2: Attached sub-driver cx25840
[   93.934017][ T2322] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[   93.964612][ T2322] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[   94.630516][ T6066] loop2: detected capacity change from 0 to 512
[   94.654902][ T6066] EXT4-fs: inline encryption not supported
[   94.694906][ T6066] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   94.729139][ T6066] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e018, mo2=0002]
[   94.738490][ T6066] EXT4-fs (loop2): orphan cleanup on readonly fs
[   94.745339][ T6066] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0
[   94.755512][ T6066] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   94.770516][ T6066] EXT4-fs (loop2): Cannot turn on quotas: error -22
[   94.782427][ T6066] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.63: bg 0: block 40: padding at end of block bitmap is not set
[   94.824176][ T6066] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6637: Corrupt filesystem
[   94.848265][ T6066] EXT4-fs (loop2): 1 truncate cleaned up
[   94.855349][ T6066] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   94.942502][ T6066] EXT4-fs error (device loop2): ext4_encrypted_get_link:46: inode #16: comm syz.2.63: bad symlink.
[   95.057815][ T6052] loop1: detected capacity change from 0 to 40427
[   95.083346][ T6052] F2FS-fs (loop1): Invalid log blocks per segment (83886089)
[   95.111972][ T6052] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[   95.147102][ T6052] F2FS-fs (loop1): invalid crc value
[   95.190986][ T6052] F2FS-fs (loop1): Found nat_bits in checkpoint
[   95.338694][ T6052] F2FS-fs (loop1): Start checkpoint disabled!
[   95.393799][ T6052] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[   95.414175][ T6052] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   95.456966][ T6079] Illegal XDP return value 4294967294 on prog  (id 9) dev N/A, expect packet loss!
[   95.497429][   T28] audit: type=1800 audit(1762210821.295:2): pid=6052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.55" name="bus" dev="loop1" ino=10 res=0 errno=0
[   95.634701][ T6081] sctp: [Deprecated]: syz.3.69 (pid 6081) Use of int in max_burst socket option deprecated.
[   95.634701][ T6081] Use struct sctp_assoc_value instead
[   95.756383][ T3512] kworker/u4:11: attempt to access beyond end of device
[   95.756383][ T3512] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   95.789743][ T3512] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   95.826427][ T3512] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   95.974248][   T27] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   96.164336][   T27] usb 1-1: Using ep0 maxpacket: 8
[   96.186462][   T27] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   96.216780][   T27] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   96.255628][   T27] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   96.286119][   T27] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   96.339984][   T27] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   96.364189][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.629807][   T27] usb 1-1: usb_control_msg returned -32
[   96.654216][   T27] usbtmc 1-1:16.0: can't read capabilities
[   97.032422][    C0] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[   97.045367][ T6102] usbtmc 1-1:16.0: Unable to send data, error -71
[   97.135509][ T6101] loop3: detected capacity change from 0 to 8192
[   97.176219][ T6101] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   97.396676][ T6093] loop1: detected capacity change from 0 to 32768
[   97.447298][ T6093] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   97.512402][ T6093] XFS (loop1): Ending clean mount
[   97.667352][ T5789] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   98.408235][ T3551] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.550914][ T3551] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.724620][   T27] usb 1-1: USB disconnect, device number 4
[   98.776651][ T3551] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.945827][ T3551] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.075020][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.151869][ T5787] syz-executor (5787) used greatest stack depth: 19856 bytes left
[  100.244089][    C0] sched: RT throttling activated
[  100.577885][ T6128] loop1: detected capacity change from 0 to 131072
[  100.594908][ T6128] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  100.603050][ T6128] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  100.620756][ T6128] F2FS-fs (loop1): invalid crc value
[  100.665294][ T6128] F2FS-fs (loop1): Found nat_bits in checkpoint
[  100.721631][ T6128] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  100.728831][ T6128] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  100.765262][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout
[  100.772226][ T6119] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  101.444129][ T3551] hsr_slave_0: left promiscuous mode
[  101.474256][ T6119] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  101.501371][ T3551] hsr_slave_1: left promiscuous mode
[  101.517227][ T6119] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  101.544413][ T3551] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.560453][ T3551] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.561158][ T6119] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  101.580541][ T3551] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.614408][ T6119] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  101.625578][ T3551] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.667824][ T6119] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  101.679480][ T3551] bridge_slave_1: left allmulticast mode
[  101.691411][ T3551] bridge_slave_1: left promiscuous mode
[  101.705582][ T6119] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  101.711701][ T6119] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  101.721093][ T3551] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.733646][ T6164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.90'.
[  101.761448][ T6119] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  101.771732][ T3551] bridge_slave_0: left allmulticast mode
[  101.784915][ T3551] bridge_slave_0: left promiscuous mode
[  101.801042][ T3551] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.839029][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  101.848791][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  101.857508][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  101.889684][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  101.903244][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  101.910893][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  102.075710][ T3551] veth1_macvtap: left promiscuous mode
[  102.081829][ T3551] veth0_macvtap: left promiscuous mode
[  102.125651][ T3551] veth1_vlan: left promiscuous mode
[  102.144485][ T3551] veth0_vlan: left promiscuous mode
[  102.354743][   T27] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  102.506383][ T6179] loop0: detected capacity change from 0 to 128
[  102.539446][ T6179] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  102.556534][   T27] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[  102.572830][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  102.585402][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  102.597107][   T27] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  102.610512][   T27] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  102.619939][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.641842][ T6179] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  102.645829][   T27] usb 2-1: config 0 descriptor??
[  102.671021][ T6169] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  102.844469][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout
[  102.876261][ T5790] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  103.132353][   T27] plantronics 0003:047F:FFFF.0001: unknown main item tag 0xd
[  103.155958][ T6187] Bluetooth: MGMT ver 1.22
[  103.162741][   T27] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  103.229418][   T27] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  103.584545][ T5834] usb 2-1: USB disconnect, device number 2
[  103.645131][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout
[  103.661899][ T3551] team0 (unregistering): Port device team_slave_1 removed
[  103.707078][ T3551] team0 (unregistering): Port device team_slave_0 removed
[  103.725856][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout
[  103.755832][ T3551] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.799542][ T3551] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.965966][ T5793] Bluetooth: hci3: command tx timeout
[  104.241139][ T3551] bond0 (unregistering): Released all slaves
[  104.264566][ T6199] loop1: detected capacity change from 0 to 2048
[  104.309182][ T6199] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.455704][   T28] audit: type=1800 audit(1762210830.265:3): pid=6185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.96" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  104.456167][ T6185] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  104.520513][ T6185] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  104.532452][ T6185] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  104.655005][   T12] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  104.682638][   T12] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 17 with error 28
[  104.755323][   T12] EXT4-fs (loop1): This should not happen!! Data will be lost
[  104.755323][   T12] 
[  104.807793][   T12] EXT4-fs (loop1): Total free blocks count 0
[  104.813850][   T12] EXT4-fs (loop1): Free/Dirty block details
[  104.827578][   T12] EXT4-fs (loop1): free_blocks=2415919504
[  104.833517][   T12] EXT4-fs (loop1): dirty_blocks=32
[  104.839152][   T12] EXT4-fs (loop1): Block reservation details
[  104.855974][   T12] EXT4-fs (loop1): i_reserved_data_blocks=2
[  104.876194][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.927288][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout
[  105.534518][ T6146] chnl_net:caif_netlink_parms(): no params data found
[  105.724313][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout
[  105.803860][ T6248] loop0: detected capacity change from 0 to 128
[  105.810431][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout
[  105.822632][ T6248] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  105.868172][ T6248] hpfs: filesystem error: improperly stopped
[  105.902788][ T6248] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  105.914450][   T23] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  105.915046][ T6146] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.941726][ T6248] hpfs: You really don't want any checks? You are crazy...
[  105.959086][ T6248] hpfs: hpfs_map_sector(): read error
[  105.965017][ T6146] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.972184][ T6248] hpfs: code page support is disabled
[  105.981045][ T6146] bridge_slave_0: entered allmulticast mode
[  105.989008][ T6248] hpfs: hpfs_map_4sectors(): unaligned read
[  105.996905][ T6146] bridge_slave_0: entered promiscuous mode
[  106.002946][ T6248] hpfs: hpfs_map_4sectors(): unaligned read
[  106.011908][ T6248] hpfs: filesystem error: unable to find root dir
[  106.020136][ T6146] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.030529][ T6146] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.046347][ T6146] bridge_slave_1: entered allmulticast mode
[  106.046842][ T5793] Bluetooth: hci3: command tx timeout
[  106.066830][ T6146] bridge_slave_1: entered promiscuous mode
[  106.104338][   T23] usb 4-1: Using ep0 maxpacket: 32
[  106.114505][   T23] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  106.144649][   T23] usb 4-1: config 0 has no interface number 0
[  106.159677][   T23] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  106.174142][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.192503][   T23] usb 4-1: Product: syz
[  106.203046][   T23] usb 4-1: Manufacturer: syz
[  106.221610][   T23] usb 4-1: SerialNumber: syz
[  106.248165][   T23] usb 4-1: config 0 descriptor??
[  106.276646][   T23] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  106.296363][ T6146] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.318529][ T6146] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.449106][ T6146] team0: Port device team_slave_0 added
[  106.476825][ T6146] team0: Port device team_slave_1 added
[  106.498693][ T6260] mmap: syz.0.118 (6260) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  106.592292][ T6146] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.611907][ T6146] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.691503][ T6146] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.728889][ T6146] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.748598][ T6146] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.823944][ T6146] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.858369][   T23] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  106.914846][   T23] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  106.962873][ T6146] hsr_slave_0: entered promiscuous mode
[  106.985288][ T6146] hsr_slave_1: entered promiscuous mode
[  107.121570][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  107.122267][ T5834] usb 4-1: USB disconnect, device number 4
[  107.189582][ T5834] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  107.222057][ T5834] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  107.260812][ T5834] quatech2 4-1:0.51: device disconnected
[  107.460636][ T6146] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  107.460935][ T6273] loop0: detected capacity change from 0 to 16
[  107.478273][ T6146] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  107.499959][ T6146] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  107.516519][ T6273] erofs: (device loop0): mounted with root inode @ nid 36.
[  107.532820][ T6146] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  107.649303][ T6257] loop1: detected capacity change from 0 to 40427
[  107.702479][ T6257] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff
[  107.741372][ T6257] F2FS-fs (loop1): Image doesn't support compression
[  107.755408][ T6265] erofs: (device loop0): erofs_find_target_block: corrupted dir block 0 @ nid 36
[  107.778282][ T6257] F2FS-fs (loop1): Image doesn't support compression
[  107.804739][ T6265] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 36
[  107.805725][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout
[  107.857007][ T6257] F2FS-fs (loop1): invalid crc value
[  107.874429][ T6146] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.884343][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout
[  107.916238][ T6257] F2FS-fs (loop1): Found nat_bits in checkpoint
[  107.979689][ T6146] 8021q: adding VLAN 0 to HW filter on device team0
[  108.080598][  T140] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.087843][  T140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.118495][ T6257] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  108.124628][ T5793] Bluetooth: hci3: command tx timeout
[  108.135315][  T140] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.142514][  T140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.193526][   T28] audit: type=1800 audit(1762210833.995:4): pid=6257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.117" name="file1" dev="loop1" ino=10 res=0 errno=0
[  108.199456][ T6257] F2FS-fs (loop1): inject page get in f2fs_pagecache_get_page of generic_perform_write+0x2fb/0x5b0
[  108.316337][ T6257] syz.1.117: attempt to access beyond end of device
[  108.316337][ T6257] loop1: rw=2049, sector=77824, nr_sectors = 160 limit=40427
[  108.342580][ T6146] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  108.538836][ T5789] syz-executor: attempt to access beyond end of device
[  108.538836][ T5789] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  108.567011][ T5789] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  108.631705][ T6298] capability: warning: `syz.0.122' uses deprecated v2 capabilities in a way that may be insecure
[  108.973719][ T6146] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.177860][ T6312] netlink: 'syz.3.125': attribute type 10 has an invalid length.
[  109.681813][ T6146] veth0_vlan: entered promiscuous mode
[  109.708862][ T6146] veth1_vlan: entered promiscuous mode
[  109.819760][ T6146] veth0_macvtap: entered promiscuous mode
[  109.847030][ T6146] veth1_macvtap: entered promiscuous mode
[  109.902761][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.920771][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.931138][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.941792][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.952032][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.962847][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.981052][ T6146] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.000079][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  110.010887][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  110.023584][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  110.035274][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  110.045261][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  110.058383][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  110.069836][ T6146] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.083320][ T6146] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.092247][ T6146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.105787][ T6146] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.115480][ T6146] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.184598][    T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  110.204701][ T5793] Bluetooth: hci3: command tx timeout
[  110.252777][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.268147][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.330353][ T3551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.346236][ T3551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.389308][    T9] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  110.439379][    T9] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  110.456607][    T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  110.477282][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.505829][ T6339] loop3: detected capacity change from 0 to 512
[  110.529334][ T6332] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  110.552113][    T9] usb 1-1: Quirk or no altest; falling back to MIDI 1.0
[  110.625762][ T6339] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.808736][ T6332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.856326][ T6332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.943854][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.391173][ T6354] loop3: detected capacity change from 0 to 4096
[  111.430939][    T9] usb 1-1: USB disconnect, device number 5
[  111.546804][ T6335] IPVS: You probably need to specify IP address on multicast interface.
[  111.569449][ T6335] IPVS: Error connecting to the multicast addr
[  111.634424][ T5834] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  111.876023][ T5834] usb 5-1: Using ep0 maxpacket: 16
[  111.934669][ T5834] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  111.963995][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.989444][ T5834] usb 5-1: Product: syz
[  111.993656][ T5834] usb 5-1: Manufacturer: syz
[  112.009622][ T5834] usb 5-1: SerialNumber: syz
[  112.021485][ T5834] usb 5-1: config 0 descriptor??
[  112.156938][ T6372] loop1: detected capacity change from 0 to 2048
[  112.253263][ T6372] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.325339][ T6377] netlink: 8 bytes leftover after parsing attributes in process `syz.0.137'.
[  112.348002][ T6372] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  112.365244][ T6372] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  112.379066][ T6372] EXT4-fs (loop1): This should not happen!! Data will be lost
[  112.379066][ T6372] 
[  112.379509][ T6377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.137'.
[  112.388877][ T6372] EXT4-fs (loop1): Total free blocks count 0
[  112.406018][ T6372] EXT4-fs (loop1): Free/Dirty block details
[  112.412006][ T6372] EXT4-fs (loop1): free_blocks=4096
[  112.424257][ T6372] EXT4-fs (loop1): dirty_blocks=48
[  112.434249][ T6372] EXT4-fs (loop1): Block reservation details
[  112.466028][ T6372] EXT4-fs (loop1): i_reserved_data_blocks=3
[  112.482833][ T5834] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  112.533217][ T5834] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  112.554359][ T5834] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  112.562672][ T5834] usb 5-1: media controller created
[  112.658736][ T5834] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  112.690521][ T6361] dtv5100: wlen = 65, aborting.
[  112.704599][ T6372] EXT4-fs (loop1): changing journal_checksum during remount not supported; ignoring
[  112.738641][ T6387] netlink: 80 bytes leftover after parsing attributes in process `syz.0.139'.
[  112.756493][ T6387] netlink: 80 bytes leftover after parsing attributes in process `syz.0.139'.
[  112.775981][ T5834] zl10353_read_register: readreg error (reg=127, ret==0)
[  112.790000][ T5834] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  112.800663][ T5834] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  112.820544][ T5834] usb 5-1: USB disconnect, device number 2
[  112.974683][ T5834] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  113.821872][ T6419] process 'syz.3.148' launched './file1' with NULL argv: empty string added
[  114.916798][ T6450] loop4: detected capacity change from 0 to 8
[  115.825224][  T788] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  116.046252][  T788] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  116.069711][  T788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.096243][  T788] usb 5-1: config 0 descriptor??
[  116.115722][  T788] cp210x 5-1:0.0: cp210x converter detected
[  116.609169][ T6459] loop4: detected capacity change from 0 to 2048
[  116.617701][ T6453] loop0: detected capacity change from 0 to 40427
[  116.675788][ T6453] F2FS-fs (loop0): invalid crc value
[  116.728868][ T6459] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  116.743495][ T6453] F2FS-fs (loop0): Found nat_bits in checkpoint
[  116.789150][ T6477] netlink: 84 bytes leftover after parsing attributes in process `syz.3.161'.
[  116.828935][ T6459] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  116.959034][ T6453] F2FS-fs (loop0): Start checkpoint disabled!
[  116.996550][ T6453] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  117.135786][  T788] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71
[  117.166094][  T788] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  117.196831][  T788] usb 5-1: cp210x converter now attached to ttyUSB0
[  117.229736][  T788] usb 5-1: USB disconnect, device number 3
[  117.263281][  T788] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  117.296855][  T788] cp210x 5-1:0.0: device disconnected
[  117.418107][   T49] kworker/u4:3: attempt to access beyond end of device
[  117.418107][   T49] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  117.433728][   T49] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  117.442730][   T49] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  117.450840][   T49] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  118.345880][ T6486] loop1: detected capacity change from 0 to 32768
[  118.353527][ T6486] XFS: ikeep mount option is deprecated.
[  118.398350][ T6486] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.520452][ T6486] XFS (loop1): Ending clean mount
[  118.551368][ T6486] XFS (loop1): Quotacheck needed: Please wait.
[  118.643437][ T6486] XFS (loop1): Quotacheck: Done.
[  118.756244][ T6514] loop3: detected capacity change from 0 to 4096
[  118.828620][ T6502] loop4: detected capacity change from 0 to 40427
[  118.854222][ T6502] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  118.883028][ T6502] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  118.884285][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.935407][ T6502] F2FS-fs (loop4): invalid crc value
[  118.948826][ T6516] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  118.977051][ T6502] F2FS-fs (loop4): Found nat_bits in checkpoint
[  119.097370][ T6502] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  119.104691][ T6502] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  119.254655][ T5834] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  119.270547][   T28] audit: type=1800 audit(1762210845.075:5): pid=6522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.168" name="file1" dev="loop3" ino=15 res=0 errno=0
[  119.457381][ T5834] usb 1-1: Using ep0 maxpacket: 16
[  119.472010][ T5834] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  119.493295][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.522445][ T6525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.170'.
[  119.531488][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.561951][ T5834] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  119.591050][ T5834] usb 1-1: New USB device found, idVendor=18d1, idProduct=5022, bcdDevice= 0.00
[  119.606236][ T5834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.628450][ T5834] usb 1-1: config 0 descriptor??
[  120.058979][ T5834] hid-generic 0003:18D1:5022.0002: unknown main item tag 0x0
[  120.082609][ T5834] hid-generic 0003:18D1:5022.0002: hidraw0: USB HID v20.00 Device [HID 18d1:5022] on usb-dummy_hcd.0-1/input0
[  120.153742][ T6540] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input7
[  120.326764][ T5834] usb 1-1: USB disconnect, device number 6
[  120.774431][    T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  121.000215][    T8] usb 2-1: Using ep0 maxpacket: 32
[  121.056921][    T8] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  121.104150][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.161842][    T8] usb 2-1: config 0 descriptor??
[  121.215227][ T6596] netlink: 'syz.4.178': attribute type 33 has an invalid length.
[  121.274376][ T6596] netlink: 152 bytes leftover after parsing attributes in process `syz.4.178'.
[  121.429121][    T8] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  121.456941][    T8] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  121.468658][    T8] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  121.478027][    T8] usb 2-1: media controller created
[  121.497927][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  121.634314][    T8] az6027: usb out operation failed. (-71)
[  121.645600][    T8] az6027: usb out operation failed. (-71)
[  121.651441][    T8] stb0899_attach: Driver disabled by Kconfig
[  121.657884][    T8] az6027: no front-end attached
[  121.657884][    T8] 
[  121.666623][    T8] az6027: usb out operation failed. (-71)
[  121.672761][    T8] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  121.681774][    T8] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input8
[  121.696929][    T8] dvb-usb: schedule remote query interval to 400 msecs.
[  121.704550][    T8] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  121.706722][   T23] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  121.721021][    T8] usb 2-1: USB disconnect, device number 3
[  121.792837][    T8] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  121.905883][   T23] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  121.914035][   T23] usb 5-1: config 0 has no interface number 0
[  121.920367][   T23] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  121.930017][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.941728][   T23] usb 5-1: config 0 descriptor??
[  121.953928][   T23] usb 5-1: selecting invalid altsetting 1
[  121.965804][   T23] dvb_ttusb_budget: ttusb_init_controller: error
[  121.972193][   T23] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  122.072699][   T23] DVB: Unable to find symbol cx22700_attach()
[  122.137877][ T6608] loop0: detected capacity change from 0 to 4096
[  122.150523][   T23] DVB: Unable to find symbol tda10046_attach()
[  122.164406][   T23] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  122.188685][   T23] usb 5-1: USB disconnect, device number 4
[  122.219130][ T6611] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  122.270040][   T28] audit: type=1800 audit(1762210848.075:6): pid=6608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.180" name="file1" dev="loop0" ino=15 res=0 errno=0
[  122.999627][    T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  123.250463][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  123.270575][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  123.280849][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  123.306436][    T8] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  123.326377][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.337382][    T8] usb 2-1: Product: syz
[  123.341583][    T8] usb 2-1: Manufacturer: syz
[  123.354676][    T8] usb 2-1: SerialNumber: syz
[  123.366029][    T8] usb 2-1: config 0 descriptor??
[  123.605986][    T8] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  123.821213][ T6652] trusted_key: syz.0.197 sent an empty control message without MSG_MORE.
[  123.880024][    T8] usb 2-1: USB disconnect, device number 4
[  123.928404][ T6644] loop4: detected capacity change from 0 to 32768
[  123.984292][ T6644] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  124.177092][ T6644] XFS (loop4): Ending clean mount
[  124.191563][ T6654] loop0: detected capacity change from 0 to 8192
[  124.204399][ T6644] XFS (loop4): Quotacheck needed: Please wait.
[  124.291656][ T6644] XFS (loop4): Quotacheck: Done.
[  124.606569][ T6146] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.064433][    T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  125.268635][    T8] usb 1-1: config index 0 descriptor too short (expected 45, got 36)
[  125.288663][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  125.327606][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  125.376633][    T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  125.419491][    T8] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  125.429142][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.449334][    T8] usb 1-1: config 0 descriptor??
[  125.455118][ T6679] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  125.642641][ T6702] loop4: detected capacity change from 0 to 128
[  125.668469][ T6702] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  125.709049][ T6702] hpfs: filesystem error: improperly stopped
[  125.721226][ T6702] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  125.751190][ T6702] hpfs: You really don't want any checks? You are crazy...
[  125.775941][ T6702] hpfs: hpfs_map_sector(): read error
[  125.781375][ T6702] hpfs: code page support is disabled
[  125.819492][ T6702] hpfs: hpfs_map_4sectors(): unaligned read
[  125.847400][ T6702] hpfs: hpfs_map_4sectors(): unaligned read
[  125.853354][ T6702] hpfs: filesystem error: unable to find root dir
[  125.925634][  T788] [U] 
[  125.931653][    T8] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd
[  125.979683][    T8] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  126.028311][    T8] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  126.347387][    T8] usb 1-1: USB disconnect, device number 7
[  126.925257][ T6710] loop3: detected capacity change from 0 to 40427
[  127.049278][ T6710] F2FS-fs (loop3): invalid crc value
[  127.073557][ T6710] F2FS-fs (loop3): Found nat_bits in checkpoint
[  127.259582][ T6710] F2FS-fs (loop3): Start checkpoint disabled!
[  127.318251][ T6710] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  128.024347][ T1001] kworker/u4:6: attempt to access beyond end of device
[  128.024347][ T1001] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  128.103184][ T1001] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  128.153547][ T1001] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  128.663992][ T6748] loop1: detected capacity change from 0 to 131072
[  128.697392][ T6748] F2FS-fs (loop1): invalid crc value
[  128.732309][ T6748] F2FS-fs (loop1): Found nat_bits in checkpoint
[  128.781100][ T6748] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  128.836858][ T6767] loop0: detected capacity change from 0 to 128
[  128.903807][ T6767] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  128.964401][ T6767] hpfs: filesystem error: improperly stopped
[  128.970482][ T6767] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  129.025316][ T6767] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  129.052951][ T6767] hpfs: You really don't want any checks? You are crazy...
[  129.086458][ T6767] hpfs: hpfs_map_sector(): read error
[  129.091895][ T6767] hpfs: code page support is disabled
[  129.114282][ T6767] hpfs: hpfs_map_4sectors(): unaligned read
[  129.120329][ T6767] hpfs: hpfs_map_4sectors(): unaligned read
[  129.157387][ T6767] hpfs: filesystem error: unable to find root dir
[  129.429796][ T6775] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input10
[  129.966316][ T6789] loop4: detected capacity change from 0 to 512
[  130.005493][ T6782] loop0: detected capacity change from 0 to 32768
[  130.033787][ T6789] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  130.058492][ T6782] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  130.067183][ T6782] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  130.142026][ T6789] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  130.154240][ T6782] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  130.168551][  T788] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  130.179658][  T788] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  130.192786][ T6789] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  130.303213][ T6789] EXT4-fs (loop4): 1 truncate cleaned up
[  130.315846][ T6789] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.360918][  T788] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 181ms
[  130.431836][  T788] gfs2: fsid=syz:syz.0: jid=0: Done
[  130.451712][ T6777] loop3: detected capacity change from 0 to 4096
[  130.459245][ T6782] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  130.576545][ T6777] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  130.613895][ T6789] EXT4-fs error (device loop4): ext4_xattr_block_find:1891: inode #15: comm syz.4.231: corrupted xattr block 33: invalid header
[  130.672924][ T6789] EXT4-fs (loop4): Remounting filesystem read-only
[  130.725441][ T6777] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[  130.758538][ T6777] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing.
[  130.828919][ T6777] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  130.922528][ T6146] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.934565][ T6777] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  131.077150][ T6777] ntfs: volume version 3.1.
[  131.854150][ T5834] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  132.056655][ T5834] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  132.075063][ T5834] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  132.114152][ T5834] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  132.143703][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.166170][ T6816] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  132.184953][ T5834] usb 4-1: Quirk or no altest; falling back to MIDI 1.0
[  132.463780][ T6810] loop0: detected capacity change from 0 to 32768
[  132.480219][ T6814] loop1: detected capacity change from 0 to 32768
[  132.491450][ T6816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.524798][ T6816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.555976][ T6810] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  132.566298][ T6812] loop4: detected capacity change from 0 to 32768
[  132.573823][ T6812] XFS: ikeep mount option is deprecated.
[  132.610212][ T6814] syz.1.237: attempt to access beyond end of device
[  132.610212][ T6814] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[  132.634007][ T6812] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  132.645763][ T6814] lbmIODone: I/O error in JFS log
[  132.689638][ T6814] *** Log Format Error ! ***
[  132.703581][ T6810] XFS (loop0): Ending clean mount
[  132.746914][ T6814] lmLogInit: exit(-22)
[  132.807917][ T6814] lmLogOpen: exit(-22)
[  132.868505][    T8] usb 4-1: USB disconnect, device number 5
[  132.929650][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  132.936799][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  132.945250][ T6814] jfs_dirty_inode called on read-only volume
[  132.952519][ T6814] Is remount racy?
[  133.010909][ T6812] XFS (loop4): Ending clean mount
[  133.037837][ T6812] XFS (loop4): Quotacheck needed: Please wait.
[  133.163142][ T5790] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  133.182350][ T6812] XFS (loop4): Quotacheck: Done.
[  133.489270][ T6146] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  134.246878][ T6875] loop0: detected capacity change from 0 to 1024
[  134.265414][ T6875] EXT4-fs: Ignoring removed bh option
[  134.270855][ T6875] EXT4-fs: Ignoring removed nomblk_io_submit option
[  134.306127][ T6875] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  134.354661][ T6875] EXT4-fs (loop0): Test dummy encryption mode enabled
[  134.452542][ T6875] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.549978][ T6883] loop3: detected capacity change from 0 to 1024
[  134.706211][ T6883] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  134.722553][ T6853] loop1: detected capacity change from 0 to 32768
[  134.738307][ T6883] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  134.814006][ T6875] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  134.824505][ T6853] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  134.843778][ T6883] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.245: inode has both inline data and extents flags
[  135.033258][ T6907] loop4: detected capacity change from 0 to 4096
[  135.049128][ T6853] XFS (loop1): Ending clean mount
[  135.072814][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  135.086365][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.120741][ T6909] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.121463][ T6853] XFS (loop1): Quotacheck needed: Please wait.
[  135.265750][   T28] audit: type=1800 audit(1762210861.065:7): pid=6907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.248" name="file1" dev="loop4" ino=15 res=0 errno=0
[  135.362843][ T6853] XFS (loop1): Quotacheck: Done.
[  135.520470][ T6914] loop0: detected capacity change from 0 to 4096
[  135.584774][ T6918] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.756297][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  137.250810][ T6940] loop0: detected capacity change from 0 to 32768
[  137.528197][ T5790] read_mapping_page failed!
[  137.533047][ T5790] ERROR: (device loop0): txCommit: 
[  137.533047][ T5790] 
[  137.584534][ T5790] read_mapping_page failed!
[  137.599896][ T5790] ERROR: (device loop0): txCommit: 
[  137.599896][ T5790] 
[  137.836751][ T6972] loop1: detected capacity change from 0 to 47
[  138.006698][ T6974] loop4: detected capacity change from 0 to 8
[  138.189201][ T6977] netlink: 4 bytes leftover after parsing attributes in process `syz.3.265'.
[  138.278639][ T6977] bond_slave_0: entered promiscuous mode
[  138.284818][ T6977] bond_slave_1: entered promiscuous mode
[  138.336200][ T6977] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  138.424935][ T6981] loop4: detected capacity change from 0 to 256
[  138.504542][ T6981] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  138.538406][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.559034][ T6981] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[  138.574432][ T6981] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  138.610579][ T6981] UDF-fs: Scanning with blocksize 512 failed
[  138.636182][ T6981] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  138.714661][ T6981] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  138.728196][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.868475][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.053905][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.730860][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  139.731873][ T6998] loop1: detected capacity change from 0 to 128
[  139.777593][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  139.786720][ T6998] EXT4-fs: Ignoring removed nobh option
[  139.793128][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  139.806534][ T5796] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  139.814816][ T5796] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  139.822595][ T5796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  139.875932][ T6992] loop4: detected capacity change from 0 to 32768
[  139.891640][ T6998] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  139.902742][ T6992] (syz.4.274,6992,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  139.926120][ T6992] (syz.4.274,6992,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  139.954407][ T6998] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.973171][ T6992] JBD2: Ignoring recovery information on journal
[  140.103083][ T6992] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  140.470480][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  140.591621][ T6146] ocfs2: Unmounting device (7,4) on (node local)
[  140.902899][ T7022] loop1: detected capacity change from 0 to 8192
[  140.934897][ T7022] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  140.973308][ T7022] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  140.983892][ T7022] REISERFS (device loop1): using ordered data mode
[  140.990689][ T7022] reiserfs: using flush barriers
[  141.010146][ T7022] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  141.027461][ T7022] REISERFS (device loop1): checking transaction log (loop1)
[  141.122618][ T7022] REISERFS (device loop1): Using r5 hash to sort names
[  141.169311][ T7022] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  141.333114][ T6999] chnl_net:caif_netlink_parms(): no params data found
[  141.544538][   T59] hsr_slave_0: left promiscuous mode
[  141.590503][   T59] hsr_slave_1: left promiscuous mode
[  141.630948][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  141.657971][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.687029][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.717196][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.755762][   T59] bridge_slave_1: left allmulticast mode
[  141.761474][   T59] bridge_slave_1: left promiscuous mode
[  141.778267][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.795956][   T59] bridge_slave_0: left allmulticast mode
[  141.802361][   T59] bridge_slave_0: left promiscuous mode
[  141.811472][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.871581][   T59] veth1_macvtap: left promiscuous mode
[  141.880622][   T59] veth0_macvtap: left promiscuous mode
[  141.889016][ T5796] Bluetooth: hci0: command tx timeout
[  141.906846][   T59] veth1_vlan: left promiscuous mode
[  141.917666][   T59] veth0_vlan: left promiscuous mode
[  142.279298][ T7060] loop3: detected capacity change from 0 to 512
[  142.322393][ T7060] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.382666][   T28] audit: type=1800 audit(1762210868.185:8): pid=7060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.286" name="bus" dev="loop3" ino=18 res=0 errno=0
[  142.388444][ T7060] EXT4-fs (loop3): shut down requested (2)
[  142.553413][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.707278][ T7067] loop3: detected capacity change from 0 to 47
[  142.883138][ T7067] syz.3.288: attempt to access beyond end of device
[  142.883138][ T7067] loop3: rw=2049, sector=48, nr_sectors = 2 limit=47
[  142.918041][ T7067] Buffer I/O error on dev loop3, logical block 24, lost async page write
[  142.936433][ T7067] syz.3.288: attempt to access beyond end of device
[  142.936433][ T7067] loop3: rw=2049, sector=50, nr_sectors = 2 limit=47
[  142.953716][ T7067] Buffer I/O error on dev loop3, logical block 25, lost async page write
[  142.968189][ T7067] syz.3.288: attempt to access beyond end of device
[  142.968189][ T7067] loop3: rw=2049, sector=52, nr_sectors = 2 limit=47
[  142.983028][ T7067] Buffer I/O error on dev loop3, logical block 26, lost async page write
[  143.084541][ T3512] kworker/u4:11: attempt to access beyond end of device
[  143.084541][ T3512] loop3: rw=1, sector=54, nr_sectors = 2 limit=47
[  143.109089][ T3512] Buffer I/O error on dev loop3, logical block 27, lost async page write
[  143.424987][   T59] team0 (unregistering): Port device team_slave_1 removed
[  143.576441][   T59] team0 (unregistering): Port device team_slave_0 removed
[  143.692269][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  143.818190][ T7076] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  143.904584][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  143.964290][ T5796] Bluetooth: hci0: command tx timeout
[  144.408529][ T7078] loop3: detected capacity change from 0 to 40427
[  144.427189][ T7078] F2FS-fs (loop3): invalid crc value
[  144.461239][ T7078] F2FS-fs (loop3): Found nat_bits in checkpoint
[  144.542804][ T7078] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  144.632270][ T5788] syz-executor: attempt to access beyond end of device
[  144.632270][ T5788] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  144.646620][ T5788] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  144.799614][   T59] bond0 (unregistering): Released all slaves
[  144.964362][ T7072] team_slave_0: entered allmulticast mode
[  145.003661][ T7074] team_slave_0: entered promiscuous mode
[  145.143497][ T7087] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  145.247021][ T6999] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.260029][ T6999] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.284734][ T6999] bridge_slave_0: entered allmulticast mode
[  145.305173][ T6999] bridge_slave_0: entered promiscuous mode
[  145.331369][ T6999] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.344495][ T6999] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.351804][ T6999] bridge_slave_1: entered allmulticast mode
[  145.363981][ T6999] bridge_slave_1: entered promiscuous mode
[  145.510049][ T6999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.531393][ T6999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.552959][ T7095] pim6reg1: entered promiscuous mode
[  145.561079][ T7095] pim6reg1: entered allmulticast mode
[  145.727974][ T6999] team0: Port device team_slave_0 added
[  145.791674][ T6999] team0: Port device team_slave_1 added
[  145.936059][ T6999] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.943072][ T6999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.983271][ T6999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.015308][ T6999] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.022295][ T6999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.054635][ T5796] Bluetooth: hci0: command tx timeout
[  146.082504][ T6999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  146.179142][ T6999] hsr_slave_0: entered promiscuous mode
[  146.188428][ T6999] hsr_slave_1: entered promiscuous mode
[  146.199927][ T6999] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  146.210936][ T6999] Cannot create hsr debugfs directory
[  146.470508][ T6999] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  146.485214][ T6999] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  146.497075][ T6999] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  146.507872][ T6999] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  146.612904][ T6999] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.648629][ T6999] 8021q: adding VLAN 0 to HW filter on device team0
[  146.669508][ T3424] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.676713][ T3424] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.707118][ T3424] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.714636][ T3424] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.042031][ T6999] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.440955][ T6999] veth0_vlan: entered promiscuous mode
[  147.459564][ T6999] veth1_vlan: entered promiscuous mode
[  147.515976][ T6999] veth0_macvtap: entered promiscuous mode
[  147.531745][ T6999] veth1_macvtap: entered promiscuous mode
[  147.555174][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.566553][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.576624][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.587163][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.597042][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.607717][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.619509][ T6999] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.642472][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.665765][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.676008][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.686822][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.696984][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.708233][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.721153][ T6999] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.737347][ T6999] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.746766][ T6999] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.756116][ T6999] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.764909][ T6999] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.865413][ T3512] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.873281][ T3512] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.915711][ T3512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.923588][ T3512] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.125328][ T5796] Bluetooth: hci0: command tx timeout
[  148.136990][ T7172] loop1: detected capacity change from 0 to 1024
[  148.144850][ T7175] loop6: detected capacity change from 0 to 7
[  148.164689][ T5780] Dev loop6: unable to read RDB block 7
[  148.193862][ T5780]  loop6: unable to read partition table
[  148.210678][ T5780] loop6: partition table beyond EOD, truncated
[  148.250632][ T7175] Dev loop6: unable to read RDB block 7
[  148.270571][ T7175]  loop6: unable to read partition table
[  148.298344][ T7175] loop6: partition table beyond EOD, truncated
[  148.333459][ T7175] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  148.876180][ T5874] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  149.025538][ T7177] loop4: detected capacity change from 0 to 32768
[  149.047183][ T7177] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.308 (7177)
[  149.076479][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.116208][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.151504][ T5874] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  149.172087][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.194407][ T7177] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  149.210378][ T5874] usb 2-1: config 0 descriptor??
[  149.231808][ T7177] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  149.274721][ T7177] BTRFS info (device loop4): using free space tree
[  149.448588][ T7177] BTRFS info (device loop4): enabling ssd optimizations
[  149.463306][ T7177] BTRFS info (device loop4): auto enabling async discard
[  149.648267][ T5874] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor
[  149.713513][ T5874] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0004/input/input12
[  149.896180][ T5874] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  149.966370][ T5874] usb 2-1: USB disconnect, device number 5
[  150.062512][ T7227] loop3: detected capacity change from 0 to 4096
[  150.111726][ T7227] NILFS (loop3): invalid segment: Checksum error in segment payload
[  150.148689][ T7227] NILFS (loop3): trying rollback from an earlier position
[  150.217135][ T7227] NILFS (loop3): recovery complete
[  150.257572][ T7233] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  150.272475][ T7229] fido_id[7229]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  150.476256][ T3424] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  151.511208][ T6146] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  151.822223][ T7242] loop1: detected capacity change from 0 to 40427
[  151.901541][ T7242] F2FS-fs (loop1): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  151.929165][ T7242] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  151.975790][ T7242] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x35f7
[  152.001122][ T7242] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff
[  152.016823][ T7260] loop5: detected capacity change from 0 to 2048
[  152.054893][ T7242] F2FS-fs (loop1): Image doesn't support compression
[  152.112551][ T7242] F2FS-fs (loop1): invalid crc value
[  152.160277][ T7267] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  152.201615][ T7242] F2FS-fs (loop1): Found nat_bits in checkpoint
[  152.451902][ T7260] NILFS error (device loop5): nilfs_dotdot: directory #12 missing '..'
[  152.506081][ T7260] Remounting filesystem read-only
[  152.526465][ T7242] F2FS-fs (loop1): Start checkpoint disabled!
[  152.608367][ T7242] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  152.628146][ T6999] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer
[  152.629717][ T7242] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  152.648312][ T6999] NILFS (loop5): discard dirty page: offset=0, ino=18
[  152.668166][ T6999] NILFS (loop5): discard dirty block: blocknr=0, size=1024
[  152.694411][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  152.703980][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  152.754208][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  152.763396][ T6999] NILFS (loop5): discard dirty page: offset=0, ino=2
[  152.837490][ T6999] NILFS (loop5): discard dirty block: blocknr=18, size=1024
[  152.849852][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  152.889340][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  152.900700][ T7281] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  152.928702][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  152.994718][ T6999] NILFS (loop5): discard dirty page: offset=0, ino=6
[  153.001449][ T6999] NILFS (loop5): discard dirty block: blocknr=35, size=1024
[  153.021927][ T6999] NILFS (loop5): discard dirty block: blocknr=36, size=1024
[  153.036993][ T6999] NILFS (loop5): discard dirty block: blocknr=37, size=1024
[  153.049500][ T6999] NILFS (loop5): discard dirty block: blocknr=38, size=1024
[  153.064522][ T6999] NILFS (loop5): discard dirty page: offset=4096, ino=6
[  153.071536][ T6999] NILFS (loop5): discard dirty block: blocknr=39, size=1024
[  153.074891][ T3424] F2FS-fs (loop1): inject checkpoint error in f2fs_balance_fs of __write_node_page+0xe97/0x17f0
[  153.089493][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.114340][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.123244][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.136044][ T7284] loop4: detected capacity change from 0 to 1764
[  153.148607][ T3424] kworker/u4:10: attempt to access beyond end of device
[  153.148607][ T3424] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  153.185900][ T6999] NILFS (loop5): discard dirty page: offset=0, ino=19
[  153.192726][ T6999] NILFS (loop5): discard dirty block: blocknr=0, size=1024
[  153.198586][ T3424] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  153.237655][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.253645][ T3424] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  153.277187][ T3424] F2FS-fs (loop1): Stopped filesystem due to reason: 1
[  153.295846][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.313193][ T7288] loop3: detected capacity change from 0 to 1024
[  153.374596][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.429855][ T6999] NILFS (loop5): discard dirty page: offset=0, ino=3
[  153.452958][ T7288] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  leaving read-only.
[  153.479496][ T6999] NILFS (loop5): discard dirty block: blocknr=42, size=1024
[  153.502357][ T6999] NILFS (loop5): discard dirty block: blocknr=43, size=1024
[  153.523977][ T6999] NILFS (loop5): discard dirty block: blocknr=44, size=1024
[  153.560530][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.594347][ T6999] NILFS (loop5): discard dirty page: offset=65536, ino=3
[  153.601518][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.638221][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.656109][ T6999] NILFS (loop5): discard dirty block: blocknr=0, size=1024
[  153.677674][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.702259][ T7296] loop3: detected capacity change from 0 to 1024
[  153.709050][ T6999] NILFS (loop5): discard dirty page: offset=98304, ino=3
[  153.723057][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.741951][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.761401][ T6999] NILFS (loop5): discard dirty block: blocknr=0, size=1024
[  153.770273][ T7296] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  153.785656][ T7296] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.797799][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  153.814890][ T5834] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  153.928003][   T28] audit: type=1800 audit(1762210879.735:9): pid=7296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.324" name="file1" dev="loop3" ino=15 res=0 errno=0
[  154.000268][ T7296] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: comm syz.3.324: lblock 0 mapped to illegal pblock 0 (length 6)
[  154.024340][ T5834] usb 5-1: Using ep0 maxpacket: 8
[  154.067812][ T5834] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  154.080097][ T7306] netlink: 28 bytes leftover after parsing attributes in process `syz.5.318'.
[  154.093159][ T5834] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  154.103915][ T7296] EXT4-fs error (device loop3): ext4_ext_remove_space:2929: inode #15: comm syz.3.324: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  154.134399][ T5834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  154.154611][ T5834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  154.184327][ T5834] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  154.207660][ T5834] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  154.227896][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.268871][ T7308] netlink: 8 bytes leftover after parsing attributes in process `syz.5.325'.
[  154.319462][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  154.485789][ T7310] loop1: detected capacity change from 0 to 4096
[  154.542921][ T5834] usb 5-1: usb_control_msg returned -32
[  154.563382][ T5834] usbtmc 5-1:16.0: can't read capabilities
[  154.753303][ T7310] ntfs3: loop1: ino=0, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record
[  154.951660][ T7325] usbtmc 5-1:16.0: INITIATE_ABORT_BULK_IN returned 0
[  155.153601][  T788] usb 5-1: USB disconnect, device number 5
[  155.482522][ T7345] loop3: detected capacity change from 0 to 164
[  155.497981][ T7345] Unable to read rock-ridge attributes
[  155.528101][ T7345] Unable to read rock-ridge attributes
[  156.249942][ T7359] binder: 7358:7359 ioctl c0306201 0 returned -14
[  156.284554][ T7359] binder: 7358:7359 ioctl c0306201 200000000140 returned -11
[  156.451262][ T7347] loop5: detected capacity change from 0 to 32768
[  156.539604][ T7347] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  156.813064][ T7347] XFS (loop5): Ending clean mount
[  156.885044][ T7347] XFS (loop5): User initiated shutdown received.
[  156.905805][ T7347] XFS (loop5): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:501).  Shutting down filesystem.
[  156.934209][ T7347] XFS (loop5): Please unmount the filesystem and rectify the problem(s)
[  156.994196][   T27] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  157.045574][ T6999] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  157.244423][   T27] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  157.261422][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.278865][   T27] usb 4-1: Product: syz
[  157.287689][   T27] usb 4-1: Manufacturer: syz
[  157.296883][   T27] usb 4-1: SerialNumber: syz
[  157.315145][   T27] usb 4-1: config 0 descriptor??
[  157.553374][ T5834] usb 4-1: USB disconnect, device number 6
[  157.694172][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  157.884380][    T9] usb 6-1: Using ep0 maxpacket: 8
[  157.906919][    T9] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  157.921566][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.932796][    T9] usb 6-1: Product: syz
[  157.937290][    T9] usb 6-1: Manufacturer: syz
[  157.942128][    T9] usb 6-1: SerialNumber: syz
[  157.953410][    T9] usb 6-1: config 0 descriptor??
[  157.968287][    T9] gspca_main: se401-2.14.0 probing 047d:5003
[  158.377264][    T9] gspca_se401: Too many frame sizes
[  158.436694][ T7408] netlink: 'syz.3.355': attribute type 10 has an invalid length.
[  158.458744][ T7408] netlink: 'syz.3.355': attribute type 10 has an invalid length.
[  158.483065][ T7408] netlink: 209216 bytes leftover after parsing attributes in process `syz.3.355'.
[  158.552180][ T7408] openvswitch: netlink: Message has 4 unknown bytes.
[  158.580169][ T7413] loop1: detected capacity change from 0 to 128
[  158.582226][    T9] usb 6-1: USB disconnect, device number 2
[  158.633400][ T7413] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  158.658929][ T7413] hpfs: filesystem error: improperly stopped
[  158.706373][ T7413] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  158.782592][ T7413] hpfs: You really don't want any checks? You are crazy...
[  158.814885][ T7413] hpfs: hpfs_map_sector(): read error
[  158.836140][ T7413] hpfs: code page support is disabled
[  158.862765][ T7413] hpfs: hpfs_map_4sectors(): unaligned read
[  158.868966][ T7413] hpfs: hpfs_map_4sectors(): unaligned read
[  158.875991][ T7413] hpfs: filesystem error: unable to find root dir
[  159.200475][ T7425] loop4: detected capacity change from 0 to 512
[  159.291232][ T7425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.378516][ T7425] ext4 filesystem being mounted at /66/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.443458][ T7427] loop5: detected capacity change from 0 to 4096
[  159.502877][ T7432] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.531409][   T28] audit: type=1800 audit(1762210885.335:10): pid=7425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.360" name="file2" dev="loop4" ino=16 res=0 errno=0
[  159.607047][ T7427] NILFS error (device loop5): nilfs_readdir: zero-length directory entry
[  159.662838][ T7427] Remounting filesystem read-only
[  159.675960][ T6146] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.819970][ T6999] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer
[  159.837241][ T6999] NILFS (loop5): discard dirty page: offset=0, ino=2
[  159.844019][ T6999] NILFS (loop5): discard dirty block: blocknr=18, size=1024
[  159.869867][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.904374][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.926022][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.943004][ T6999] NILFS (loop5): discard dirty page: offset=0, ino=6
[  159.956221][ T6999] NILFS (loop5): discard dirty block: blocknr=34, size=1024
[  159.975432][ T6999] NILFS (loop5): discard dirty block: blocknr=35, size=1024
[  159.989949][ T6999] NILFS (loop5): discard dirty block: blocknr=36, size=1024
[  160.015336][ T6999] NILFS (loop5): discard dirty block: blocknr=37, size=1024
[  160.023867][ T6999] NILFS (loop5): discard dirty page: offset=4096, ino=6
[  160.039599][ T6999] NILFS (loop5): discard dirty block: blocknr=38, size=1024
[  160.049438][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.061225][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.071536][ T6999] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.160094][ T7440] loop3: detected capacity change from 0 to 2048
[  160.223840][ T7440] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.229740][ T7444] loop5: detected capacity change from 0 to 128
[  160.249666][ T7440] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.271717][ T7421] loop1: detected capacity change from 0 to 32768
[  160.299029][ T7444] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  160.335024][ T7421] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.346960][ T7444] ext4 filesystem being mounted at /13/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  160.378836][    C0] vkms_vblank_simulate: vblank timer overrun
[  160.431386][ T7444] EXT4-fs error (device loop5): make_indexed_dir:2333: inode #2: block 18: comm syz.5.363: bad entry in directory: rec_len is smaller than minimal - offset=36, inode=128, rec_len=9, size=1000 fake=0
[  160.478512][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.592454][ T6999] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  160.610971][ T7421] XFS (loop1): Ending clean mount
[  160.721082][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  161.781214][ T7485] loop4: detected capacity change from 0 to 4096
[  161.793307][ T7485] ntfs3: loop4: ino=3, Correct links count -> 2.
[  161.892044][ T7485] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  161.924875][   T27] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  162.144344][   T27] usb 2-1: Using ep0 maxpacket: 16
[  162.153861][   T27] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  162.168897][   T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.180128][   T27] usb 2-1: Product: syz
[  162.190326][   T27] usb 2-1: Manufacturer: syz
[  162.198345][   T27] usb 2-1: SerialNumber: syz
[  162.210539][   T27] usb 2-1: config 0 descriptor??
[  162.219118][   T27] ums-onetouch 2-1:0.0: USB Mass Storage device detected
[  162.425687][   T27] usb 2-1: USB disconnect, device number 6
[  163.564248][   T27] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  163.737410][ T7497] loop4: detected capacity change from 0 to 40427
[  163.760433][ T7497] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x7ffff
[  163.774751][   T27] usb 2-1: config index 0 descriptor too short (expected 39, got 27)
[  163.794168][   T27] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  163.827161][ T7497] F2FS-fs (loop4): invalid crc value
[  163.847270][   T27] usb 2-1: config 0 interface 0 has no altsetting 0
[  163.868244][   T27] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  163.879464][ T7497] F2FS-fs (loop4): Found nat_bits in checkpoint
[  163.903082][   T27] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  163.944384][   T27] usb 2-1: Product: syz
[  163.948628][   T27] usb 2-1: Manufacturer: syz
[  163.970080][   T27] usb 2-1: SerialNumber: syz
[  163.993175][   T27] usb 2-1: config 0 descriptor??
[  164.018312][   T27] hub 2-1:0.0: bad descriptor, ignoring hub
[  164.051343][   T27] hub: probe of 2-1:0.0 failed with error -5
[  164.063042][ T7497] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  164.082238][   T27] usb 2-1: selecting invalid altsetting 0
[  164.138870][ T7497] syz.4.381: attempt to access beyond end of device
[  164.138870][ T7497] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  164.316158][ T7530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  164.351728][ T7530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.371818][ T7513] loop3: detected capacity change from 0 to 32768
[  164.397542][ T6146] syz-executor: attempt to access beyond end of device
[  164.397542][ T6146] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  164.434758][ T6146] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  164.472782][ T7513] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.699841][ T7513] XFS (loop3): Ending clean mount
[  164.771172][ T7513] XFS (loop3): Quotacheck needed: Please wait.
[  164.907246][ T7513] XFS (loop3): Quotacheck: Done.
[  165.121557][ T5788] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  165.296344][   T27] usb 2-1: USB disconnect, device number 7
[  165.394290][  T789] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  165.445276][ T7559] loop8: detected capacity change from 0 to 7
[  165.482259][ T7559] Dev loop8: unable to read RDB block 7
[  165.503139][ T7559]  loop8: unable to read partition table
[  165.520507][ T7559] loop8: partition table beyond EOD, truncated
[  165.537272][ T7559] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  165.604357][  T789] usb 6-1: Using ep0 maxpacket: 8
[  165.619075][  T789] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  165.639425][  T789] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  165.688806][  T789] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  165.708523][  T789] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  165.734521][ T7566] batadv_slave_0: entered promiscuous mode
[  165.742800][  T789] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  165.757480][ T7565] batadv_slave_0: left promiscuous mode
[  165.770459][  T789] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.017191][  T789] usb 6-1: GET_CAPABILITIES returned 0
[  166.022751][  T789] usbtmc 6-1:16.0: can't read capabilities
[  166.257056][  T789] usb 6-1: USB disconnect, device number 3
[  166.298431][ T7587] loop4: detected capacity change from 0 to 128
[  166.378293][ T7587] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  166.420627][ T7587] ext4 filesystem being mounted at /77/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  166.603918][ T6146] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  167.295316][ T7614] loop4: detected capacity change from 0 to 1024
[  167.327534][ T7614] EXT4-fs: Ignoring removed nobh option
[  167.333162][ T7614] EXT4-fs: inline encryption not supported
[  167.393874][ T7614] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  167.466348][ T7614] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.618896][ T6146] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.819292][ T7631] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  168.068062][ T7640] loop4: detected capacity change from 0 to 1024
[  168.146161][ T7640] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.164178][  T788] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  168.325617][ T7618] loop1: detected capacity change from 0 to 32768
[  168.363228][ T7618] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.408 (7618)
[  168.378361][  T788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.396672][ T6146] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.399940][  T788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.431764][ T7618] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  168.446720][  T788] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  168.477721][ T7618] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  168.494498][  T788] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  168.508894][ T7618] BTRFS info (device loop1): enabling auto defrag
[  168.524268][  T788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.532399][ T7618] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  168.555212][  T788] usb 6-1: config 0 descriptor??
[  168.561766][ T7618] BTRFS info (device loop1): use zstd compression, level 3
[  168.619858][ T7618] BTRFS info (device loop1): max_inline at 0
[  168.654828][ T7618] BTRFS info (device loop1): force clearing of disk cache
[  168.682625][ T7618] BTRFS info (device loop1): turning on sync discard
[  168.709233][ T7618] BTRFS info (device loop1): turning off discard
[  168.733916][ T7618] BTRFS info (device loop1): disabling free space tree
[  168.887371][ T7618] BTRFS info (device loop1): enabling ssd optimizations
[  168.920303][ T7618] BTRFS info (device loop1): rebuilding free space tree
[  168.994863][  T788] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  169.017424][ T7618] BTRFS info (device loop1): disabling free space tree
[  169.033135][ T7618] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  169.043115][  T788] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  169.101289][ T7618] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  169.214230][    T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  169.275787][   T23] usb 6-1: USB disconnect, device number 4
[  169.406431][    T9] usb 5-1: Using ep0 maxpacket: 8
[  169.425449][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  169.458862][    T9] usb 5-1: config 0 has no interface number 0
[  169.481831][    T9] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  169.522670][    T9] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  169.568167][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.608557][    T9] usb 5-1: config 0 descriptor??
[  169.655188][    T9] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  169.868089][ T5789] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  170.221449][ T5834] usb 5-1: USB disconnect, device number 6
[  170.615337][ T7700] loop3: detected capacity change from 0 to 32768
[  170.683389][ T7700] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  170.717413][ T7700] XFS (loop3): Ending clean mount
[  170.731857][ T7700] XFS (loop3): Quotacheck needed: Please wait.
[  170.836269][ T7718] netlink: 36 bytes leftover after parsing attributes in process `syz.5.426'.
[  170.882458][ T7700] XFS (loop3): Quotacheck: Done.
[  170.899372][ T7700] XFS (loop3): syz.3.424 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  171.021587][ T5788] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  171.084730][ T7726] nbd: illegal input index -1
[  171.304250][ T7730] netlink: 'syz.1.430': attribute type 5 has an invalid length.
[  172.547579][ T7768] loop4: detected capacity change from 0 to 512
[  172.608576][ T7768] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  172.650279][ T7768] UDF-fs: Scanning with blocksize 512 failed
[  172.707368][ T7768] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  172.741480][ T7768] UDF-fs: Scanning with blocksize 1024 failed
[  172.778896][ T7768] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  172.799771][ T7768] UDF-fs: Scanning with blocksize 2048 failed
[  172.830138][ T7768] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  172.901534][ T7768] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  173.154407][  T788] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  173.354208][  T788] usb 2-1: Using ep0 maxpacket: 8
[  173.368786][  T788] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  173.380776][  T788] usb 2-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config
[  173.414224][  T788] usb 2-1: config 0 has no interface number 0
[  173.420404][  T788] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 97, changing to 10
[  173.432826][ T7785] loop5: detected capacity change from 0 to 2048
[  173.482459][  T788] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24929, setting to 1024
[  173.486125][ T7790] loop4: detected capacity change from 0 to 128
[  173.516807][ T7785] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.529718][ T7790] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  173.552966][ T7790] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  173.564438][  T788] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  173.603978][ T7785] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  173.691193][  T788] usb 2-1: config 0 interface 52 has no altsetting 0
[  173.705853][ T7785] EXT4-fs error (device loop5): ext4_validate_block_bitmap:439: comm syz.5.443: bg 0: block 345: padding at end of block bitmap is not set
[  173.751047][ T7785] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1 with error 117
[  173.751250][  T788] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00
[  173.803552][ T7785] EXT4-fs (loop5): This should not happen!! Data will be lost
[  173.803552][ T7785] 
[  173.840675][  T788] usb 2-1: New USB device strings: Mfr=0, Product=234, SerialNumber=34
[  173.874130][  T788] usb 2-1: Product: syz
[  173.878387][  T788] usb 2-1: SerialNumber: syz
[  173.917707][  T788] usb 2-1: config 0 descriptor??
[  173.968640][ T6999] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.141693][  T788] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input14
[  174.439996][    T9] usb 2-1: USB disconnect, device number 8
[  174.440053][    C1] synaptics_usb 2-1:0.52: synusb_irq - usb_submit_urb failed with result: -19
[  175.667618][ T5874] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  175.876076][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.897480][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.917702][ T7831] loop5: detected capacity change from 0 to 32768
[  175.924598][ T5874] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  175.944420][ T7831] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.453 (7831)
[  175.973683][ T5874] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  175.984721][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.006672][ T5874] usb 2-1: config 0 descriptor??
[  176.037372][ T7831] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  176.071832][ T7831] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  176.091763][ T7831] BTRFS info (device loop5): enabling auto defrag
[  176.104131][ T7831] BTRFS info (device loop5): use no compression
[  176.111645][ T7831] BTRFS info (device loop5): max_inline at 4096
[  176.126156][ T7831] BTRFS info (device loop5): using free space tree
[  176.324234][ T7831] BTRFS info (device loop5): enabling ssd optimizations
[  176.365272][ T7831] BTRFS info (device loop5): auto enabling async discard
[  176.434407][    T9] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  176.438401][ T5874] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  176.527891][ T5874] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  176.718198][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  176.734407][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  176.737308][ T5874] usb 2-1: USB disconnect, device number 9
[  176.786489][ T6999] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  176.806409][    T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  176.844879][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.852934][    T9] usb 5-1: Product: syz
[  176.896393][    T9] usb 5-1: Manufacturer: syz
[  176.896497][ T7867] netlink: 16 bytes leftover after parsing attributes in process `syz.3.462'.
[  176.914432][    T9] usb 5-1: SerialNumber: syz
[  176.956794][ T5780] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop5 scanned by udevd (5780)
[  177.075191][ T7870] netlink: 8 bytes leftover after parsing attributes in process `syz.5.461'.
[  177.159696][    T9] usb 5-1: 0:2 : does not exist
[  177.177095][    T9] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  177.230343][    T9] usb 5-1: USB disconnect, device number 7
[  177.320619][ T5799] udevd[5799]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  177.996747][ T7884] loop4: detected capacity change from 0 to 256
[  178.316863][ T7876] loop1: detected capacity change from 0 to 32768
[  178.381048][ T7876] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  178.443142][   T28] audit: type=1800 audit(1762210904.245:11): pid=7876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.465" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  178.604669][ T7876] 
[  178.607059][ T7876] ======================================================
[  178.614107][ T7876] WARNING: possible circular locking dependency detected
[  178.621159][ T7876] syzkaller #0 Not tainted
[  178.625603][ T7876] ------------------------------------------------------
[  178.632644][ T7876] syz.1.465/7876 is trying to acquire lock:
[  178.638552][ T7876] ffff88805ef51818 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_del_inode_from_orphan+0x135/0x740
[  178.651555][ T7876] 
[  178.651555][ T7876] but task is already holding lock:
[  178.658945][ T7876] ffff88805ef40660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0
[  178.669794][ T7876] 
[  178.669794][ T7876] which lock already depends on the new lock.
[  178.669794][ T7876] 
[  178.680229][ T7876] 
[  178.680229][ T7876] the existing dependency chain (in reverse order) is:
[  178.689267][ T7876] 
[  178.689267][ T7876] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
[  178.698174][ T7876]        down_write+0x97/0x1f0
[  178.702993][ T7876]        ocfs2_create_local_dquot+0x1a4/0x1790
[  178.709186][ T7876]        ocfs2_acquire_dquot+0x7cf/0xaf0
[  178.714845][ T7876]        dqget+0x77c/0xeb0
[  178.719289][ T7876]        __dquot_initialize+0x3ba/0xcb0
[  178.724863][ T7876]        ocfs2_get_init_inode+0x13c/0x1b0
[  178.730598][ T7876]        ocfs2_mknod+0x867/0x20f0
[  178.735632][ T7876]        ocfs2_create+0x196/0x410
[  178.740672][ T7876]        path_openat+0x1277/0x3190
[  178.745808][ T7876]        do_filp_open+0x1c5/0x3d0
[  178.750854][ T7876]        do_sys_openat2+0x12c/0x1c0
[  178.756069][ T7876]        __x64_sys_openat+0x139/0x160
[  178.761453][ T7876]        do_syscall_64+0x55/0xb0
[  178.766420][ T7876]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  178.772863][ T7876] 
[  178.772863][ T7876] -> #2 (&dquot->dq_lock){+.+.}-{3:3}:
[  178.780523][ T7876]        __mutex_lock+0x129/0xcc0
[  178.785564][ T7876]        dqget+0x6fc/0xeb0
[  178.789992][ T7876]        __dquot_initialize+0x3ba/0xcb0
[  178.795550][ T7876]        ocfs2_get_init_inode+0x13c/0x1b0
[  178.801273][ T7876]        ocfs2_mknod+0x867/0x20f0
[  178.806302][ T7876]        ocfs2_create+0x196/0x410
[  178.811329][ T7876]        path_openat+0x1277/0x3190
[  178.816453][ T7876]        do_filp_open+0x1c5/0x3d0
[  178.821498][ T7876]        do_sys_openat2+0x12c/0x1c0
[  178.826708][ T7876]        __x64_sys_openat+0x139/0x160
[  178.832091][ T7876]        do_syscall_64+0x55/0xb0
[  178.837038][ T7876]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  178.843458][ T7876] 
[  178.843458][ T7876] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}:
[  178.854005][ T7876]        down_write+0x97/0x1f0
[  178.858816][ T7876]        ocfs2_evict_inode+0x1313/0x3e70
[  178.864475][ T7876]        evict+0x486/0x870
[  178.868913][ T7876]        do_unlinkat+0x37b/0x570
[  178.873860][ T7876]        __x64_sys_unlinkat+0xd5/0xe0
[  178.879242][ T7876]        do_syscall_64+0x55/0xb0
[  178.884192][ T7876]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  178.890626][ T7876] 
[  178.890626][ T7876] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}:
[  178.900967][ T7876]        __lock_acquire+0x2ddb/0x7c80
[  178.906354][ T7876]        lock_acquire+0x197/0x410
[  178.911398][ T7876]        down_write+0x97/0x1f0
[  178.916177][ T7876]        ocfs2_del_inode_from_orphan+0x135/0x740
[  178.922517][ T7876]        ocfs2_dio_end_io+0x47b/0x10f0
[  178.927987][ T7876]        dio_complete+0x254/0x710
[  178.933014][ T7876]        __blockdev_direct_IO+0x2dc8/0x3420
[  178.938914][ T7876]        ocfs2_direct_IO+0x240/0x2b0
[  178.944216][ T7876]        generic_file_direct_write+0x1d4/0x3e0
[  178.950366][ T7876]        __generic_file_write_iter+0x11b/0x230
[  178.956525][ T7876]        ocfs2_file_write_iter+0x1582/0x1d00
[  178.963060][ T7876]        do_iter_write+0x79a/0xc70
[  178.968189][ T7876]        iter_file_splice_write+0x66f/0xc50
[  178.974116][ T7876]        direct_splice_actor+0xe8/0x130
[  178.979677][ T7876]        splice_direct_to_actor+0x2f0/0x870
[  178.985581][ T7876]        do_splice_direct+0x1b7/0x2c0
[  178.990962][ T7876]        do_sendfile+0x5dc/0xf70
[  178.995904][ T7876]        __se_sys_sendfile64+0x13f/0x190
[  179.001545][ T7876]        do_syscall_64+0x55/0xb0
[  179.006513][ T7876]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  179.012940][ T7876] 
[  179.012940][ T7876] other info that might help us debug this:
[  179.012940][ T7876] 
[  179.023173][ T7876] Chain exists of:
[  179.023173][ T7876]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key
[  179.023173][ T7876] 
[  179.040128][ T7876]  Possible unsafe locking scenario:
[  179.040128][ T7876] 
[  179.047588][ T7876]        CPU0                    CPU1
[  179.052970][ T7876]        ----                    ----
[  179.058333][ T7876]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  179.063970][ T7876]                                lock(&dquot->dq_lock);
[  179.070909][ T7876]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  179.079068][ T7876]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]);
[  179.086187][ T7876] 
[  179.086187][ T7876]  *** DEADLOCK ***
[  179.086187][ T7876] 
[  179.094331][ T7876] 3 locks held by syz.1.465/7876:
[  179.099355][ T7876]  #0: ffff88807aa9a418 (sb_writers#15){.+.+}-{0:0}, at: do_sendfile+0x5b9/0xf70
[  179.108511][ T7876]  #1: ffff88805ef409d8 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ocfs2_file_write_iter+0x40b/0x1d00
[  179.119841][ T7876]  #2: ffff88805ef40660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0
[  179.130904][ T7876] 
[  179.130904][ T7876] stack backtrace:
[  179.136812][ T7876] CPU: 0 PID: 7876 Comm: syz.1.465 Not tainted syzkaller #0
[  179.144106][ T7876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  179.154179][ T7876] Call Trace:
[  179.157479][ T7876]  <TASK>
[  179.160427][ T7876]  dump_stack_lvl+0x16c/0x230
[  179.165127][ T7876]  ? load_image+0x3b0/0x3b0
[  179.169646][ T7876]  ? show_regs_print_info+0x20/0x20
[  179.174867][ T7876]  ? print_circular_bug+0x12b/0x1a0
[  179.180079][ T7876]  check_noncircular+0x2bd/0x3c0
[  179.185031][ T7876]  ? print_deadlock_bug+0x5d0/0x5d0
[  179.190234][ T7876]  ? lockdep_lock+0xe0/0x220
[  179.194834][ T7876]  ? _find_first_zero_bit+0xd3/0x100
[  179.200133][ T7876]  __lock_acquire+0x2ddb/0x7c80
[  179.205002][ T7876]  ? ocfs2_get_system_file_inode+0x1e3/0x7b0
[  179.210992][ T7876]  ? __lock_acquire+0x7c80/0x7c80
[  179.216023][ T7876]  ? verify_lock_unused+0x140/0x140
[  179.221231][ T7876]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[  179.226881][ T7876]  ? do_raw_spin_lock+0x121/0x2c0
[  179.231914][ T7876]  ? mutex_unlock+0x10/0x10
[  179.236431][ T7876]  lock_acquire+0x197/0x410
[  179.240947][ T7876]  ? ocfs2_del_inode_from_orphan+0x135/0x740
[  179.246940][ T7876]  ? ocfs2_get_system_file_inode+0x1f1/0x7b0
[  179.252925][ T7876]  ? __might_sleep+0xe0/0xe0
[  179.257529][ T7876]  ? read_lock_is_recursive+0x20/0x20
[  179.262911][ T7876]  ? ocfs2_fast_symlink_read_folio+0x530/0x530
[  179.269073][ T7876]  ? do_raw_spin_unlock+0x121/0x230
[  179.274318][ T7876]  down_write+0x97/0x1f0
[  179.278571][ T7876]  ? ocfs2_del_inode_from_orphan+0x135/0x740
[  179.284585][ T7876]  ? down_read_killable+0x340/0x340
[  179.289823][ T7876]  ocfs2_del_inode_from_orphan+0x135/0x740
[  179.295642][ T7876]  ? __might_sleep+0xe0/0xe0
[  179.300242][ T7876]  ? read_lock_is_recursive+0x20/0x20
[  179.305622][ T7876]  ? ocfs2_add_inode_to_orphan+0x710/0x710
[  179.311435][ T7876]  ? __lock_acquire+0x1334/0x7c80
[  179.316474][ T7876]  ? down_write+0x162/0x1f0
[  179.320993][ T7876]  ? down_read_killable+0x340/0x340
[  179.326216][ T7876]  ocfs2_dio_end_io+0x47b/0x10f0
[  179.331175][ T7876]  ? ocfs2_dio_wr_get_block+0x17a0/0x17a0
[  179.336928][ T7876]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  179.342852][ T7876]  ? _raw_spin_unlock+0x40/0x40
[  179.347711][ T7876]  ? debug_check_no_obj_freed+0x51f/0x540
[  179.353446][ T7876]  ? mark_lock+0x94/0x320
[  179.357790][ T7876]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  179.363779][ T7876]  ? lock_chain_count+0x20/0x20
[  179.368638][ T7876]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  179.374569][ T7876]  ? lockdep_hardirqs_on+0x98/0x150
[  179.379777][ T7876]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  179.385684][ T7876]  ? ocfs2_dio_wr_get_block+0x17a0/0x17a0
[  179.391420][ T7876]  dio_complete+0x254/0x710
[  179.395935][ T7876]  __blockdev_direct_IO+0x2dc8/0x3420
[  179.401325][ T7876]  ? show_vfsstat+0x3a0/0x3a0
[  179.406095][ T7876]  ? ocfs2_lock_get_block+0x60/0x60
[  179.411317][ T7876]  ? filemap_write_and_wait_range+0x160/0x1f0
[  179.417402][ T7876]  ? lock_chain_count+0x20/0x20
[  179.422353][ T7876]  ? __rwlock_init+0x150/0x150
[  179.427135][ T7876]  ? ocfs2_lock_get_block+0x60/0x60
[  179.432355][ T7876]  ocfs2_direct_IO+0x240/0x2b0
[  179.437142][ T7876]  generic_file_direct_write+0x1d4/0x3e0
[  179.442789][ T7876]  __generic_file_write_iter+0x11b/0x230
[  179.448431][ T7876]  ? ocfs2_file_write_iter+0x1559/0x1d00
[  179.454085][ T7876]  ocfs2_file_write_iter+0x1582/0x1d00
[  179.459569][ T7876]  ? ocfs2_file_read_iter+0xa30/0xa30
[  179.464972][ T7876]  ? kasan_set_track+0x5f/0x70
[  179.469743][ T7876]  ? aa_path_link+0xdf0/0xdf0
[  179.474430][ T7876]  ? iter_file_splice_write+0x18a/0xc50
[  179.479997][ T7876]  ? direct_splice_actor+0xe8/0x130
[  179.485219][ T7876]  ? splice_direct_to_actor+0x2f0/0x870
[  179.490779][ T7876]  ? do_splice_direct+0x1b7/0x2c0
[  179.495819][ T7876]  ? do_sendfile+0x5dc/0xf70
[  179.500423][ T7876]  ? __se_sys_sendfile64+0x13f/0x190
[  179.505732][ T7876]  ? do_syscall_64+0x55/0xb0
[  179.510336][ T7876]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  179.516415][ T7876]  ? end_current_label_crit_section+0x149/0x170
[  179.522669][ T7876]  ? common_file_perm+0x198/0x1f0
[  179.527710][ T7876]  do_iter_write+0x79a/0xc70
[  179.532323][ T7876]  ? vfs_iter_write+0xa0/0xa0
[  179.537012][ T7876]  ? __asan_memset+0x22/0x40
[  179.541612][ T7876]  ? iov_iter_bvec+0xd4/0x1b0
[  179.546307][ T7876]  ? vfs_iter_write+0x6e/0xa0
[  179.551007][ T7876]  iter_file_splice_write+0x66f/0xc50
[  179.556393][ T7876]  ? filemap_splice_read+0x881/0x9e0
[  179.561694][ T7876]  ? splice_from_pipe+0x150/0x150
[  179.566742][ T7876]  ? splice_folio_into_pipe+0xb10/0xb10
[  179.572304][ T7876]  ? splice_from_pipe+0x150/0x150
[  179.577344][ T7876]  direct_splice_actor+0xe8/0x130
[  179.582385][ T7876]  splice_direct_to_actor+0x2f0/0x870
[  179.587780][ T7876]  ? direct_file_splice_eof+0xb0/0xb0
[  179.593171][ T7876]  ? warn_unsupported+0xc0/0xc0
[  179.598040][ T7876]  ? fsnotify_perm+0x5d/0x5e0
[  179.602733][ T7876]  ? security_file_permission+0x79/0xa0
[  179.608293][ T7876]  do_splice_direct+0x1b7/0x2c0
[  179.613163][ T7876]  ? splice_direct_to_actor+0x870/0x870
[  179.618735][ T7876]  ? rcu_read_lock_any_held+0xb4/0x120
[  179.624218][ T7876]  ? do_splice_direct+0x2c0/0x2c0
[  179.629270][ T7876]  do_sendfile+0x5dc/0xf70
[  179.633726][ T7876]  ? do_pwritev+0x340/0x340
[  179.638267][ T7876]  __se_sys_sendfile64+0x13f/0x190
[  179.643400][ T7876]  ? lock_chain_count+0x20/0x20
[  179.648268][ T7876]  ? __x64_sys_sendfile64+0xb0/0xb0
[  179.653486][ T7876]  ? lockdep_hardirqs_on+0x98/0x150
[  179.658696][ T7876]  do_syscall_64+0x55/0xb0
[  179.663128][ T7876]  ? clear_bhb_loop+0x40/0x90
[  179.667814][ T7876]  ? clear_bhb_loop+0x40/0x90
[  179.672500][ T7876]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  179.678484][ T7876] RIP: 0033:0x7f96e538f6c9
[  179.682942][ T7876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.702575][ T7876] RSP: 002b:00007f96e6258038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  179.711031][ T7876] RAX: ffffffffffffffda RBX: 00007f96e55e5fa0 RCX: 00007f96e538f6c9
[  179.719013][ T7876] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  179.726996][ T7876] RBP: 00007f96e5411f91 R08: 0000000000000000 R09: 0000000000000000
[  179.734977][ T7876] R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
[  179.742954][ T7876] R13: 00007f96e55e6038 R14: 00007f96e55e5fa0 R15: 00007ffd63154178
[  179.750947][ T7876]  </TASK>
[  179.878043][   T28] audit: type=1800 audit(1762210905.685:12): pid=7894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.465" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  179.935400][ T7876] syz.1.465 (7876) used greatest stack depth: 18544 bytes left
[  179.959703][ T5789] ocfs2: Unmounting device (7,1) on (node local)
[  180.065217][ T7891] loop4: detected capacity change from 0 to 32768
[  180.094697][ T7891] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 scanned by syz.4.471 (7891)
[  180.120609][ T7891] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  180.141884][ T7891] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  180.160264][ T7891] BTRFS info (device loop4): using free space tree
[  180.217559][ T7891] BTRFS info (device loop4): enabling ssd optimizations
[  180.224961][ T7891] BTRFS info (device loop4): auto enabling async discard
[  180.271168][ T6146] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6