last executing test programs:

22m49.258979611s ago: executing program 1 (id=208):
syz_open_dev$video(0x0, 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8080)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r0 = socket(0x10, 0x40000, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4008840)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x4, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x80489439, &(0x7f00000001c0))
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff780000000, 0x0, 0x2}, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/oss_mixer\x00', 0x42002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86)
socket$inet6_udplite(0xa, 0x2, 0x88)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0), 0x12)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'})
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

22m42.63396399s ago: executing program 1 (id=221):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
unshare(0x64030c00)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04)
write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x1f)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={0x0, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x68, &(0x7f00000003c0)=""/104}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)

22m41.570809531s ago: executing program 1 (id=224):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001000010700000000004000000a000000060001001800000008000a00", @ANYRES64=r3], 0x24}}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
pipe(&(0x7f0000000280)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
write(r4, &(0x7f0000000240)="94", 0x1)
write$cgroup_type(r6, &(0x7f0000000180), 0x9)
write(r5, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet(0x2b, 0x801, 0x0)

22m39.004891497s ago: executing program 1 (id=230):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

22m38.1750478s ago: executing program 1 (id=231):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x4, 0x9, 0x3202, @vifc_lcl_ifindex, @local}, 0x10)

22m34.184373536s ago: executing program 1 (id=243):
epoll_create(0x7)
unshare(0x2a020480)
r0 = fsopen(&(0x7f0000000600)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x1, 0x1)
open(&(0x7f0000000080)='.\x00', 0x480, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
openat$random(0xffffffffffffff9c, &(0x7f0000001880), 0x40101, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x1, 0xfffffffffffffffc, 0x0, 0x0, 0xffffeffffffffffe, 0x2, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x7f, 0x800000, 0x3, 0x7, 0xc3ad, 0x4}, 0x0, 0x0)

22m33.020943793s ago: executing program 32 (id=243):
epoll_create(0x7)
unshare(0x2a020480)
r0 = fsopen(&(0x7f0000000600)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x1, 0x1)
open(&(0x7f0000000080)='.\x00', 0x480, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
openat$random(0xffffffffffffff9c, &(0x7f0000001880), 0x40101, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x1, 0xfffffffffffffffc, 0x0, 0x0, 0xffffeffffffffffe, 0x2, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x7f, 0x800000, 0x3, 0x7, 0xc3ad, 0x4}, 0x0, 0x0)

20m25.368139083s ago: executing program 3 (id=516):
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000200)={0x1, &(0x7f00000000c0)=[{0x1, 0x3, 0x6, 0x8}]})
fcntl$setown(r0, 0x8, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
gettid()
socket$nl_generic(0x10, 0x3, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
keyctl$join(0x1, &(0x7f0000000080)={'syz', 0x2})

20m17.639686977s ago: executing program 3 (id=536):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001000010700000000004000000a000000060001001800000008000a00", @ANYRES64=r3], 0x24}}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
pipe(&(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write(r5, &(0x7f0000000240)="94", 0x1)
tee(r4, r7, 0x8f5, 0x100000000000000)
write$cgroup_type(r7, &(0x7f0000000180), 0x9)
write(r6, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet(0x2b, 0x801, 0x0)

20m16.559381017s ago: executing program 3 (id=538):
getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

20m15.182892775s ago: executing program 3 (id=540):
pread64(0xffffffffffffffff, &(0x7f0000000200)=""/56, 0x38, 0x100000000)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r3 = fanotify_init(0xf00, 0x1)
fanotify_mark(r3, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
fallocate(r2, 0x0, 0x1000000, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, 0x0)
memfd_secret(0x0)

20m13.508051045s ago: executing program 3 (id=542):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
faccessat2(0xffffffffffffffff, 0x0, 0x20, 0x600)
setpgid(r1, 0x0)
setpgid(0x0, r1)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x800000000000001)

20m11.646578487s ago: executing program 3 (id=547):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

19m56.032170495s ago: executing program 33 (id=547):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

16m46.8549655s ago: executing program 2 (id=959):
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000000c0)='THAWED\x00', 0x7)
ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f00000005c0)={0x0, 0x0})
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000)

16m45.751941411s ago: executing program 2 (id=962):
r0 = syz_open_dev$video4linux(0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
writev(r1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r4, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000000c0)={0xb, 0x4, 0xfe, 0x2, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5}, 0xe)
setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f0000000000)=0xf66, 0x4)
shutdown(r4, 0x1)
recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r1, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"})

16m42.629782916s ago: executing program 2 (id=966):
socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18)
signalfd(r0, &(0x7f0000000080)={[0x4]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x80805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x4004885)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000004c00)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x4)
pwrite64(0xffffffffffffffff, &(0x7f00000011c0), 0x0, 0x7)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

16m40.053069288s ago: executing program 2 (id=970):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

16m39.247018528s ago: executing program 2 (id=973):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, 0x0, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x0, 0x3, 0x8b}, &(0x7f0000000400)=<r3=>0x0, &(0x7f0000000380))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0)

16m36.469939139s ago: executing program 2 (id=979):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000062010c0000ecff0095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x49a, &(0x7f0000000680)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0x4, 0x1})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r5=>r1, {0x10}}, './file0\x00'})
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, r5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x1, 0x4, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}, @IFLA_MTU={0x8}]}, 0x34}}, 0x0)

16m35.940670296s ago: executing program 34 (id=979):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000062010c0000ecff0095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x49a, &(0x7f0000000680)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0x4, 0x1})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r5=>r1, {0x10}}, './file0\x00'})
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, r5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x1, 0x4, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}, @IFLA_MTU={0x8}]}, 0x34}}, 0x0)

14m52.022105966s ago: executing program 5 (id=1196):
r0 = socket(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x10000003, @local, 0x8}, 0x7b)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r1, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = memfd_secret(0x0)
ftruncate(r3, 0x581)

14m51.054355179s ago: executing program 5 (id=1198):
socket$kcm(0x2, 0xa, 0x2)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40004, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x83}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000780)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r2, 0xffffffffffffffff}}, './file0\x00'})
sendmsg$TIPC_NL_KEY_FLUSH(r1, 0x0, 0x4000000)
fsopen(0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000180)={0x0, 0x800, 0xe}})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

14m48.942755698s ago: executing program 5 (id=1201):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
unshare(0x64030c00)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x1f)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={0x0, 0xf0}, 0x1, 0xe}, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f00000002c0))
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x68, &(0x7f00000003c0)=""/104}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)

14m48.082943506s ago: executing program 5 (id=1202):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
faccessat2(0xffffffffffffffff, 0x0, 0x20, 0x600)
setpgid(r1, 0x0)
setpgid(0x0, r1)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
mkdir(0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x800000000000001)

14m47.624799291s ago: executing program 5 (id=1205):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, 0x0)
socket$key(0xf, 0x3, 0x2)

14m45.249731375s ago: executing program 5 (id=1208):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
pipe(&(0x7f0000000280)={<r4=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
tee(r4, r5, 0x8f5, 0x100000000000000)
write$cgroup_type(r5, &(0x7f0000000180), 0x9)
write(0xffffffffffffffff, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)

14m43.848721044s ago: executing program 35 (id=1208):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
pipe(&(0x7f0000000280)={<r4=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
tee(r4, r5, 0x8f5, 0x100000000000000)
write$cgroup_type(r5, &(0x7f0000000180), 0x9)
write(0xffffffffffffffff, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)

3m50.81110525s ago: executing program 4 (id=2370):
syz_emit_vhci(&(0x7f00000030c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x8, 0x0, 0x411}}}, 0x7)

3m50.58707292s ago: executing program 4 (id=2371):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000340)='./file0\x00', 0x1, &(0x7f0000000080)={[{@shortname_win95}, {@fat=@debug}]}, 0xfe, 0x31b, &(0x7f0000000a00)="$eJzs3UFrXFUUB/CTWBOppJOFCAriRTe6eSTxCzhIC2JAiY1UF8KredFhXmfCvKEyRaw7t36O4tKdIH6BbNy7c5eNyy6KT5JppkkcFy1M34T5/SDcAzd/5lyGN5zNzD269dOd7n6V7efDWH4/xXJELD+MWD+pxpbOrEuxEmf9EO+2bv35xqeff/FRe3v7+k5KN9o339tKKV1787dvv/v5rd+HL3/2y7VfV+Nw/cujv7f+Onz18LWjf25+06lSp0q9/jDl6Xa/P8xvl0Xa61TdLKVPyiKvitTpVcXg3P5+2T84GKW8t7d29WBQVFXKe6PULUZp2E/DwSjlX+edXsqyLK1djcXyLOfdfbCzk7dn0AxzZDBo58fP7up/dnYfNNIQANCop5n/l2c//5+OKE8//y8t+vz/LMz/i+B4/l95/PyeZ/4HAAAAAAAAAAAAAIDL4GFdt+q6bp2uF/+a7o/Z8v4vtjNf3Hspovzx7u7d3fE63m/vRyfKKGIjWvEoop4Y1zc+3L6+kU6sx9qd++P88frC+fxmtGJ9en4zpVTfT+l8/sWTX7SY5LeiFa9Mz2+NX/9CfiXeeftMPotW/PFV9KOMvTjOPsl/v5nSBx9vX8ivnvwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIshSxNT7+/Psv/bH+cn9+tvRCseTb+ff2Pq/fxX4vUrzZ4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE5Vo3vdvCyLwRwV9WPz0s/si4i5aEOhmBRNfzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8/fk0u+mOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBJ1eheNy/LYjDDoukzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXCb/BgAA///PbSt7")

3m49.233460844s ago: executing program 4 (id=2374):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2000c000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x31, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_emit_vhci(0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
setsockopt$sock_linger(r5, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8)

3m48.00576798s ago: executing program 4 (id=2376):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x800, &(0x7f0000001a80)={[{@dioread_nolock}]}, 0xff, 0x49b, &(0x7f0000001040)="$eJzs3MtvVNUfAPDvnbY8fjzaHyIKglbQSHy0tKCycKFGExeamOgCl7UtiAzU0JoIabQYg0tD4t64NPEvcOfGqAtj4lYTl4aEaGNCcTXmvugwnSltaTvS+XyS6ZxzH3PO9957Zs69p/cG0LH60z9JxPaI+DUievPsrQv0529zs9OjN2anR5Oo1d74M8mWuz47PVouWq63rcgcrkRUPkni+WRhuZMXLp4ZqVbHzxf5wamz7w1OXrj41OmzI6fGT42fGz5+/NjRoWefGX56VeJM47q+78OJ/XtfeevKa6Mnrrz9w9dptfYcyOfXx3FbN5oE1ER/utX+qmUa5z26jLrfDXbUpZPuNlaEZemKiHR39WTtvze6Yn7n9cbLH7dec/P6VBBYM+lv0yIteaYGbGBJtLsGQHuUP/Tp+W/5Wqeux3/CtRciNhXpudnp0bmb8XdHpZjes4bl90fEiZl/vkhfsdzrEAAAK5D1bZ5s1v+rxJ7sPR/r2FmMofRFxP8jYldE3BMRuyPi3ohs2fsi4v585VrvEsvvb8gv7P9Urjat8ypJ+3/P1fX95uriL976uorcjiz+nuTk6er4kWKbHI6ezWl+aJEyvn3pl89azavv/6WvtPyyL1hU4Gp3wwW6sZGpkdXaCNcuRezrbhZ/cnMkID0C9kbEvuV99M4ycfrxr/a3Wuj28S9iFcaZal9GPJbv/5loiL+ULD4+ObglquNHBsujYqEff778eqvy7yj+VXDt4AN5Yn7/NyzR+3eSj9f2RLU6fn5y+WVc/u3Tluc0Kz3+NyVvZmPWP72TT/tgZGrq/FDEpuTVLF+e02XTh+fXLfPl8unxf/hQ8/a/q1gnjT/dSulBfCAiHoyIh4q6PxwRByPi0CLxf//iI+8uEn8SSbRv/1+KGGv6/Xfz+O9L6sfrV5DoOvPdN61GzOv3fy1ptf+PxUz2XZvLvv9uY6kVvMPNBwAAAHeFSkRsj6QykKf7t0elMjCQ/w//7vhfpToxOfXEyYn3z43l9wj0RU+lvNLVW3c9dCiZKT4xzw8X14rL+UeL68afd23N8gOjE9WxNscOnW7bre0/yvaf+qOr3bUD1pz7taBzNbb/SpvqAay/pfz+OxeAjenW9r8l/bO1XXUB1pfzf+hczdr/Rw15/X/YmBY+AOj3Jo+sAzYi/X/oXNo/dC7tHzpSfif8lVjJff0rT5Q3C6z8c7Ys+Q7/TkmUT7xYy7K2xvyUqLQ95A5KpC1mfQudf4YKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3ezfAAAA//+5XeWQ")
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
r2 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
write$P9_RREAD(r2, 0x0, 0xb)
write$UHID_INPUT(r1, &(0x7f00000030c0)={0x765, {"a2e3ad21ed0d09f91b48090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f390068090890e0878f0e1ac6e7049b074a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000095802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d02adba8af1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860020c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0230e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fafe72a223a8435ec7747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d480bc6901466f4efce0500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f0000000078fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1bb5a7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a32a032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085000049bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463188e2f87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c100500ea6283994a7dde4dcb61fea6b651fb1d62458d0741a1287f19032131717515afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722800000000000000096ec664b7293ffff00009af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13b41c0e77daadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96fc9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x472)

3m46.038397959s ago: executing program 4 (id=2381):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000)
sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000000340)=ANY=[], 0x2b08}}, 0x4004006)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x304}, "2697312e4e898ca7", "35e23ca3a988def7dfbd438c536346cd", "11398f4a", "50cc97386065eda9"}, 0x28)
recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x2002}, {{0x0, 0xffbb, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/94, 0x5e}], 0x1}, 0x4}], 0x2, 0x40000002, 0x0)

3m43.450745539s ago: executing program 4 (id=2388):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_pid(r0, &(0x7f00000006c0), 0x12)
syz_open_dev$dri(0x0, 0x1, 0x11f102)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000280)={&(0x7f0000000240)})
socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0x40041)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r5, 0x1)
ppoll(&(0x7f0000000100)=[{r5}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
splice(r5, 0x0, r5, &(0x7f00000002c0)=0x2a31, 0x400000000004, 0xb)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x18, 0x30, 0x10b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

3m42.658336675s ago: executing program 36 (id=2388):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_pid(r0, &(0x7f00000006c0), 0x12)
syz_open_dev$dri(0x0, 0x1, 0x11f102)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000280)={&(0x7f0000000240)})
socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0x40041)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r5, 0x1)
ppoll(&(0x7f0000000100)=[{r5}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
splice(r5, 0x0, r5, &(0x7f00000002c0)=0x2a31, 0x400000000004, 0xb)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x18, 0x30, 0x10b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

14.312935238s ago: executing program 9 (id=2967):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x6})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
dup(r2)
close_range(r0, 0xffffffffffffffff, 0x0)

13.846854521s ago: executing program 9 (id=2969):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$pppoe(0x18, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x45c0d00c}}, 0x50)
r1 = fsopen(&(0x7f0000000180)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x6, 0x0, 0x0, 0x0)

12.468003459s ago: executing program 9 (id=2971):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000580)='/dev/comedi4\x00', 0x2840, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x10001, 0x0, 0x0, 0x0, 0xf6e4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x80000000, 0x0, 0x9, 0x0, 0x0, 0x10001, 0x2}, 0x0, 0x0)

11.356664362s ago: executing program 9 (id=2975):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2000c000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x31, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_emit_vhci(0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8)

7.117676196s ago: executing program 6 (id=2984):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000580)='/dev/comedi4\x00', 0x2840, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x10001, 0x0, 0x0, 0x0, 0xf6e4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x80000000, 0x0, 0x9, 0x0, 0x0, 0x10001, 0x2}, 0x0, 0x0)

6.182877634s ago: executing program 0 (id=2988):
syz_mount_image$xfs(&(0x7f0000009680), &(0x7f00000096c0)='./file0\x00', 0x0, &(0x7f0000009700), 0x1, 0x965c, &(0x7f0000009740)="$eJzs/Qe4HXWheH+fkEIPXQGJIEV670Wl99679CZNQKVXUQSUZsFCVaSpIAIKIiKoCIIUsaKCCErvvb5PSCIxLrh6//f3cr1rrec52WfPnpn9Pd/P7JmT6MNsuvIGyw8MTDAwqpkGxu2Mk46aa+kDVrrutD0emfj6RQ+7d/TiyUc9jBj9dMSg0Y/jDQwMjDd6P6OXDd/70svGGxjy+vI3mnjCiQZNOjCw0Oiny45+XHzUwxTbjlnvtXEad6Cj3uTwkd8dO+rr9SYb+RYjv9l2t2tGLpt8rO1HbnLNP/2g0jZdbpWV37D6u9tIq6Gjvx/7a9iorym2GBiYYtMBPj7GXnfQ2/AjjXzPZfc//Zqr3ob3/o9r0+VWWW0c/5GfxcGjly0+8jM+7mfQ2LjH+XMnX3XS6CkcNHrOhozzWfmPaNPlVl5z4M3P8wOTHr/14NdGnTfHHxh1oZhwYGBgotHn10nebpf6/9Zyyy+8/Mjz/Zjno9nHHMvL0nEx2yo3HTHy0Bh1nhh+3phrQVVVVf1ntNzyC68A1/8J3ur6v+T5B1zf9b+qquo/t9WWW37hkdf6ca7/k7zV9f+A29fYetS//S+7+KitXn17f4iqqqr6t1p5Nbz+T/5W1/9ljlvrxK7/VVVV/7mtv9br1/9Jxrn+T/1W1/9ZHtrzstHrjfm94ZWxdjlorP894aWxlg8ea/mLYy0fOtZ+xl5/2FjLnx9r+fgjX4P1Jx8YGL736OUvv7F4+OEDAwMzjV7+wljLz3zj/6czYshYy88aa/mwsZafPXqsI5ePP9byc8daf4K3mOqqqqr/Na2/8MorDIz1/7MfvXjaMa/T9f/gK26e/u0ab1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV1X9irz5y5dVv3PP90IGx7l3993tYj/7vAg66+Jpbb33bBvq/o0H//N9DPPztHtP/10Y6T3DBTAMDe270dg+l3ob+Y+5VX/9Pyt9d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v8xb3J/f+XHfO41d27bjV61SWXv3boPW9sOWJg19HfnXHSUXPt+jaM/W3o/+r9/wd2HTQwMNp38pGWay+3/oZzDAwM3DP02uUXG/j7a0uMfG3pKQcPDH590zle/3PoiDfZ81KjHkYeTANT/30fF7++/9VeO2vwoHEGMVZTXH7OObts+twi4z7O/uY/x3hjvnnxzoMeee211177h4Wjm+BNNh6z/zE/y7jOo8c+x8ixz7/fHnvPv+8BB8676x7b7rzjzjvuudAiiy2+2EJLLLnwovPvtOvuOy4w6s83mbOZXv9z8L8yZ5OMO2ePLDf2nI37s73ZnM301nP2+h4nuHH+ecfM2ZB/c84Gv/WczbTr6DcaMTB0YJvXp2bQwMCIIUMH9h/5ZMHxBwZGDB297rQj111myvEGBk584wcd+d34fz8GBx0+cp1NV95g+TdG9s8/4T9/Tl9v8lEPYyZ/xOg3GTHeqCHONPDGoTh870svG2/kXPzDNE884USDJh0YWGj002VHPy456mGySces99o4jTvQUW8y8twx6NhRX6N2MPItRn7z7FT3zzpyvONs//+i/9b1/5+8lhj094kaNPpr9DqjvJZbZbU33uv1aRg5d4NHL1t8pMm4c/Y/2T+Nd6YhYw4GHO/Kqy2/8MjF48z/mE3w+Dr2oDlvGHVsLbv4qK1e/W+j0HgneYvxrrYcjneStxrvLTPPP/6oXf2PjXecc92ao178V851A299rhtM2+9484hxz3VrvPkQ/+FzPGaOxh9npTc7100+49WHjdz/wFuf69YcOfah/3CuG29gYMTgMee6kSe+YUMHThz5ZKGRT8YfOnDeyCcLv/5kwoFrRj6Zb/u9dt9h5IIJxszJAiP3u+yUg153n2PeE8597ZTXXhsyeixnDv/HsY4+PmYa+3q+3JSjJnPMtmP2O3LVMftddppRrw0bvd+z/o39jtmWxrvqpKNeG3/0fs8eZ79D32K/Y7b9p8/DHIP+fuJ6k/PNyuOcb0b/jjvm7f7ha9iorym2GBiYYlPyHWfd//KcSZ/fCd5ivMstv/AKI8c3zuf374cjfX6HbrfIIQMDA5OO+ngMP2/M2P/NBr3ZeIe89XiXh/EOeavxTnf8EUv/D4x3YKzx/sNxtsSIUcfKBKOPs3P/jeN3zLbjnseGvv7qqNP+BP/KeWymfzqPHTF4vHEme6ze7He2HWD9Ud9P+/e9PTp8rQfHzP3Qcfb7X/3ONtbPMgjOY5OP8/e5QXfcPTCI5nyBcwZt9+p/MedDB/7x7xZj5nzMtm815+P/K3M+w1vP+b/6e/Ics4x6feg44x97zrdZdO+5x8z5sHH2+1/N+fhvfe345zlfdmAozfm6R4+at7c6n77ZnI/Zdsycv+4/5ZCBlQYGBmYdPefD/pU5n/Z/5jifCNYf9f2Of190zAaPzTNmzsed4/9qzof9u3M+09+P81lff23m8QaGDRvYf9v99ttnwVF/jnm60Kg/+Vx03pGj5vmtrqVvZjRm27f6XAz5V4wm/5eMBv1XRtMPeTOjNz5aW9/19IH/3XPRkH/XaIDPRbdeNGre3ur3ojeb8zHb0nVw6rG2H/fvoeuv9frv3ZOMcx0cswleB29fa7btx+xy9GavjDPMMdfVl8ZaPnis5S+OtXzoWPsZe/1hYy1/fqzlI3+EYWOtP4Z18pF/5x29/OU3Vh8+8i+pM41e/sJYy898Y9sRY/2TwfCzxlo+1ily+NlvHBojxvq1e/i5Y63/ZofKmzbm3yR3HfckX/9q/fu/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5i3uT+/8fPvpx2fO33Xr70beTG3rf8cNPfbvH+zb3f/r+/6N9/+H+/6cOP/6+8Qb+/tpb3p991Dr/K+/Pvviohym2HbPeuPcHH3ego97kze/PvvMtV+/x/6f7s/+3GvNZ/Rfui9f5313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/uTe7/f83ox8NPnPLSYaNvhD502lunePHtHu/b3P/p+/+P9v2H+/+/OMWt04438PfX3vL+/6PWcdz//9gzph/+v/n+/2M+q93/v/6L8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/cXz//0GjHweuWWXYJbeNfBz5/MJ9Xj7n7R7v29z/1fv/T3DBTAMDe270dg+l3oY6/7vL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zFjb7//8Co+/+PadCyHRcY3P//P7s38V8uf8ziv3z+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxXyR+z+K+aP2bxXy1/zOK/ev6YxX+N/DGL/5r5Yxb/tfLHLP5r549Z/NfJH7P4r5s/ZvFfL3/M4r9+/pjFf4P8MYv/hvljFv+N8scs/hvnj1n8N8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfw/mD9m8d8mf8ziv23+mMV/u/wxi//2+WMW/x3yxyz+O+aPWfx3yh+z+O+cP2bx3yV/zOK/a/6YxX+3/DGL/4fyxyz+u+ePWfz3yB+z+O+ZP2bx3yt/zOK/d/6Yxf/D+WMW/33yxyz+++aPWfz3yx+z+H8kf8zi/9H8MYv/x/LHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zi//H8MYv/0fljFv9P5I9Z/D+ZP2bxPyZ/zOL/qfwxi/+x+WMW/+Pyxyz+x+ePWfw/nT9m8f9M/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/Nn/M4v+5/DGL/+fzxyz+X8gfs/ifmj9m8f9i/pjF/0v5Yxb/L+ePWfy/kj9m8T8tf8zif3r+mMX/jPwxi/+Z+WMW/7Pyxyz+Z+ePWfy/mj9m8f9a/pjF/5z8MYv/1/PHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/xv5Yxb/b+aPWfy/lT9m8b8of8zif3H+mMX/2/ljFv9L8scs/t/JH7P4X5o/ZvG/LH/M4n95/pjF/7v5Yxb/7+WPWfyvyB+z+F+ZP2bx/37+mMX/qvwxi/8P8scs/lfnj1n8f5g/ZvG/Jn/M4v+j/DGL/7X5Yxb/6/LHLP4/zh+z+P8kf8zi/9P8MYv/9fljFv+f5Y9Z/G/IH7P435g/ZvH/ef6Yxf+m/DGL/835Yxb/X+SPWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf+X+WMW/zvyxyz+v8ofs/j/On/M4v+b/DGL/2/zxyz+v8sfs/j/Pn/M4n9n/pjF/w/5Yxb/P+aPWfz/lD9m8b8rf8zif3f+mMX/z/ljFv978scs/n/JH7P435s/ZvG/L3/M4v/X/DGL/9/yxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyT+r3+b/z9n8R+UP2bxHy9/zOI/OH/M4j8kf8ziPzR/zOI/LH/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/hPmj9m8R+eP2bxnyx/zOI/ef6YxX+K/DGL/5T5Yxb/qfLHLP5T549Z/KfJH7P4vyN/zOL/zvwxi/+0+WMW/+nyxyz+0+ePWfzflT9m8Z8hf8ziPyJ/zOL/7vwxi/+M+WMW/5nyxyz+78kfs/jPnD9m8Z8lf8ziP2v+mMV/tvwxi/9788cs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW//nyxyz+8+ePWfwXyB+z+C+YP2bxXyh/zOK/cP6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvFfKn/M4r90/pjFf5n8MYv/+/LHLP7vzx+z+H8gf8ziv2z+mMV/ufwxi//y+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxXyV/zOK/av6YxX+1/DGL/+r5Yxb/NfLHLP5r5o9Z/NfKH7P4r50/ZvFfJ3/M4r9u/pjFf738MYv/+vljFv8N8scs/hvmj1n8N8ofs/hvnD9m8d8kf8ziv2n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx/2D+mMV/m/wxi/+2+WMW/+3yxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOK/c/6YxX+X/DGL/675Yxb/3fLHLP4fyh+z+O+eP2bx3yN/zOK/Z/6YxX+v/DGL/975Yxb/D+ePWfz3yR+z+O+bP2bx3y9/zOL/kfwxi/9H88cs/h/LH7P4758/ZvE/IH/M4n9g/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//H88cs/kfnj1n8P5E/ZvH/ZP6Yxf+Y/DGL/6fyxyz+x+aPWfyPyx+z+B+fP2bx/3T+mMX/M/ljFv8T8scs/ifmj1n8T8ofs/ifnD9m8T8lf8zi/9n8MYv/5/LHLP6fzx+z+H8hf8zif2r+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/tPwxi//p+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bx/2r+mMX/a/ljFv9z8scs/l/PH7P4n5s/ZvE/L3/M4n9+/pjF/4L8MYv/hfljFv9v5I9Z/L+ZP2bx/1b+mMX/ovwxi//F+WMW/2/nj1n8L8kfs/h/J3/M4n9p/pjF/7L8MYv/5fljFv/v5o9Z/L+XP2bxvyJ/zOJ/Zf6Yxf/7+WMW/6vyxyz+P8gfs/hfnT9m8f9h/pjF/5r8MYv/j/LHLP7X5o9Z/K/LH7P4/zh/zOL/k/wxi/9P88cs/tfnj1n8f5Y/ZvG/IX/M4n9j/pjF/+f5Yxb/m/LHLP43549Z/H+RP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/X+aPWfzvyB+z+P8qf8zi/+v8MYv/b/LHLP6/zR+z+P8uf8zi//v8MYv/nfljFv8/5I9Z/P+YP2bx/1P+mMX/rvwxi//d+WMW/z/nj1n878kfs/j/JX/M4n9v/pjF/778MYv/X/PHLP5/yx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+T+A8eyB+z+A/KH7P4j5c/ZvEfnD9m8R+SP2bxH5o/ZvEflj9m8R8/f8ziP0H+mMV/wvwxi/9E+WMW/4nzxyz+k+SPWfwnzR+z+A/PH7P4T5Y/ZvGfPH/M4j9F/pjFf8r8MYv/VPljFv+p88cs/tPkj1n835E/ZvF/Z/6YxX/a/DGL/3T5Yxb/6fPHLP7vyh+z+M+QP2bxH5E/ZvF/d/6YxX/G/DGL/0z5Yxb/9+SPWfxnzh+z+M+SP2bxnzV/zOI/W/6Yxf+9+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/gvlT9m8V86f8ziv0z+mMX/ffljFv/3549Z/D+QP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjFf/X8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4fzB/zOK/Tf6YxX/b/DGL/3b5Yxb/7fPHLP475I9Z/HfMH7P475Q/ZvHfOX/M4r9L/pjFf9f8MYv/bvljFv8P5Y9Z/HfPH7P475E/ZvHfM3/M4r9X/pjFf+/8MYv/h/PHLP775I9Z/PfNH7P475c/ZvH/SP6Yxf+j+WMW/4/lj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/j+WMW/6Pzxyz+n8gfs/h/Mn/M4n9M/pjF/1P5Yxb/Y/PHLP7H5Y9Z/I/PH7P4fzp/zOL/mfwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+J+SP2bx/2z+mMX/c/ljFv/P549Z/L+QP2bxPzV/zOL/xfwxi/+X8scs/l/OH7P4fyV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4fzV/zOL/tfwxi/85+WMW/6/nj1n8z80fs/iflz9m8T8/f8zif0H+mMX/wvwxi/838scs/t/MH7P4fyt/zOJ/Uf6Yxf/i/DGL/7fzxyz+l+SPWfy/kz9m8b80f8zif1n+mMX/8vwxi/9388cs/t/LH7P4X5E/ZvG/Mn/M4v/9/DGL/1X5Yxb/H+SPWfyvzh+z+P8wf8zif03+mMX/R/ljFv9r88cs/tflj1n8f5w/ZvH/Sf6Yxf+n+WMW/+vzxyz+P8sfs/jfkD9m8b8xf8zi//P8MYv/TfljFv+b88cs/r/IH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/L/PHLP535I9Z/H+VP2bx/3X+mMX/N/ljFv/f5o9Z/H+XP2bx/33+mMX/zvwxi/8f8scs/n/MH7P4/yl/zOJ/V/6Yxf/u/DGL/5/zxyz+9+SPWfz/kj9m8b83f8zif1/+mMX/r/ljFv+/5Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9J/IcM5I9Z/Aflj1n8x8sfs/gPzh+z+A/JH7P4D80fs/gPyx+z+I+fP2bxnyB/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/Ifnj1n8J8sfs/hPnj9m8Z8if8ziP2X+mMV/qvwxi//U+WMW/2nyxyz+78gfs/i/M3/M4j9t/pjFf7r8MYv/9PljFv935Y9Z/GfIH7P4j8gfs/i/O3/M4j9j/pjFf6b8MYv/e/LHLP4z549Z/GfJH7P4z5o/ZvGfLX/M4v/e/DGL/+z5Yxb/OfLHLP5z5o9Z/OfKH7P4z50/ZvGfJ3/M4j9v/pjFf778MYv//PljFv8F8scs/gvmj1n8F8ofs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+S+aPWfyXyh+z+C+dP2bxXyZ/zOL/vvwxi//788cs/h/IH7P4L5s/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOK/fv6YxX+D/DGL/4b5Yxb/jfLHLP4b549Z/DfJH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv+t8scs/lvnj1n8P5g/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv8d8scs/jvmj1n8d8ofs/jvnD9m8d8lf8ziv2v+mMV/t/wxi/+H8scs/rvnj1n898gfs/jvmT9m8d8rf8ziv3f+mMX/w/ljFv998scs/vvmj1n898sfs/h/JH/M4v/R/DGL/8fyxyz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4v/x/DGL/9H5Yxb/T+SPWfw/mT9m8T8mf8zi/6n8MYv/sfljFv/j8scs/sfnj1n8P50/ZvH/TP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4fzZ/zOL/ufwxi//n88cs/l/IH7P4n5o/ZvH/Yv6Yxf9L+WMW/y/nj1n8v5I/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8v5o/ZvH/Wv6Yxf+c/DGL/9fzxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf8b+WMW/2/mj1n8v5U/ZvG/KH/M4n9x/pjF/9v5Yxb/S/LHLP7fyR+z+F+aP2bxvyx/zOJ/ef6Yxf+7+WMW/+/lj1n8r8gfs/hfmT9m8f9+/pjF/6r8MYv/D/LHLP5X549Z/H+YP2bxvyZ/zOL/o/wxi/+1+WMW/+vyxyz+P84fs/j/JH/M4v/T/DGL//X5Yxb/n+WPWfxvyB+z+N+YP2bx/3n+mMX/pvwxi//N+WMW/1/kj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/l/ljFv878scs/r/KH7P4/zp/zOL/m/wxi/9v88cs/r/LH7P4/z5/zOJ/Z/6Yxf8P+WMW/z/mj1n8/5Q/ZvG/K3/M4n93/pjF/8/5Yxb/e/LHLP5/yR+z+N+bP2bxvy9/zOL/1/wxi//f8scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8sck/kMH8scs/oPyxyz+4+WPWfwH549Z/Ifkj1n8h+aPWfyH5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv9J88cs/sPzxyz+k+WPWfwnzx+z+E+RP2bxnzJ/zOI/Vf6YxX/q/DGL/zT5Yxb/d+SPWfzfmT9m8Z82f8ziP13+mMV/+vwxi/+78scs/jPkj1n8R+SPWfzfnT9m8Z8xf8ziP1P+mMX/PfljFv+Z88cs/rPkj1n8Z80fs/jPlj9m8X9v/pjFf/b8MYv/HPljFv8588cs/nPlj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/8C+WMW/wXzxyz+C+WPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/JfPHLP5L5Y9Z/JfOH7P4L5M/ZvF/X/6Yxf/9+WMW/w/kj1n8l80fs/gvlz9m8V8+f8ziv0L+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvFfP3/M4r9B/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8N80fs/hvlj9m8d88f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+H8wfs/hvkz9m8d82f8ziv13+mMV/+/wxi/8O+WMW/x3zxyz+O+WPWfx3zh+z+O+SP2bx3zV/zOK/W/6Yxf9D+WMW/93zxyz+e+SPWfz3zB+z+O+VP2bx3zt/zOL/4fwxi/8++WMW/33zxyz+++WPWfw/kj9m8f9o/pjF/2P5Yxb//fPHLP4H5I9Z/A/MH7P4H5Q/ZvE/OH/M4n9I/pjF/9D8MYv/YfljFv/D88cs/kfkj1n8j8wfs/gflT9m8f94/pjF/+j8MYv/J/LHLP6fzB+z+B+TP2bx/1T+mMX/2Pwxi/9x+WMW/+Pzxyz+n84fs/h/Jn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8T80fs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+X80fs/h/LX/M4n9O/pjF/+v5Yxb/c/PHLP7n5Y9Z/M/PH7P4X5A/ZvG/MH/M4v+N/DGL/zfzxyz+38ofs/hflD9m8b84f8zi/+38MYv/JfljFv/v5I9Z/C/NH7P4X5Y/ZvG/PH/M4v/d/DGL//fyxyz+V+SPWfyvzB+z+H8/f8zif1X+mMX/B/ljFv+r88cs/j/MH7P4X5M/ZvH/Uf6Yxf/a/DGL/3X5Yxb/H+ePWfx/kj9m8f9p/pjF//r8MYv/z/LHLP435I9Z/G/MH7P4/zx/zOJ/U/6Yxf/m/DGL/y/yxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOL/y/wxi/8d+WMW/1/lj1n8f50/ZvH/Tf6Yxf+3+WMW/9/lj1n8f58/ZvG/M3/M4v+H/DGL/x/zxyz+f8ofs/jflT9m8b87f8zi/+f8MYv/PfljFv+/5I9Z/O/NH7P435c/ZvH/a/6Yxf9v+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMS/2ED+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ//gD+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ/wQD+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ/4QD+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ/0QD+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ/8QD+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ/yQD+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ/6QD+WMW/0H5Yxb/8fLHLP6D88cs/kPyxyz+Q/PHLP7D8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/+H5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/O/LHLP7vzB+z+E+bP2bxny5/zOI/ff6Yxf9d+WMW/xnyxyz+I/LHLP7vzh+z+M+YP2bxnyl/zOL/nvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+L83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/i/L3/M4v/+/DGL/wfyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/D+aPWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+h/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/775Yxb//fLHLP4fyR+z+H80f8zi/7H8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+H88f8zif3T+mMX/E/ljFv9P5o9Z/I/JH7P4fyp/zOJ/bP6Yxf+4/DGL//H5Yxb/T+ePWfw/kz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+p+aPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/r+aPWfy/lj9m8T8nf8zi//X8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8f9G/pjF/5v5Yxb/b+WPWfwvyh+z+F+cP2bx/3b+mMX/kvwxi/938scs/pfmj1n8L8sfs/hfnj9m8f9u/pjF/3v5Yxb/K/LHLP5X5o9Z/L+fP2bxvyp/zOL/g/wxi//V+WMW/x/mj1n8r8kfs/j/KH/M4n9t/pjF/7r8MYv/j/PHLP4/yR+z+P80f8zif33+mMX/Z/ljFv8b8scs/jfmj1n8f54/ZvG/KX/M4n9z/pjF/xf5Yxb/W/LHLP635o9Z/G/LH7P4354/ZvH/Zf6Yxf+O/DGL/6/yxyz+v84fs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/jfmT9m8f9D/pjF/4/5Yxb/P+WPWfzvyh+z+N+dP2bx/3P+mMX/nvwxi/9f8scs/vfmj1n878sfs/j/NX/M4v+3/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGJ//CB/DGL/6D8MYv/ePljFv/B+WMW/yH5Yxb/ofljFv9h+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6YxX/S/DGL//D8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8Z86f8ziP03+mMX/HfljFv935o9Z/KfNH7P4T5c/ZvGfPn/M4v+u/DGL/wz5Yxb/EfljFv93549Z/GfMH7P4z5Q/ZvF/T/6YxX/m/DGL/yz5Yxb/WfPHLP6z5Y9Z/N+bP2bxnz1/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/9S+WMW/6Xzxyz+y+SPWfzflz9m8X9//pjF/wP5Yxb/ZfPHLP7L5Y9Z/JfPH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv9V88cs/qvlj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+G+QP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/B/PHLP7b5I9Z/LfNH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/TvljFv+d88cs/rvkj1n8d80fs/jvlj9m8f9Q/pjFf/f8MYv/HvljFv8988cs/nvlj1n8984fs/h/OH/M4r9P/pjFf9/8MYv/fvljFv+P5I9Z/D+aP2bx/1j+mMV///wxi/8B+WMW/wPzxyz+B+WPWfwPzh+z+B+SP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/D+eP2bxPzp/zOL/ifwxi/8n88cs/sfkj1n8P5U/ZvE/Nn/M4n9c/pjF//j8MYv/p/PHLP6fyR+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/z+aPWfw/lz9m8f98/pjF/wv5Yxb/U/PHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/V/PHLP5fyx+z+J+TP2bx/3r+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+H8jf8zi/838MYv/t/LHLP4X5Y9Z/C/OH7P4fzt/zOJ/Sf6Yxf87+WMW/0vzxyz+l+WPWfwvzx+z+H83f8zi/738MYv/FfljFv8r88cs/t/PH7P4X5U/ZvH/Qf6Yxf/q/DGL/w/zxyz+1+SPWfx/lD9m8b82f8zif13+mMX/x/ljFv+f5I9Z/H+aP2bxvz5/zOL/s/wxi/8N+WMW/xvzxyz+P88fs/jflD9m8b85f8zi/4v8MYv/LfljFv9b88cs/rflj1n8b88fs/j/Mn/M4n9H/pjF/1f5Yxb/X+ePWfx/kz9m8f9t/pjF/3f5Yxb/3+ePWfzvzB+z+P8hf8zi/8f8MYv/n/LHLP535Y9Z/O/OH7P4/zl/zOJ/T/6Yxf8v+WMW/3vzxyz+9+WPWfz/mj9m8f9b/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHLP4v5Y9Z/F/OH7P4v5I/ZvF/NX/M4v9a/pjEf7KB/DGL/6D8MYv/ePljFv/B+WMW/yH5Yxb/ofljFv9h+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6YxX/S/DGL//D8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8Z86f8ziP03+mMX/HfljFv935o9Z/KfNH7P4T5c/ZvGfPn/M4v+u/DGL/wz5Yxb/EfljFv93549Z/GfMH7P4z5Q/ZvF/T/6YxX/m/DGL/yz5Yxb/WfPHLP6z5Y9Z/N+bP2bxnz1/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/9S+WMW/6Xzxyz+y+SPWfzflz9m8X9//pjF/wP5Yxb/ZfPHLP7L5Y9Z/JfPH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv9V88cs/qvlj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+G+QP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/s/8cePRgKYgBQAKuNX9u2rUlq27Zt27Zt27bbs60F3gT3khXS8r+z/6jlfxf/Ucv/rv6jlv/d/Ect/7v7j1r+9/Aftfzv6T9q+d/Lf9Tyv7f/qOV/H/9Ry/++/qOW//38Ry3/+/uPWv4P8B+1/B/oP2r5P8h/1PJ/sP+o5f8Q/1HL/6H+o5b/w/xHLf+H+49a/o/wH7X8H+k/avk/yn/U8n+0/6jl/xj/Ucv/sf6jlv/j/Ect/8f7j1r+T/Aftfyf6D9q+T/Jf9Tyf7L/qOX/FP9Ry/+p/qOW/9P8Ry3/p/uPWv7P8B+1/J/pP2r5P8t/1PJ/tv+o5f8c/1HL/7n+o5b/8/xHLf/n+49a/i/wH7X8X+g/avm/yH/U8n+x/6jl/xL/Ucv/pf6jlv/L/Ect/5f7j1r+r/Aftfxf6T9q+b/Kf9Tyf7X/qOX/Gv9Ry/+1/qOW/+v8Ry3/1/uPWv5v8B+1/N/oP2r5v8l/1PJ/s/+o5f8W/1HL/63+o5b/2/xHLf+3+49a/u/wH7X83+k/avm/y3/U8n+3/6jl/x7/Ucv/vf6jlv/7/Ect//f7j1r+H/Aftfw/6D9q+X/If9Ty/7D/qOX/Ef9Ry/+j/qOW/8f8Ry3/j/uPWv6f8B+1/D/pP2r5f8p/1PL/tP+o5f8Z/1HL/7P+o5b/5/xHLf/P+49a/l/wH7X8v+g/avl/yX/U8v+y/6jl/xX/Ucv/q/6jlv/X/Ect/6/7j1r+3/Aftfy/6T9q+X/Lf9Ty/7b/qOX/Hf9Ry/+7/qOW//f8Ry3/7/uPWv4/8B+1/H/oP2r5/8h/1PL/sf+o5f8T/1HL/6f+o5b/z/xHLf+f+49a/r/wH7X8f+k/avn/yn/U8v+1/6jl/xv/Ucv/t/6jlv/v/Ect/9/7j1r+f/Aftfz/6D9q+f/Jf9Ty/7P/qOX/F/9Ry/+v/qOW/9/8Ry3/v/uPWv7/8B+1/P/pP2r5/8t/1PL/t/+o5f8f/1HL/7/+o5b///xHLf//+49a/gf5j1r+B/uPWv6H+I9a/of6j1r+h/mPWv6H+49a/kf4j1r+R/qPWv5H+Y9a/kf7j1r+x/iPWv7H+o9a/sf5j1r+x/uPWv4n+I9a/if6j1r+J/mPWv4n+49a/qf4j1r+p/qPWv6n+Y9a/qf7j0r+B2bxH7X8z+o/avmfzX/U8j+7/6jlfw7/Ucv/nP6jlv+5/Ect/3P7j1r+5/EftfzP6z9q+Z/Pf9TyP7//qOV/Af9Ry/+C/qOW/4X8Ry3/C/uPWv4H/Ect/4v4j1r+F/Uftfwv5j9q+V/cf9Tyv4T/qOV/Sf9Ry/9S/qOW/6X9Ry3/y/iPWv6X9R+1/C/nP2r5X95/1PK/gv+o5X9F/1HL/0r+o5b/lf1HLf+r+I9a/lf1H7X8r+Y/avlf3X/U8r+G/6jlf03/Ucv/Wv6jlv+1/Uct/+v4j1r+1/Uftfyv5z9q+V/ff9Tyv4H/qOV/Q/9Ry/9G/qOW/439Ry3/m/iPWv439R+1/G/mP2r539x/1PK/hf+o5X9L/1HL/1b+o5b/rf1HLf/b+I9a/rf1H7X8b+c/avnf3n/U8r+D/6jlf0f/Ucv/Tv6jme4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGawc/8xXtcFHMc/d3B3CAUiRki9gaACwePkjl+CilY0z8ZZYevXJJicAh2peDNAFpRa1NzSyZa1SP2DtFZrbMZaTcpsi9mKmvbDuQUl/Rjr1IpskXXuC9/veff1uPl9n+83f/B4/HH3/XyO1+eA7Xmfz3f+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC1095xec+IugGnRvQ/CD/vPPF5/r8/tG7Pnn3jK5/LX37PIJes73/Q29vbu23CL24pHzYVRVH6bpeVj0dVj0vX375/6tnl717cd/dts5duWf7Y7o09Y366YPuRhhNnG4rV163v6rywvijCiIZic+lgXl1RhMaG4q7SQWvpoKmheKh00Hbi4KziR6WDudfe0LW2dOIV3xrOOO0dO4oRA4otBvw06N//9v2XvrfyeYhLVq42sij3f8X3n2iq+lrFKfqvXD/UVfdf8x8QOKXa+l/xfOXzEJd8xf2/9W8fOzzY107df+X6oV7/kM4gz/8DGq1+7q96/p82yCX79s0tj48q9b9k8X0byqdGvprn/5evH0ZU918/4Pm/9Bw/svL831QUoWGYfx1wRmnv+HTPUPf/ofsfOblqU9e//63HDq0q9d+84ZPPlU811Nj/yCHu/3VPVv1egdq0dzzQW3X/r6H/YuYgl+zrv+fWp4+X+v/T/mfO7/e1WvpvqO6/pXvjjS03b9navH7jmus7r+/8ROv8hYsWti6+qG1By4lHgpMfh/m3AmeG4d3/i9FVm7qi6OzbX/Dcyp2l/qevX/nZ8qlRNfbfOOT9f5r7Pwxqen3R2FhsXtPdvWneyY+Vw9aTH0/+skH6r+H9/4xZ5V9Wed9dVxST+vZzblywutT/g8c+93j5VGON/TcN2f9lhff7MAzDvP+vrdoM6P/oirHPlvr/0sOzusunan3/P2rI/g+7/8NwtHdU/Qs/r7FS/5eM3f33uHU4yz//g3Ry9D/++J1Xxa3DaP1DOjn6/8jtM5+KW4cx+od0cvT/vbXvXBi3Dq/TP6STo/9/Tv7r/XHr8Hr9Qzo5+j/07H+mxK3DWP1DOjn633XX+3fGrcM4/UM6Ofqfse3IHXHrcLb+IZ0c/a+rv2pC3DqM1z+kk6P/d72w6ttx63CO/iGdHP2P2/mvpXHrMEH/kE6O/nvW3f1k3Dqcq39IJ0f/X5+45B1x6/AG/UM6Ofr/wh/nvBi3DhP1D+nk6P/Rr+7YELcOb9Q/pJOj/x9+YOxg/5+wVyFM0j+kk6P/Y3P27I1bh/P0D+nk6P93hx4eF7cOk/UP6eTo/54Hpn45bh3epH9IJ0f/N11+6y1x6/Bm/UM6OfpfsuyXh+PWIegf0snR/8SfPboqbh2m6B/SydH/Nd/dcCBuHabqH9LJ0f/mc761PG4dpukf0snRf1tX0xNx6/AW/UM6Ofqfeu/EjXHrMF3/kE6O/q/+8yP/jVuHGfqHdHL0v6/xqXPj1uGt+od0cvT/v82bPhO3Dm/TP6STo/9f3XntxXHr8Hb9Qzo5+v/KPw58M24dZuof0snR/5Gl7/5L3DrM0j+kk6P/7yzvuSluHc7XP6STo//b9r54MG4dZusf0snR/4GDH/xw3DrM0T+kk6P/2S1t++LW4QL9Qzo5+l/zvnunxa1Ds/4hnRz9r9jz+a/FrcNc/UM6OfpvfHr6qLh1aNE/pJOj/72LdjXErcOF+od0cvR/vH3ZPXHrME//kE6O/n/zyNzmuHVo1T+kk6P/3Y/d8YO4dWjTP6STo//tM/5wddw6zNc/pJOj//nXXPnjuHVYoH9IJ0f/k77x0W1x67BQ/5BOjv5X/vb5o3HrsEj/kE6O/punfOrBuHVYrH9IJ0f/163+9by4dbhI/5BOjv6v3PWTL8atwxL9Qzo5+q87esN5ceuwVP+QTo7+nxk95oW4dbhY/5BOjv4f6r5/ddw6XKJ/SCdH/7fv2Pv7uHW4VP+QTo7+D/5/8hVx67BM/5DOzVu2fnxNV1fnJi+88MKLvhen+ycTkNrL0Z/u3wkAAAAAAAAAAAAAAHAqOf5zotP9ZwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgJXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwckAAAAAIL+v25HoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FQAAAD//0x8Hu0=")
unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@volatile}], [], 0x2c})

5.97379936s ago: executing program 6 (id=2989):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)

5.642354894s ago: executing program 9 (id=2990):
gettid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @desc4}, &(0x7f00000004c0)={0x0, "c5d780182e66bc270346153dc5df98b9facaa06ff61e908715355f6b0aa7ce6d717aa7b6ec05f1205ba475193673b3f7774a3bed4b1b0d14350e1a7b40d24d47", 0x23}, 0x48, r4)
keyctl$unlink(0x9, r5, r4)

4.772094625s ago: executing program 6 (id=2991):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$pppoe(0x18, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x45c0d00c}}, 0x50)
r1 = fsopen(&(0x7f0000000180)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x6, 0x0, 0x0, 0x0)

3.595516644s ago: executing program 6 (id=2992):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x9, &(0x7f0000000000)={0x0, 0xfffffffffffffffe})
io_setup(0x2004, &(0x7f0000000680))

2.598944097s ago: executing program 0 (id=2993):
syz_emit_ethernet(0x56, &(0x7f0000000100)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @local, {[@timestamp_addr={0x44, 0x14, 0xa, 0x1, 0x0, [{@broadcast, 0xffffaa7e}, {@local, 0x8001}]}, @generic={0x7, 0xc, "0990ec742f779f8fa6a3"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

2.372278704s ago: executing program 0 (id=2994):
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x2, 0xfffffffc}}, 0x30)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000000100)='./file0\x00')
utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)

2.068783746s ago: executing program 0 (id=2995):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x47ff, 0x14c, 0x0, 0xffffffff}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0)
syz_pidfd_open(0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
io_setup(0x1fd, &(0x7f0000000480))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})

1.740576552s ago: executing program 6 (id=2996):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x111, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f00000000c0)={0x13, 0x10, 0x8, {0x0, r2, 0x300}}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[])
chdir(&(0x7f0000000300)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000500), &(0x7f0000000540)=0x8)
mkdir(0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000180)='rpc_pipefs\x00', 0x230044, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x20000002)
getsockname$packet(r3, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000640)={'#! ', './file0', [{0x20, 'rp\xee\xff\xe4'}, {0x20, '\x12~\x85\xecZ@\xb5\x18\xec\x182\xc9L\xdc\xb2\x81\xdam\xa8\xc5{\x92\x14\xce\xf2\xb8\xf7\xa9\xa7\x00X \x93t\x91!%\xff\x13\xdc\aIY\x0e\xb4zh\\\x06\r\xe8^Z\x81\xb8$:P\x83\x98_\xa1\x98\xd6\xd2g-\xefr\x14<\xd1\xb84\x94\xa09\x9f\x12I\xed\xd5dT#f\xb4\xf3\x88\xcf\xde\x00\xd4\x81WN\xca\xb5c\xbf\r\xb0Q\xa9\xbaC\xd2\xa2\x1d~\xc5D(\x92A\x12f\x83fn\xd0\xb6\x02\x116t:|\x94\xc7\xac\xf6\xbc~m\xd6\xd1\xe5\xe0\xdd\xc2\x9cl#\x85\xab\xe7\xa9\xcb\"\xd2\x97\x10\xa5\xa8\xc1\x8d@U\a]Gi^\xd2\xdf\xb0\xa5!\x836\x92\xc9\x92\xe4'}], 0xa, "7bad65c4da5338577feb172ca63250224c76e2027f000000000000007e2ac7fe2e31a2e87e3ee43ed92dfbb6bc0700de24db4ec870b8000000000000002c65e7495fe9afeb28bb"}, 0x108)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

650.939136ms ago: executing program 0 (id=2997):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, 0x0, &(0x7f00000001c0))
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, 0x0, 0x0)

452.288679ms ago: executing program 6 (id=2998):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000580)='/dev/comedi4\x00', 0x2840, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x10001, 0x0, 0x0, 0x0, 0xf6e4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x80000000, 0x0, 0x9, 0x0, 0x0, 0x10001, 0x2}, 0x0, 0x0)

374.249484ms ago: executing program 0 (id=2999):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2000c000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x31, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_emit_vhci(0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8)

0s ago: executing program 9 (id=3000):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x149102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb3", 0x43}, {&(0x7f00000003c0)}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40801)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/81, 0x51}, {&(0x7f0000000200)=""/65, 0x41}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_EEE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x30000884}, 0x20000000)
syz_open_dev$vim2m(&(0x7f0000000040), 0x3ff, 0x2)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$BTRFS_IOC_START_SYNC(r4, 0x40946400, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
sendmmsg(r6, &(0x7f0000002000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x80)

kernel console output (not intermixed with test programs):

249 > 1
[ 1275.828856][T16446] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1275.837930][T16446] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1275.846987][T16446] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1275.856543][T16446] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1276.126877][ T5864] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1277.933556][ T5864] Bluetooth: hci6: command tx timeout
[ 1278.445332][T16007] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1278.888932][T16444] lo speed is unknown, defaulting to 1000
[ 1279.155037][T16007] 8021q: adding VLAN 0 to HW filter on device team0
[ 1279.529695][ T6080] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1279.536895][ T6080] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1279.838578][T15698] usb 7-1: new low-speed USB device number 19 using dummy_hcd
[ 1279.849365][ T6080] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1279.856529][ T6080] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1280.024960][ T5864] Bluetooth: hci6: command tx timeout
[ 1280.208066][T15698] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1280.258831][T15698] usb 7-1: config 0 has no interface number 0
[ 1280.265029][T15698] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1280.291215][T15698] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1280.319272][T15698] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1280.334859][T15698] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1280.385499][T15698] usb 7-1: config 0 descriptor??
[ 1280.431826][T16475] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1280.502115][T15698] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1280.637173][ T3446] bridge_slave_1: left allmulticast mode
[ 1280.683378][ T3446] bridge_slave_1: left promiscuous mode
[ 1280.719006][ T3446] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1280.767314][T15698] usb 7-1: USB disconnect, device number 19
[ 1280.773346][    C0] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[ 1280.808615][ T3446] bridge_slave_0: left allmulticast mode
[ 1280.814324][ T3446] bridge_slave_0: left promiscuous mode
[ 1280.881430][ T3446] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1281.409168][ T3446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1281.509078][ T3446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1281.618049][ T3446] bond0 (unregistering): Released all slaves
[ 1281.881375][T16502] netlink: 'syz.6.2300': attribute type 10 has an invalid length.
[ 1281.939391][T16502] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1282.012701][T16502] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1282.089116][ T5864] Bluetooth: hci6: command tx timeout
[ 1282.093103][T16007] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1282.355317][ T3446] hsr_slave_0: left promiscuous mode
[ 1282.453903][ T3446] hsr_slave_1: left promiscuous mode
[ 1282.582670][ T3446] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1282.893835][ T3446] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1283.457276][ T3446] team0 (unregistering): Port device team_slave_1 removed
[ 1283.555525][ T3446] team0 (unregistering): Port device team_slave_0 removed
[ 1283.945717][T16501] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1283.955704][T16501] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1283.967659][T16501] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1283.975445][T16501] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1284.001255][T16501] bond0: (slave batadv0): Releasing backup interface
[ 1284.082783][T16531] loop0: detected capacity change from 0 to 40427
[ 1284.109395][T16513] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1284.115727][T16531] F2FS-fs (loop0): invalid crc value
[ 1284.123433][T16517] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2303'.
[ 1284.135416][T16517] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2303'.
[ 1284.147127][T16517] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2303'.
[ 1284.160128][T16517] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2303'.
[ 1284.174344][ T5864] Bluetooth: hci6: command tx timeout
[ 1285.340824][T16531] F2FS-fs (loop0): Start checkpoint disabled!
[ 1285.393435][T16531] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[ 1285.398423][T16444] chnl_net:caif_netlink_parms(): no params data found
[ 1285.844408][T16554] Bluetooth: MGMT ver 1.23
[ 1288.008672][ T5864] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1288.914575][T16444] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1288.939178][T16444] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1289.105913][T16444] bridge_slave_0: entered allmulticast mode
[ 1289.190508][T16444] bridge_slave_0: entered promiscuous mode
[ 1289.748760][T16444] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1289.755940][T16444] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1289.792244][T16444] bridge_slave_1: entered allmulticast mode
[ 1289.854320][T16444] bridge_slave_1: entered promiscuous mode
[ 1289.914321][T16446] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1289.952940][T16446] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1289.961638][T16446] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1289.985461][T16446] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1290.013137][T16446] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1290.032010][T16444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1290.157301][T16596] loop0: detected capacity change from 0 to 2048
[ 1290.421119][T16602] loop6: detected capacity change from 0 to 16
[ 1292.442891][T16446] Bluetooth: hci2: command tx timeout
[ 1292.470718][T16602] erofs (device loop6): mounted with root inode @ nid 36.
[ 1293.448854][T16596] EXT4-fs warning (device loop0): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop0.
[ 1293.493074][T16444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1293.856351][T16611] binder_alloc: 16609: binder_alloc_buf, no vma
[ 1294.626994][T16446] Bluetooth: hci2: command tx timeout
[ 1294.965213][T16444] team0: Port device team_slave_0 added
[ 1294.997401][T16593] lo speed is unknown, defaulting to 1000
[ 1295.146355][T16619] loop9: detected capacity change from 0 to 2048
[ 1295.162933][T16444] team0: Port device team_slave_1 added
[ 1295.220327][T16619] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1296.428705][T11959] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1296.598389][T11959] usb 5-1: Using ep0 maxpacket: 8
[ 1296.623978][T11959] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1296.648653][T16446] Bluetooth: hci2: command tx timeout
[ 1296.668386][T11959] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1296.698200][T11959] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1296.711330][T16444] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1296.723280][T16444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1296.731308][T16613] loop0: detected capacity change from 0 to 32768
[ 1296.756622][T11959] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1296.756676][T11959] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1296.784253][T11959] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1296.793667][T16444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1296.866435][T16444] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1296.958467][T16444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1297.014593][T16617] loop6: detected capacity change from 0 to 32768
[ 1297.084151][T16617] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2324 (16617)
[ 1297.118137][T16444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1297.174753][T11959] usb 5-1: GET_CAPABILITIES returned 0
[ 1297.184513][T11959] usbtmc 5-1:16.0: can't read capabilities
[ 1297.241785][T16617] BTRFS info (device loop6): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[ 1297.355018][T16617] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[ 1297.518715][T16617] BTRFS info (device loop6): using free-space-tree
[ 1297.881579][ T6982] usb 5-1: USB disconnect, device number 16
[ 1298.790865][T16446] Bluetooth: hci2: command tx timeout
[ 1298.883629][T16617] BTRFS error (device loop6): open_ctree failed: -4
[ 1299.506833][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.524586][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1299.539033][T16444] hsr_slave_0: entered promiscuous mode
[ 1299.549280][T16668] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[ 1299.589612][T16444] hsr_slave_1: entered promiscuous mode
[ 1299.645809][T16444] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1299.677710][T16444] Cannot create hsr debugfs directory
[ 1299.946199][T16674] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1302.330056][   T30] audit: type=1326 audit(1752781328.958:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1302.548404][   T30] audit: type=1326 audit(1752781328.958:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1303.149440][T16694] loop6: detected capacity change from 0 to 1764
[ 1303.648492][   T30] audit: type=1326 audit(1752781329.058:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1303.729511][   T30] audit: type=1326 audit(1752781329.058:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1303.768218][T16700] loop0: detected capacity change from 0 to 128
[ 1303.821005][   T30] audit: type=1326 audit(1752781329.058:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1303.973568][   T30] audit: type=1326 audit(1752781329.258:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3550f8d58a code=0x7ffc0000
[ 1303.996597][ T6982] Process accounting resumed
[ 1304.043287][ T6982] FAT-fs (loop0): error, corrupted file size (i_pos 548, 512)
[ 1304.056185][   T30] audit: type=1326 audit(1752781329.258:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3550fc11e5 code=0x7ffc0000
[ 1304.080253][T10275] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1304.084328][ T6982] FAT-fs (loop0): Filesystem has been set read-only
[ 1304.132808][   T30] audit: type=1326 audit(1752781329.458:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1304.274603][   T30] audit: type=1326 audit(1752781329.458:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1304.320168][T10275] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1304.353260][T10275] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1304.379855][T10275] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1304.397936][   T30] audit: type=1326 audit(1752781329.458:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16670 comm="syz.0.2333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f3550f8e929 code=0x7ffc0000
[ 1304.432948][T10275] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1304.471159][T10275] usb 10-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1304.483301][T10275] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1305.560174][T10275] usb 10-1: config 0 descriptor??
[ 1306.038038][T10275] hdpvr 10-1:0.0: firmware version 0x0 dated 
[ 1306.058436][T10275] hdpvr 10-1:0.0: untested firmware, the driver might not work.
[ 1306.110936][T16720] loop6: detected capacity change from 0 to 512
[ 1306.121825][T16720] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[ 1306.165223][ T3446] bridge_slave_1: left allmulticast mode
[ 1306.179183][ T3446] bridge_slave_1: left promiscuous mode
[ 1306.196240][ T3446] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1306.202058][T10275] hdpvr 10-1:0.0: device init failed
[ 1306.231289][T10275] hdpvr 10-1:0.0: probe with driver hdpvr failed with error -12
[ 1306.257777][ T3446] bridge_slave_0: left allmulticast mode
[ 1306.270192][T10275] usb 10-1: USB disconnect, device number 7
[ 1306.281364][ T3446] bridge_slave_0: left promiscuous mode
[ 1306.329716][ T3446] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1312.018267][T16768] syz.6.2357: attempt to access beyond end of device
[ 1312.018267][T16768] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1312.053099][T16768] (syz.6.2357,16768,1):ocfs2_get_sector:1714 ERROR: status = -5
[ 1312.092720][T16768] (syz.6.2357,16768,1):ocfs2_sb_probe:753 ERROR: status = -5
[ 1312.101813][T16768] (syz.6.2357,16768,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[ 1312.133418][T16768] (syz.6.2357,16768,1):ocfs2_fill_super:1177 ERROR: status = -5
[ 1312.909266][ T3446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1312.997601][ T3446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1313.150304][ T3446] bond0 (unregistering): Released all slaves
[ 1314.468532][ T3446] hsr_slave_0: left promiscuous mode
[ 1314.495868][ T3446] hsr_slave_1: left promiscuous mode
[ 1314.515670][ T3446] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1314.559241][ T3446] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1316.726184][ T3446] team0 (unregistering): Port device team_slave_1 removed
[ 1317.100505][T16796] loop9: detected capacity change from 0 to 32768
[ 1317.139292][ T3446] team0 (unregistering): Port device team_slave_0 removed
[ 1317.827837][T16796] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1319.178906][T16819] loop4: detected capacity change from 0 to 512
[ 1319.223572][T16819] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[ 1319.328515][T16796] XFS (loop9): Ending clean mount
[ 1319.435016][T16823] loop6: detected capacity change from 0 to 256
[ 1319.493010][T16796] XFS (loop9): Quotacheck needed: Please wait.
[ 1320.104859][T16796] XFS (loop9): Quotacheck: Done.
[ 1320.941513][T14807] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1320.956768][T16833] loop4: detected capacity change from 0 to 512
[ 1321.088448][T16833] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.2376: casefold flag without casefold feature
[ 1321.216939][T16833] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2376: couldn't read orphan inode 15 (err -117)
[ 1321.353937][T16833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1322.255683][T16837] loop6: detected capacity change from 0 to 131072
[ 1322.381610][T16833] loop4: detected capacity change from 512 to 0
[ 1322.507634][ T5847] syz-executor: attempt to access beyond end of device
[ 1322.507634][ T5847] loop4: rw=12288, sector=72, nr_sectors = 2 limit=0
[ 1322.571373][ T5847] EXT4-fs warning (device loop4): htree_dirblock_to_tree:1051: inode #2: lblock 0: comm syz-executor: error -5 reading directory block
[ 1322.857453][T16837] F2FS-fs (loop6): Test dummy encryption mode enabled
[ 1322.876080][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1322.876080][ T6079] loop4: rw=524288, sector=12, nr_sectors = 2 limit=0
[ 1322.893351][T16837] F2FS-fs (loop6): invalid crc value
[ 1323.112869][T16837] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1323.163608][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1323.163608][ T6079] loop4: rw=524288, sector=14, nr_sectors = 2 limit=0
[ 1323.441690][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1323.441690][ T6079] loop4: rw=524288, sector=24, nr_sectors = 2 limit=0
[ 1323.485523][T16837] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[ 1323.539053][   T30] kauditd_printk_skb: 11 callbacks suppressed
[ 1323.539075][   T30] audit: type=1800 audit(1752781350.718:40): pid=16837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2378" name="file1" dev="loop6" ino=11 res=0 errno=0
[ 1323.566442][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1323.566442][ T6079] loop4: rw=524288, sector=26, nr_sectors = 2 limit=0
[ 1323.621125][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1323.621125][ T6079] loop4: rw=12288, sector=10, nr_sectors = 2 limit=0
[ 1323.638242][ T6079] EXT4-fs error (device loop4): __ext4_get_inode_loc_noinmem:4915: inode #2: block 5: comm kworker/u8:12: unable to read itable block
[ 1323.654073][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1323.654073][ T6079] loop4: rw=14337, sector=2, nr_sectors = 2 limit=0
[ 1323.674471][ T6079] Buffer I/O error on dev loop4, logical block 1, lost sync page write
[ 1323.682946][ T6079] EXT4-fs (loop4): I/O error while writing superblock
[ 1323.693057][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1323.786640][ T5847] syz-executor: attempt to access beyond end of device
[ 1323.786640][ T5847] loop4: rw=14337, sector=2, nr_sectors = 2 limit=0
[ 1323.887564][ T5847] Buffer I/O error on dev loop4, logical block 1, lost sync page write
[ 1323.897492][ T5847] EXT4-fs (loop4): I/O error while writing superblock
[ 1324.777435][T16867] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2385'.
[ 1324.810693][T16593] chnl_net:caif_netlink_parms(): no params data found
[ 1325.554802][T16868] infiniband syz1: set active
[ 1325.568269][T16868] infiniband syz1: added syz_tun
[ 1325.689072][T16868] syz1: qp#16 rxe_init_rq: Unable to allocate recv queue
[ 1325.698261][T16868] syz1: rxe_create_qp: returned err = -12
[ 1325.722993][T16593] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1325.738462][T16868] infiniband syz1: Couldn't create ib_mad QP1
[ 1325.745729][T16868] infiniband syz1: Couldn't open port 1
[ 1325.753500][T16593] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1325.779860][T16593] bridge_slave_0: entered allmulticast mode
[ 1325.787931][T16593] bridge_slave_0: entered promiscuous mode
[ 1325.815367][T16593] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1325.839601][T16593] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1325.867375][T16593] bridge_slave_1: entered allmulticast mode
[ 1325.870926][T16868] RDS/IB: syz1: added
[ 1325.880205][T16868] smc: adding ib device syz1 with port count 1
[ 1325.886661][T16868] smc:    ib device syz1 port 1 has pnetid 
[ 1325.889710][T16593] bridge_slave_1: entered promiscuous mode
[ 1326.208143][T16593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1326.269943][T16593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1326.446307][T16593] team0: Port device team_slave_0 added
[ 1326.463327][   T30] audit: type=1800 audit(1752781353.648:41): pid=16882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2384" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[ 1326.472936][T16593] team0: Port device team_slave_1 added
[ 1326.645094][ T5864] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1326.659871][ T5864] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1326.667616][ T5864] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1326.677822][ T5864] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1326.686348][ T5864] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1327.053719][T16593] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1327.086694][T16593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1327.125556][T16593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1327.296584][T16593] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1327.318067][T16593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1327.397224][T16593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1327.417872][T16890] ptrace attach of "./syz-executor exec"[5843] was attempted by ""[16890]
[ 1327.683866][T16593] hsr_slave_0: entered promiscuous mode
[ 1327.691710][T16593] hsr_slave_1: entered promiscuous mode
[ 1327.698226][T16593] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1327.711578][T16593] Cannot create hsr debugfs directory
[ 1327.717228][T16444] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1327.778401][   T24] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[ 1327.862690][T16444] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1327.901293][T16444] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1327.929190][   T24] usb 7-1: Using ep0 maxpacket: 8
[ 1327.942268][T16444] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1327.952476][   T24] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1327.973903][   T24] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1328.008706][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1328.028359][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1328.043225][T16884] lo speed is unknown, defaulting to 1000
[ 1328.051621][   T24] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1328.066096][   T24] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1328.075374][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1328.327323][   T24] usb 7-1: GET_CAPABILITIES returned 0
[ 1328.347297][   T24] usbtmc 7-1:16.0: can't read capabilities
[ 1328.490704][T16914] overlayfs: failed to clone upperpath
[ 1328.602861][T16894] usbtmc 7-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[ 1328.729100][ T5864] Bluetooth: hci1: command tx timeout
[ 1328.823947][T16444] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1328.840645][T11959] usb 7-1: USB disconnect, device number 20
[ 1328.936846][T16444] 8021q: adding VLAN 0 to HW filter on device team0
[ 1329.672638][ T6248] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1329.679889][ T6248] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1329.710542][ T6248] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1329.717750][ T6248] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1330.012797][T16923] loop6: detected capacity change from 0 to 32768
[ 1330.215515][T16923] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1330.333839][T16923] XFS (loop6): Ending clean mount
[ 1330.362178][T16923] XFS (loop6): Quotacheck needed: Please wait.
[ 1330.384720][T16593] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1330.476701][T16593] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1330.516341][T16923] XFS (loop6): Quotacheck: Done.
[ 1330.533006][T16593] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1330.816496][ T5864] Bluetooth: hci1: command tx timeout
[ 1331.130952][T16593] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1331.415374][ T6957] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1331.493649][T16593] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1331.555522][T16593] 8021q: adding VLAN 0 to HW filter on device team0
[ 1331.607614][ T6078] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1331.614866][ T6078] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1331.707272][ T6078] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1331.714537][ T6078] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1332.531875][T16593] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1332.624090][T16884] chnl_net:caif_netlink_parms(): no params data found
[ 1332.889412][ T5864] Bluetooth: hci1: command tx timeout
[ 1333.329749][T16884] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1333.369823][T16884] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1333.393992][T16884] bridge_slave_0: entered allmulticast mode
[ 1333.410407][T16884] bridge_slave_0: entered promiscuous mode
[ 1333.461536][T16884] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1333.481819][T16884] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1333.507406][T16884] bridge_slave_1: entered allmulticast mode
[ 1333.534928][T16884] bridge_slave_1: entered promiscuous mode
[ 1333.602358][T16973] 9pnet_virtio: no channels available for device syz
[ 1333.613655][T16446] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1333.628798][T16446] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1333.640590][T16446] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1333.650895][T16446] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1333.660078][T16446] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1333.869068][T16884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1333.961511][T16884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1334.201818][T16884] team0: Port device team_slave_0 added
[ 1334.941816][T16971] lo speed is unknown, defaulting to 1000
[ 1334.976216][T16446] Bluetooth: hci1: command tx timeout
[ 1335.021390][T16418] bridge_slave_1: left allmulticast mode
[ 1335.079981][T16418] bridge_slave_1: left promiscuous mode
[ 1335.101970][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1335.174049][T16418] bridge_slave_0: left allmulticast mode
[ 1335.200954][T16418] bridge_slave_0: left promiscuous mode
[ 1335.208923][T16992] 9pnet_virtio: no channels available for device syz
[ 1335.242816][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1335.698957][T16446] Bluetooth: hci4: command tx timeout
[ 1336.885658][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1336.897180][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1336.908035][T16418] bond0 (unregistering): Released all slaves
[ 1336.920169][T17026] block nbd6: shutting down sockets
[ 1336.934161][T16884] team0: Port device team_slave_1 added
[ 1336.980053][T17027] block nbd6: NBD_DISCONNECT
[ 1336.996364][T17027] block nbd6: Send disconnect failed -32
[ 1337.072998][T17021] pim6reg1: entered promiscuous mode
[ 1337.098536][T17021] pim6reg1: entered allmulticast mode
[ 1337.133055][T16884] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1337.144623][T16884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1337.170666][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1337.226443][T16884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1337.408730][T16884] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1337.429481][T16884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1337.470986][T16884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1337.497770][T16593] veth0_vlan: entered promiscuous mode
[ 1337.604578][T16418] hsr_slave_0: left promiscuous mode
[ 1337.627973][T16418] hsr_slave_1: left promiscuous mode
[ 1337.642094][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1337.654224][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1337.774963][T16446] Bluetooth: hci4: command tx timeout
[ 1337.833323][T17043] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[ 1337.843711][T17043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2438'.
[ 1338.875924][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1338.972672][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1339.573910][T16593] veth1_vlan: entered promiscuous mode
[ 1339.694448][T16884] hsr_slave_0: entered promiscuous mode
[ 1339.721349][T16884] hsr_slave_1: entered promiscuous mode
[ 1339.727868][T16884] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1339.740946][T16884] Cannot create hsr debugfs directory
[ 1339.852200][T16446] Bluetooth: hci4: command tx timeout
[ 1339.967826][T17071] dummy0: entered allmulticast mode
[ 1340.344718][T16593] veth0_macvtap: entered promiscuous mode
[ 1340.434467][T16593] veth1_macvtap: entered promiscuous mode
[ 1340.494772][T16971] chnl_net:caif_netlink_parms(): no params data found
[ 1340.887725][T16593] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1341.095006][T16418] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1342.475384][ T5864] Bluetooth: hci4: command tx timeout
[ 1342.660170][T16593] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1342.673293][T16593] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1342.682169][T16593] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1342.727735][T16593] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1342.777735][T16593] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.274540][T16418] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1343.447754][T17102] team0: Port device bond0 removed
[ 1343.469026][T17102] batman_adv: batadv0: Removing interface: team0
[ 1343.485717][T17102] dummy0: left allmulticast mode
[ 1343.499027][T17102] bridge0: port 3(dummy0) entered disabled state
[ 1343.510829][T17102] bridge_slave_0: left allmulticast mode
[ 1343.516602][T17102] bridge_slave_0: left promiscuous mode
[ 1343.522974][T17102] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1343.536112][T17102] bridge_slave_1: left allmulticast mode
[ 1343.542425][T17102] bridge_slave_1: left promiscuous mode
[ 1343.548394][T17102] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1343.583103][T17102] bond0: (slave bond_slave_0): Releasing backup interface
[ 1343.595097][T17102] bond0: (slave bond_slave_1): Releasing backup interface
[ 1343.614593][T17102] team0: Port device team_slave_0 removed
[ 1343.622744][T17102] team0: Port device team_slave_1 removed
[ 1343.630857][T17102] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1343.643360][T17102] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1343.662651][T17102] batman_adv: batadv0: Interface deactivated: ipvlan2
[ 1343.669724][T17102] batman_adv: batadv0: Removing interface: ipvlan2
[ 1343.679799][T17102] batman_adv: batadv0: Interface deactivated: ipvlan3
[ 1343.686919][T17102] batman_adv: batadv0: Removing interface: ipvlan3
[ 1343.710805][T17103] team0: Mode changed to "activebackup"
[ 1343.716758][T17106] vlan0: entered promiscuous mode
[ 1343.841595][T16971] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1343.860448][T16971] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1343.872346][T16971] bridge_slave_0: entered allmulticast mode
[ 1343.895532][T16971] bridge_slave_0: entered promiscuous mode
[ 1343.956701][T16418] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1344.025199][T17108] tipc: Started in network mode
[ 1344.046440][T17108] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[ 1344.066825][T17108] tipc: Enabled bearer <eth:team0>, priority 0
[ 1344.369687][T16971] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1344.419316][T16971] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1344.426557][T16971] bridge_slave_1: entered allmulticast mode
[ 1344.454623][T16971] bridge_slave_1: entered promiscuous mode
[ 1344.488759][T16446] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1345.508465][T11959] tipc: Node number set to 11578026
[ 1345.651617][T16418] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1345.733507][T17131] fuse: Bad value for 'fd'
[ 1345.835903][T16971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1345.910007][T16971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1346.033615][T17134] loop7: detected capacity change from 0 to 7
[ 1346.076199][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.085391][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.094016][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.103219][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.116014][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.125196][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.136219][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.165481][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.174687][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.183412][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.192592][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.201513][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.210712][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.219057][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.228218][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.236165][T16319] ldm_validate_partition_table(): Disk read failed.
[ 1346.244028][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.253211][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.264497][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1346.273685][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.297949][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1346.308710][T16319] Dev loop7: unable to read RDB block 0
[ 1346.318866][T16319]  loop7: unable to read partition table
[ 1346.337268][T16319] loop7: partition table beyond EOD, truncated
[ 1346.359182][T16971] team0: Port device team_slave_0 added
[ 1346.378976][T17134] ldm_validate_partition_table(): Disk read failed.
[ 1346.424452][T17134] Dev loop7: unable to read RDB block 0
[ 1346.431472][T17134]  loop7: unable to read partition table
[ 1346.437340][T17134] loop7: partition table beyond EOD, truncated
[ 1346.458402][T17134] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 1346.612366][T16971] team0: Port device team_slave_1 added
[ 1346.764974][T17143] netlink: 'syz.9.2477': attribute type 1 has an invalid length.
[ 1346.792806][T17145] comedi comedi1: dt2817: I/O port conflict (0x20109,5)
[ 1346.808134][ T6079] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1346.827007][ T6079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1346.889800][T16446] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1346.904002][T16971] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1346.926445][T16971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1346.957405][T17149] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2477'.
[ 1346.975230][T16971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1347.045241][T17143] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1347.110805][T17148] bond2: (slave veth3): Enslaving as an active interface with a down link
[ 1347.152200][T17149] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1347.163170][T17149] bond2: (slave batadv1): making interface the new active one
[ 1347.172962][T17149] batadv1: entered promiscuous mode
[ 1347.179364][T17149] bond2: (slave batadv1): Enslaving as an active interface with an up link
[ 1347.188224][T16418] dummy0: left allmulticast mode
[ 1347.202965][T16418] bridge0: port 3(dummy0) entered disabled state
[ 1347.221273][T16418] bridge_slave_1: left allmulticast mode
[ 1347.226931][T16418] bridge_slave_1: left promiscuous mode
[ 1347.234678][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1347.260753][T16418] bridge_slave_0: left allmulticast mode
[ 1347.266663][T16418] bridge_slave_0: left promiscuous mode
[ 1347.272775][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1347.797997][T16418] team0: Port device bond0 removed
[ 1347.821751][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1347.834336][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1347.845254][T16418] bond0 (unregistering): Released all slaves
[ 1347.864610][T16971] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1347.872153][T16971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1347.901252][T16971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1347.989136][T16418] : left promiscuous mode
[ 1348.028491][T16884] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1348.045034][T16884] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1348.090618][T16418] IPVS: stopping master sync thread 7807 ...
[ 1348.319822][T16884] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1349.345039][T17159] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 2
[ 1349.362148][ T6080] Bluetooth: hci6: Frame reassembly failed (-84)
[ 1349.479920][T16971] hsr_slave_0: entered promiscuous mode
[ 1349.486665][T16971] hsr_slave_1: entered promiscuous mode
[ 1349.539897][T16971] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1349.547470][T16971] Cannot create hsr debugfs directory
[ 1349.751101][T16884] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1349.981158][   T30] audit: type=1800 audit(1752781377.168:42): pid=17167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2484" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1349.984659][T13692] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1350.019302][T13692] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1350.028157][T13692] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1350.041492][T13692] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1350.051649][T13692] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1350.602944][T17181] block device autoloading is deprecated and will be removed.
[ 1350.625824][T17180] block device autoloading is deprecated and will be removed.
[ 1350.644323][T17168] lo speed is unknown, defaulting to 1000
[ 1351.128723][T16418] hsr_slave_0: left promiscuous mode
[ 1351.149301][T16418] hsr_slave_1: left promiscuous mode
[ 1351.165397][T16418] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1351.193259][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1351.226808][T16418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1351.254994][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1351.270939][T16418] batman_adv: batadv0: Interface deactivated: ipvlan2
[ 1351.284995][T16418] batman_adv: batadv0: Removing interface: ipvlan2
[ 1351.369344][ T5864] Bluetooth: hci6: command 0x1003 tx timeout
[ 1351.375900][T16446] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1351.424993][T16418] veth1_macvtap: left promiscuous mode
[ 1351.431094][T16418] veth0_macvtap: left promiscuous mode
[ 1351.437575][T16418] veth1_vlan: left promiscuous mode
[ 1351.445361][T16418] veth0_vlan: left promiscuous mode
[ 1351.937799][T17201] loop2: detected capacity change from 0 to 7
[ 1351.958695][T17198] fuse: Unknown parameter 'fd0x0000000000000003'
[ 1351.977150][T17201] Dev loop2: unable to read RDB block 7
[ 1352.007154][T17201]  loop2: unable to read partition table
[ 1352.038691][T17201] loop2: partition table beyond EOD, truncated
[ 1352.085557][T17201] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1352.097231][T16446] Bluetooth: hci2: command tx timeout
[ 1354.168543][T16446] Bluetooth: hci2: command tx timeout
[ 1354.858584][T17218] loop9: detected capacity change from 0 to 40427
[ 1354.947259][T17218] F2FS-fs (loop9): invalid crc value
[ 1355.156675][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1355.249928][T17218] F2FS-fs (loop9): Start checkpoint disabled!
[ 1355.279174][T17218] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[ 1355.320337][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1355.346794][   T30] audit: type=1800 audit(1752781382.528:43): pid=17218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2501" name="file1" dev="loop9" ino=10 res=0 errno=0
[ 1355.350211][T17218] syz.9.2501: attempt to access beyond end of device
[ 1355.350211][T17218] loop9: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[ 1355.411467][   T30] audit: type=1800 audit(1752781382.528:44): pid=17218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2501" name="file1" dev="loop9" ino=10 res=0 errno=0
[ 1355.634493][ T3446] kworker/u8:7: attempt to access beyond end of device
[ 1355.634493][ T3446] loop9: rw=1, sector=45096, nr_sectors = 8 limit=40427
[ 1355.684705][ T3446] kworker/u8:7: attempt to access beyond end of device
[ 1355.684705][ T3446] loop9: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[ 1355.719516][ T3446] CPU: 1 UID: 0 PID: 3446 Comm: kworker/u8:7 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1355.719548][ T3446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1355.719563][ T3446] Workqueue: writeback wb_workfn (flush-7:9)
[ 1355.719599][ T3446] Call Trace:
[ 1355.719609][ T3446]  <TASK>
[ 1355.719619][ T3446]  dump_stack_lvl+0x189/0x250
[ 1355.719657][ T3446]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1355.719685][ T3446]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1355.719727][ T3446]  ? __pfx_queue_work_on+0x10/0x10
[ 1355.719761][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.719789][ T3446]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1355.719829][ T3446]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1355.719870][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.719898][ T3446]  ? f2fs_hw_is_readonly+0x39b/0x470
[ 1355.719948][ T3446]  f2fs_handle_critical_error+0x37c/0x540
[ 1355.719983][ T3446]  f2fs_write_end_io+0x495/0x810
[ 1355.720011][ T3446]  ? blkg_put+0x22/0x240
[ 1355.720072][ T3446]  __submit_merged_bio+0x27a/0x6a0
[ 1355.720130][ T3446]  __submit_merged_write_cond+0x255/0x530
[ 1355.720184][ T3446]  f2fs_write_data_pages+0x261d/0x3000
[ 1355.720264][ T3446]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1355.720315][ T3446]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[ 1355.720400][ T3446]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[ 1355.720447][ T3446]  ? trace_f2fs_writepages+0x7f/0x200
[ 1355.720474][ T3446]  ? f2fs_write_node_pages+0x478/0x6e0
[ 1355.720536][ T3446]  ? sched_clock+0x3f/0x60
[ 1355.720572][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.720600][ T3446]  ? sched_clock_cpu+0x74/0x430
[ 1355.720628][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.720663][ T3446]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1355.720693][ T3446]  do_writepages+0x32e/0x550
[ 1355.720735][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.720763][ T3446]  ? reacquire_held_locks+0x127/0x1d0
[ 1355.720794][ T3446]  ? writeback_sb_inodes+0x372/0x1000
[ 1355.720843][ T3446]  __writeback_single_inode+0x145/0xff0
[ 1355.720876][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.720903][ T3446]  ? do_raw_spin_unlock+0x122/0x240
[ 1355.720947][ T3446]  writeback_sb_inodes+0x6b5/0x1000
[ 1355.720979][ T3446]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1355.721014][ T3446]  ? rcu_is_watching+0x15/0xb0
[ 1355.721049][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.721096][ T3446]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1355.721201][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.721229][ T3446]  ? rcu_is_watching+0x15/0xb0
[ 1355.721257][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.721299][ T3446]  wb_writeback+0x43b/0xaf0
[ 1355.721345][ T3446]  ? queue_io+0x381/0x590
[ 1355.721384][ T3446]  ? __pfx_wb_writeback+0x10/0x10
[ 1355.721430][ T3446]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1355.721478][ T3446]  wb_workfn+0x409/0xef0
[ 1355.721530][ T3446]  ? __pfx_wb_workfn+0x10/0x10
[ 1355.721563][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.721591][ T3446]  ? __lock_acquire+0xab9/0xd20
[ 1355.721635][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.721667][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.721701][ T3446]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1355.721738][ T3446]  ? process_scheduled_works+0x9ef/0x17b0
[ 1355.721766][ T3446]  ? process_scheduled_works+0x9ef/0x17b0
[ 1355.721798][ T3446]  process_scheduled_works+0xae1/0x17b0
[ 1355.721874][ T3446]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1355.721915][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.721957][ T3446]  worker_thread+0x8a0/0xda0
[ 1355.722030][ T3446]  kthread+0x711/0x8a0
[ 1355.722072][ T3446]  ? __pfx_worker_thread+0x10/0x10
[ 1355.722101][ T3446]  ? __pfx_kthread+0x10/0x10
[ 1355.722139][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.722173][ T3446]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1355.722211][ T3446]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1355.722239][ T3446]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1355.722261][ T3446]  ? __pfx_kthread+0x10/0x10
[ 1355.722300][ T3446]  ret_from_fork+0x3fc/0x770
[ 1355.722331][ T3446]  ? __pfx_ret_from_fork+0x10/0x10
[ 1355.722368][ T3446]  ? __switch_to_asm+0x39/0x70
[ 1355.722399][ T3446]  ? __switch_to_asm+0x33/0x70
[ 1355.722431][ T3446]  ? __pfx_kthread+0x10/0x10
[ 1355.722470][ T3446]  ret_from_fork_asm+0x1a/0x30
[ 1355.722530][ T3446]  </TASK>
[ 1355.722539][ T3446] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[ 1356.249240][T16446] Bluetooth: hci2: command tx timeout
[ 1358.232896][T15698] lo speed is unknown, defaulting to 1000
[ 1358.239610][T15698] infiniband 3yz0: ib_query_port failed (-19)
[ 1358.329032][T16446] Bluetooth: hci2: command tx timeout
[ 1360.829436][ T3446] batadv1: left promiscuous mode
[ 1360.870076][T16884] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1360.899603][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1360.905915][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1360.977337][T16884] 8021q: adding VLAN 0 to HW filter on device team0
[ 1361.168317][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1361.175536][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1361.220283][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1361.227474][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1361.297062][T17278] loop9: detected capacity change from 0 to 256
[ 1361.332355][T17275] loop6: detected capacity change from 0 to 40427
[ 1361.343257][T17275] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 1361.351066][T17275] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1361.369913][T17275] F2FS-fs (loop6): invalid crc value
[ 1361.383666][T17278] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1361.446226][T17278] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[ 1361.517953][T17275] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1361.525247][T17275] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1361.603923][T17168] chnl_net:caif_netlink_parms(): no params data found
[ 1361.818192][T17278] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[ 1361.934926][   T30] audit: type=1800 audit(1752781389.088:45): pid=17287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2522" name="file1" dev="loop6" ino=10 res=0 errno=0
[ 1362.829639][T16418] IPVS: stop unused estimator thread 0...
[ 1362.849380][T17168] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1362.877959][T17168] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1362.903021][T17168] bridge_slave_0: entered allmulticast mode
[ 1362.974236][T17168] bridge_slave_0: entered promiscuous mode
[ 1363.036593][T16971] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1363.718834][T17168] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1363.726020][T17168] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1363.792632][T17168] bridge_slave_1: entered allmulticast mode
[ 1363.822900][T17168] bridge_slave_1: entered promiscuous mode
[ 1363.908747][T16971] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1364.039992][T16971] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1364.072930][T16971] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1364.321918][T17168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1364.364746][T17168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1364.681068][T16418] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1367.450629][T17337] netlink: 'syz.9.2541': attribute type 1 has an invalid length.
[ 1367.458418][T17337] netlink: 192 bytes leftover after parsing attributes in process `syz.9.2541'.
[ 1368.439896][T16418] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1368.510173][T17168] team0: Port device team_slave_0 added
[ 1368.581641][T17168] team0: Port device team_slave_1 added
[ 1368.697621][T16418] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1368.873347][T17168] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1368.895111][T17168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1368.998857][T17168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1369.044885][T17168] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1369.065771][T17168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1369.307716][T17168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1370.046013][T16418] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.270806][T17168] hsr_slave_0: entered promiscuous mode
[ 1370.368721][ T5962] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1370.496696][T17168] hsr_slave_1: entered promiscuous mode
[ 1370.503793][T17168] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1370.511386][T17168] Cannot create hsr debugfs directory
[ 1370.532586][ T5962] usb 10-1: Using ep0 maxpacket: 8
[ 1370.553342][ T5962] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[ 1371.216147][ T5962] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1371.228723][ T5962] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1371.355949][ T5962] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1371.366055][ T5962] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1371.372062][T16884] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1371.379521][ T5962] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1371.395433][ T5962] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1371.668768][ T5962] usb 10-1: usb_control_msg returned -32
[ 1371.674492][ T5962] usbtmc 10-1:16.0: can't read capabilities
[ 1372.059379][T16418] bridge_slave_1: left allmulticast mode
[ 1372.075611][T16418] bridge_slave_1: left promiscuous mode
[ 1372.083436][T17418] usbtmc 10-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[ 1372.099164][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1372.148011][T16418] bridge_slave_0: left allmulticast mode
[ 1372.181578][T16418] bridge_slave_0: left promiscuous mode
[ 1372.187343][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1372.313458][T10275] usb 10-1: USB disconnect, device number 8
[ 1372.509321][ T5962] usb 7-1: new full-speed USB device number 21 using dummy_hcd
[ 1372.681272][ T5962] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1372.691564][ T5962] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1372.713461][ T5962] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1372.726806][ T5962] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1372.962733][ T5962] usb 7-1: usb_control_msg returned -32
[ 1372.973837][ T5962] usbtmc 7-1:16.0: can't read capabilities
[ 1373.672164][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1374.054964][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1374.161525][T16418] bond0 (unregistering): Released all slaves
[ 1374.298221][T16884] veth0_vlan: entered promiscuous mode
[ 1375.051800][T16884] veth1_vlan: entered promiscuous mode
[ 1375.235117][T16971] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1375.720454][ T5962] usb 7-1: USB disconnect, device number 21
[ 1377.743004][T16971] 8021q: adding VLAN 0 to HW filter on device team0
[ 1378.939216][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1378.946342][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1379.001891][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1379.009081][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1379.357718][T17495] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2578'.
[ 1379.980299][T16884] veth0_macvtap: entered promiscuous mode
[ 1380.131294][T16884] veth1_macvtap: entered promiscuous mode
[ 1380.178818][T11959] usb 7-1: new full-speed USB device number 22 using dummy_hcd
[ 1380.380458][T16418] hsr_slave_0: left promiscuous mode
[ 1380.400846][T11959] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1380.414412][T16418] hsr_slave_1: left promiscuous mode
[ 1380.437255][T16418] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1380.453107][T11959] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1380.476855][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1380.489166][T11959] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1380.498233][T11959] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1380.519547][T16418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1380.543743][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1380.809345][T11959] usb 7-1: usb_control_msg returned -32
[ 1380.836385][T11959] usbtmc 7-1:16.0: can't read capabilities
[ 1381.369793][T16418] veth1_macvtap: left promiscuous mode
[ 1381.375379][T16418] veth0_macvtap: left promiscuous mode
[ 1381.393219][T16418] veth1_vlan: left promiscuous mode
[ 1381.428520][T16418] veth0_vlan: left promiscuous mode
[ 1381.507467][T11959] usb 7-1: USB disconnect, device number 22
[ 1382.397661][T17525] capability: warning: `syz.0.2592' uses deprecated v2 capabilities in a way that may be insecure
[ 1383.026034][T17532] loop9: detected capacity change from 0 to 256
[ 1383.514994][T17534] loop6: detected capacity change from 0 to 32768
[ 1383.522476][T17534] XFS: ikeep mount option is deprecated.
[ 1383.750494][T17534] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1383.972129][T17534] XFS (loop6): Ending clean mount
[ 1383.980460][T17534] XFS (loop6): Quotacheck needed: Please wait.
[ 1384.092111][T17534] XFS (loop6): Quotacheck: Done.
[ 1385.478454][   T30] audit: type=1800 audit(1752781412.648:46): pid=17552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2595" name="file1" dev="loop6" ino=9286 res=0 errno=0
[ 1385.498203][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1386.524265][ T6957] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1388.030981][T17571] loop9: detected capacity change from 0 to 40427
[ 1388.049655][T17571] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[ 1388.057408][T17571] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[ 1388.123568][T17571] F2FS-fs (loop9): invalid crc value
[ 1388.258471][T17571] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[ 1388.265566][T17571] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[ 1389.235063][   T30] audit: type=1800 audit(1752781416.158:47): pid=17580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2604" name="file1" dev="loop9" ino=10 res=0 errno=0
[ 1389.394892][ T5864] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1389.408603][ T5864] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1389.418724][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1389.428665][ T5864] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1389.454901][ T5864] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1389.467209][ T5864] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1389.590710][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1389.736688][T17585] loop6: detected capacity change from 0 to 512
[ 1389.836104][T17585] FAT-fs (loop6): error, corrupted directory (invalid entries)
[ 1391.522652][T17597] loop6: detected capacity change from 0 to 40427
[ 1391.541139][ T5864] Bluetooth: hci6: command tx timeout
[ 1391.555878][T17597] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 1391.563672][T17597] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1391.580683][T17597] F2FS-fs (loop6): invalid crc value
[ 1391.739671][T17597] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1391.746742][T17597] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1392.033168][   T30] audit: type=1800 audit(1752781419.228:48): pid=17604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2610" name="file1" dev="loop6" ino=10 res=0 errno=0
[ 1392.460036][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1392.460036][ T6079] loop6: rw=1, sector=77824, nr_sectors = 4096 limit=40427
[ 1392.567895][ T6079] kworker/u8:12: attempt to access beyond end of device
[ 1392.567895][ T6079] loop6: rw=1, sector=49152, nr_sectors = 912 limit=40427
[ 1393.351335][T17168] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1393.480009][T17168] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1393.608499][ T5864] Bluetooth: hci6: command tx timeout
[ 1393.670037][ T5962] IPVS: starting estimator thread 0...
[ 1393.848744][T17615] IPVS: using max 21 ests per chain, 50400 per kthread
[ 1394.369038][T17168] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1394.476626][T17168] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1395.708518][ T5864] Bluetooth: hci6: command tx timeout
[ 1396.462565][T17168] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1396.632538][T17168] 8021q: adding VLAN 0 to HW filter on device team0
[ 1396.669866][ T6080] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1396.677017][ T6080] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1396.994240][T16446] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1397.003959][T16446] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1397.011678][T16446] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1397.170129][T16446] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1397.178037][T16446] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1397.277651][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1397.284821][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1397.383095][T17661] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2626'.
[ 1397.768420][T16446] Bluetooth: hci6: command tx timeout
[ 1399.167515][T17679] loop9: detected capacity change from 0 to 1764
[ 1399.209409][T16446] Bluetooth: hci1: command tx timeout
[ 1399.588608][T17581] chnl_net:caif_netlink_parms(): no params data found
[ 1401.301308][T16446] Bluetooth: hci1: command tx timeout
[ 1402.956967][T17581] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1402.990300][T17581] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1403.001733][T17717] loop9: detected capacity change from 0 to 1024
[ 1403.018740][T17581] bridge_slave_0: entered allmulticast mode
[ 1403.050044][T17581] bridge_slave_0: entered promiscuous mode
[ 1403.114529][T17581] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1403.160334][T17581] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1403.199258][T17581] bridge_slave_1: entered allmulticast mode
[ 1403.211709][   T59] hfsplus: b-tree write err: -5, ino 4
[ 1403.381093][T16446] Bluetooth: hci1: command tx timeout
[ 1403.393378][T17581] bridge_slave_1: entered promiscuous mode
[ 1403.658393][T10892] usb 10-1: new full-speed USB device number 9 using dummy_hcd
[ 1404.602551][T17168] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1404.651075][T10892] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1404.722169][T10892] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1404.791604][T10892] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1404.844251][T10892] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1404.862861][T17581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1404.954885][T17581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1405.423591][T10892] usb 10-1: usb_control_msg returned -32
[ 1405.451918][T16446] Bluetooth: hci1: command tx timeout
[ 1405.454228][T10892] usbtmc 10-1:16.0: can't read capabilities
[ 1405.556212][T10892] usb 10-1: USB disconnect, device number 9
[ 1405.723618][T17581] team0: Port device team_slave_0 added
[ 1405.875995][T17581] team0: Port device team_slave_1 added
[ 1406.307923][T17581] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1406.347512][T17581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1406.484150][T17581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1406.688598][T17581] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1406.758703][T17581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1406.816065][T17581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1407.818817][T17655] chnl_net:caif_netlink_parms(): no params data found
[ 1408.387777][T17581] hsr_slave_0: entered promiscuous mode
[ 1408.421111][T17581] hsr_slave_1: entered promiscuous mode
[ 1408.458184][T17581] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1408.502925][T17581] Cannot create hsr debugfs directory
[ 1408.668547][T16418] bridge_slave_1: left allmulticast mode
[ 1408.674250][T16418] bridge_slave_1: left promiscuous mode
[ 1408.728888][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1408.839557][T16418] bridge_slave_0: left allmulticast mode
[ 1408.845244][T16418] bridge_slave_0: left promiscuous mode
[ 1408.878716][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1408.962528][T16418] bridge_slave_1: left allmulticast mode
[ 1408.968205][T16418] bridge_slave_1: left promiscuous mode
[ 1409.004582][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1409.139798][T16418] bridge_slave_0: left allmulticast mode
[ 1409.169271][T16418] bridge_slave_0: left promiscuous mode
[ 1409.175016][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1410.218398][T10275] usb 7-1: new full-speed USB device number 23 using dummy_hcd
[ 1410.381086][T10275] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1410.391208][T10275] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1410.414528][T10275] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1410.434769][T10275] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1410.666311][T10275] usb 7-1: usb_control_msg returned -32
[ 1410.687607][T10275] usbtmc 7-1:16.0: can't read capabilities
[ 1410.752431][T10275] usb 7-1: USB disconnect, device number 23
[ 1410.982904][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1411.062381][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1411.115843][T16418] bond0 (unregistering): Released all slaves
[ 1411.132705][ T5864] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1411.147873][ T5864] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1411.158738][ T5864] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1411.169577][ T5864] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1411.199051][ T5864] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1412.404035][T17792] loop6: detected capacity change from 0 to 256
[ 1412.471953][T17794] fuse: Bad value for 'fd'
[ 1413.288734][T16446] Bluetooth: hci2: command tx timeout
[ 1413.383827][T17799] overlayfs: missing 'lowerdir'
[ 1414.871096][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1414.952133][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1415.012269][T16418] bond0 (unregistering): Released all slaves
[ 1415.118919][T11959] usb 7-1: new full-speed USB device number 24 using dummy_hcd
[ 1415.301730][T11959] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1415.329164][T11959] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1415.368507][T16446] Bluetooth: hci2: command tx timeout
[ 1415.385483][T11959] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1415.395883][T11959] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1415.703220][T11959] usb 7-1: usb_control_msg returned -32
[ 1415.737785][T11959] usbtmc 7-1:16.0: can't read capabilities
[ 1416.237233][T11959] usb 7-1: USB disconnect, device number 24
[ 1417.088541][T17655] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1417.095718][T17655] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1417.152879][T17655] bridge_slave_0: entered allmulticast mode
[ 1417.210247][T17655] bridge_slave_0: entered promiscuous mode
[ 1417.264445][T17655] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1417.326004][T17655] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1417.373664][T17655] bridge_slave_1: entered allmulticast mode
[ 1417.448551][T16446] Bluetooth: hci2: command tx timeout
[ 1418.269985][T17655] bridge_slave_1: entered promiscuous mode
[ 1418.608711][T16418] hsr_slave_0: left promiscuous mode
[ 1419.589605][T16446] Bluetooth: hci2: command tx timeout
[ 1419.607156][T17853] netlink: 76 bytes leftover after parsing attributes in process `syz.6.2693'.
[ 1419.829859][   T30] audit: type=1326 audit(1752781446.838:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.6.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1419.848785][T16418] hsr_slave_1: left promiscuous mode
[ 1419.852538][   T30] audit: type=1326 audit(1752781446.848:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.6.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1419.879975][   T30] audit: type=1326 audit(1752781446.848:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.6.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1419.932031][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1419.959208][   T30] audit: type=1326 audit(1752781446.848:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.6.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1420.083133][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1420.112466][   T30] audit: type=1326 audit(1752781446.848:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.6.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1420.226010][   T30] audit: type=1326 audit(1752781446.848:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.6.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1420.331744][   T30] audit: type=1326 audit(1752781446.848:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.6.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1420.378911][T15698] usb 10-1: new full-speed USB device number 10 using dummy_hcd
[ 1420.398437][T16418] hsr_slave_0: left promiscuous mode
[ 1420.457621][T16418] hsr_slave_1: left promiscuous mode
[ 1420.477084][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1420.756857][T15698] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1420.779225][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1421.055343][T16418] veth1_macvtap: left promiscuous mode
[ 1421.096824][T16418] veth0_macvtap: left promiscuous mode
[ 1421.134436][T16418] veth1_vlan: left promiscuous mode
[ 1421.155731][T15698] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1421.169166][T15698] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1421.174211][T16418] veth0_vlan: left promiscuous mode
[ 1421.178463][T15698] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1421.458179][T15698] usb 10-1: usb_control_msg returned -32
[ 1421.464623][T15698] usbtmc 10-1:16.0: can't read capabilities
[ 1421.498841][T15698] usb 10-1: USB disconnect, device number 10
[ 1422.369396][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.376205][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1422.863624][T17873] loop6: detected capacity change from 0 to 256
[ 1426.699994][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1426.751688][T11959] usb 10-1: new full-speed USB device number 11 using dummy_hcd
[ 1426.805269][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1426.926673][T11959] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1426.950965][T11959] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1426.985141][T11959] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1427.031905][T11959] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1427.318413][T11959] usb 10-1: usb_control_msg returned -32
[ 1427.324233][T11959] usbtmc 10-1:16.0: can't read capabilities
[ 1427.399231][T11959] usb 10-1: USB disconnect, device number 11
[ 1430.065086][T17923] fuse: Bad value for 'fd'
[ 1431.943605][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1432.112386][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1433.517505][T17905] bridge0: port 3(dummy0) entered disabled state
[ 1433.762804][T17655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1433.990840][T17655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1434.190347][T17939] loop9: detected capacity change from 0 to 2048
[ 1434.340896][T17939] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1434.471125][T17655] team0: Port device team_slave_0 added
[ 1434.625307][T17655] team0: Port device team_slave_1 added
[ 1435.846877][T17655] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1435.901416][T17655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1435.987114][T17934] loop6: detected capacity change from 0 to 32768
[ 1435.998545][T17655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1436.043081][T17934] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2722 (17934)
[ 1436.089484][T17655] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1436.123080][T17655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1436.175066][T17934] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1436.186855][T17934] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm
[ 1436.196772][T17655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1436.218430][T17934] BTRFS info (device loop6): using free-space-tree
[ 1438.019492][T17987] input: syz1 as /devices/virtual/input/input20
[ 1438.274479][T17987] loop9: detected capacity change from 0 to 256
[ 1438.947198][ T6957] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1439.016230][T17655] hsr_slave_0: entered promiscuous mode
[ 1439.063950][T17655] hsr_slave_1: entered promiscuous mode
[ 1439.082679][T17655] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1439.091709][T17655] Cannot create hsr debugfs directory
[ 1439.958767][T17992] dummy0: left promiscuous mode
[ 1439.963716][T17992] dummy0: entered allmulticast mode
[ 1440.523834][T17783] chnl_net:caif_netlink_parms(): no params data found
[ 1444.653817][T17783] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1444.683053][T17783] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1444.720367][T17783] bridge_slave_0: entered allmulticast mode
[ 1444.768913][T17783] bridge_slave_0: entered promiscuous mode
[ 1444.811630][T17783] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1444.868506][T17783] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1444.906164][T17783] bridge_slave_1: entered allmulticast mode
[ 1444.958754][T17783] bridge_slave_1: entered promiscuous mode
[ 1446.809489][T17581] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1448.188477][T17783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1448.693255][T17783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1451.890204][T18082] loop6: detected capacity change from 0 to 131072
[ 1451.939704][T17783] team0: Port device team_slave_0 added
[ 1451.951883][T18082] F2FS-fs (loop6): Test dummy encryption mode enabled
[ 1451.971422][T18082] F2FS-fs (loop6): invalid crc value
[ 1452.140805][T18082] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1452.175657][   T30] audit: type=1800 audit(1752781479.358:56): pid=18082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2758" name="file1" dev="loop6" ino=10 res=0 errno=0
[ 1452.235623][T17783] team0: Port device team_slave_1 added
[ 1452.271962][ T5864] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1452.280648][ T5864] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1452.288839][ T5864] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1452.296916][ T5864] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1452.305324][ T5864] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1453.171736][T17783] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1453.198419][T17783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1453.315005][T17783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1453.482816][T17783] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1453.535923][T17783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1453.638429][T17783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1453.990584][T16418] bridge_slave_1: left allmulticast mode
[ 1453.996270][T16418] bridge_slave_1: left promiscuous mode
[ 1454.046727][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1454.225567][T16418] bridge_slave_0: left allmulticast mode
[ 1454.266685][T16418] bridge_slave_0: left promiscuous mode
[ 1454.305404][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1454.463138][ T5864] Bluetooth: hci4: command tx timeout
[ 1456.488635][ T5864] Bluetooth: hci4: command tx timeout
[ 1456.920815][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1456.941078][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1457.041421][T16418] bond0 (unregistering): Released all slaves
[ 1457.205480][T18120] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 2
[ 1457.238800][  T152] Bluetooth: hci6: Frame reassembly failed (-84)
[ 1457.806433][T17783] hsr_slave_0: entered promiscuous mode
[ 1457.856078][T17783] hsr_slave_1: entered promiscuous mode
[ 1457.905814][T17783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1457.949785][T17783] Cannot create hsr debugfs directory
[ 1458.912490][T16446] Bluetooth: hci4: command tx timeout
[ 1459.288737][ T5864] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1460.798675][T13692] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1460.818649][T13692] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1460.826412][T13692] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1460.847863][T13692] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1460.858211][T13692] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1460.969342][T13692] Bluetooth: hci4: command tx timeout
[ 1462.088600][T16446] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1463.048508][T16446] Bluetooth: hci6: command tx timeout
[ 1465.138826][T16446] Bluetooth: hci6: command tx timeout
[ 1466.408486][T18197] binder: 18196:18197 ioctl 4018620d 0 returned -22
[ 1466.448553][T16418] hsr_slave_0: left promiscuous mode
[ 1466.528033][T16418] hsr_slave_1: left promiscuous mode
[ 1466.549223][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1466.646960][T18202] loop6: detected capacity change from 0 to 256
[ 1466.654629][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1466.699656][T18202] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1466.709770][T18204] loop9: detected capacity change from 0 to 256
[ 1466.741967][T18202] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[ 1466.755599][T18204] exfat: Deprecated parameter 'namecase'
[ 1466.791289][T18204] exfat: Deprecated parameter 'utf8'
[ 1466.825351][T18202] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[ 1466.863979][T18204] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d)
[ 1467.208434][T16446] Bluetooth: hci6: command tx timeout
[ 1467.635212][T18208] loop9: detected capacity change from 0 to 2048
[ 1467.751991][T18209] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1467.800488][   T30] audit: type=1800 audit(1752781494.978:57): pid=18208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2804" name="file2" dev="loop9" ino=16 res=0 errno=0
[ 1467.857456][T18208] NILFS (loop9): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3)
[ 1467.917490][T18208] NILFS error (device loop9): nilfs_bmap_propagate: broken bmap (inode number=16)
[ 1467.992735][T18208] Remounting filesystem read-only
[ 1468.098027][T14807] NILFS (loop9): disposed unprocessed dirty file(s) when stopping log writer
[ 1469.358457][T16446] Bluetooth: hci6: command tx timeout
[ 1471.127792][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1471.262146][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1471.581719][T18228] binder: 18226:18228 ioctl 4018620d 0 returned -22
[ 1471.811532][T18229] loop9: detected capacity change from 0 to 32768
[ 1471.905743][T18229] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1472.017326][T18229] XFS (loop9): Ending clean mount
[ 1472.027638][T18229] XFS (loop9): Quotacheck needed: Please wait.
[ 1472.131677][T18229] XFS (loop9): Quotacheck: Done.
[ 1472.820936][T14807] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1474.338806][T18250] fuse: Bad value for 'fd'
[ 1474.561998][T13692] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1474.572261][T13692] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1474.588491][T13692] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1474.655425][T13692] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1474.670369][T13692] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1474.912670][T18262] overlayfs: failed to resolve './file0': -2
[ 1476.907744][T13692] Bluetooth: hci1: command tx timeout
[ 1476.958820][T18276] fuse: Bad value for 'fd'
[ 1477.903387][T18290] binder: BINDER_SET_CONTEXT_MGR already set
[ 1477.974253][T18290] binder: 18288:18290 ioctl 4018620d 200000000040 returned -16
[ 1478.911492][T18089] chnl_net:caif_netlink_parms(): no params data found
[ 1478.971779][T13692] Bluetooth: hci1: command tx timeout
[ 1479.079719][T18297] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1479.985638][T18144] chnl_net:caif_netlink_parms(): no params data found
[ 1480.276187][T18309] binder: 18307:18309 ioctl 40046205 0 returned -22
[ 1481.058634][T13692] Bluetooth: hci1: command tx timeout
[ 1482.462934][T18089] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1482.524310][T18089] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1482.583568][T18089] bridge_slave_0: entered allmulticast mode
[ 1482.628516][T18089] bridge_slave_0: entered promiscuous mode
[ 1482.669753][T18089] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1482.676880][T18089] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1482.745288][T18089] bridge_slave_1: entered allmulticast mode
[ 1482.796258][T18089] bridge_slave_1: entered promiscuous mode
[ 1482.814476][T18144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1482.832790][T18144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1482.862398][T18144] bridge_slave_0: entered allmulticast mode
[ 1482.911659][T18144] bridge_slave_0: entered promiscuous mode
[ 1483.130398][T13692] Bluetooth: hci1: command tx timeout
[ 1483.201899][T18089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1483.238218][T18332] loop9: detected capacity change from 0 to 32768
[ 1483.267791][T18144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1483.316236][T18144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1483.357310][T18144] bridge_slave_1: entered allmulticast mode
[ 1483.375881][T18332] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[ 1483.399500][T16125] (kworker/u8:2,16125,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[ 1483.400520][T18144] bridge_slave_1: entered promiscuous mode
[ 1483.730684][T14807] (syz-executor,14807,0):ocfs2_inode_is_valid_to_delete:886 ERROR: Skipping delete of system file 70
[ 1483.774969][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.001261][T18344] loop6: detected capacity change from 0 to 32768
[ 1484.018465][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.020213][T14807] (syz-executor,14807,1):ocfs2_inode_is_valid_to_delete:886 ERROR: Skipping delete of system file 72
[ 1484.061889][T18089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1484.108815][T18344] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1484.155766][T14807] ocfs2: Unmounting device (7,9) on (node local)
[ 1484.333083][T18344] XFS (loop6): Ending clean mount
[ 1484.359246][T18344] XFS (loop6): Quotacheck needed: Please wait.
[ 1484.421136][T18344] XFS (loop6): Quotacheck: Done.
[ 1484.959356][T18144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1485.032354][T18144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1485.145465][ T6957] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1485.729060][T18363] binder: 18358:18363 ioctl 40046205 0 returned -22
[ 1486.273850][T18089] team0: Port device team_slave_0 added
[ 1486.283533][T18089] team0: Port device team_slave_1 added
[ 1486.909499][T18089] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1486.946907][T18089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1487.001182][T18371] overlayfs: failed to resolve './file0': -2
[ 1487.010497][T18089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1487.419687][T18144] team0: Port device team_slave_0 added
[ 1487.463254][T18144] team0: Port device team_slave_1 added
[ 1487.505854][T18089] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1487.598705][T18089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1487.688656][T18089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1488.408772][T13692] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1489.495901][T18144] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1489.538382][T18144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1490.922500][T18144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1490.970583][T18144] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1490.977546][T18144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1491.003601][T18144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1491.506553][T18089] hsr_slave_0: entered promiscuous mode
[ 1491.514895][T18089] hsr_slave_1: entered promiscuous mode
[ 1491.521703][T18089] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1491.529680][T18089] Cannot create hsr debugfs directory
[ 1491.619967][T18253] chnl_net:caif_netlink_parms(): no params data found
[ 1492.622824][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1492.733777][T18419] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 2
[ 1493.051349][T18144] hsr_slave_0: entered promiscuous mode
[ 1493.078437][T18144] hsr_slave_1: entered promiscuous mode
[ 1493.095099][T18144] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1493.126842][T18144] Cannot create hsr debugfs directory
[ 1494.660053][T13692] Bluetooth: hci2: command 0x1003 tx timeout
[ 1494.688506][T16446] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1495.030417][T18253] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1495.037722][T18253] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1495.085732][T18253] bridge_slave_0: entered allmulticast mode
[ 1495.099270][T18253] bridge_slave_0: entered promiscuous mode
[ 1495.188820][T18437] binder: 18436:18437 ioctl 40046205 0 returned -22
[ 1495.209055][T18432] sctp: failed to load transform for md5: -2
[ 1495.552186][T18253] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1495.579880][T18441] binder: 18439:18441 ioctl c0306201 0 returned -14
[ 1495.608688][T18253] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1495.615907][T18253] bridge_slave_1: entered allmulticast mode
[ 1495.650395][T18253] bridge_slave_1: entered promiscuous mode
[ 1495.799371][T15698] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[ 1495.998355][T15698] usb 10-1: Using ep0 maxpacket: 8
[ 1496.071848][T15698] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1496.087677][T15698] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1496.142320][T15698] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1496.148804][T18446] overlayfs: failed to resolve './file0': -2
[ 1496.188439][T15698] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1496.238655][T15698] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1496.266996][T15698] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1496.341900][T18253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1496.512758][T15698] usb 10-1: usb_control_msg returned -71
[ 1496.530744][T15698] usbtmc 10-1:16.0: can't read capabilities
[ 1496.607003][T15698] usb 10-1: USB disconnect, device number 12
[ 1496.783869][T18253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1498.435280][T18467] usb usb8: usbfs: process 18467 (syz.9.2884) did not claim interface 0 before use
[ 1498.555465][T18253] team0: Port device team_slave_0 added
[ 1498.597769][T18253] team0: Port device team_slave_1 added
[ 1499.175555][T18469] binder: 18468:18469 ioctl c0306201 0 returned -14
[ 1499.190738][T18253] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1499.218152][T18253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1499.314324][T18253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1499.530107][T18253] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1499.537235][T18253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1499.563160][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1500.098611][T18253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1500.491940][T16418] bridge_slave_1: left allmulticast mode
[ 1500.508405][T16418] bridge_slave_1: left promiscuous mode
[ 1500.514201][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1500.932969][T16418] bridge_slave_0: left allmulticast mode
[ 1500.984882][T16418] bridge_slave_0: left promiscuous mode
[ 1501.018771][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1501.105132][T16418] bridge_slave_1: left allmulticast mode
[ 1501.174772][T16418] bridge_slave_1: left promiscuous mode
[ 1501.253703][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1501.370958][T16418] bridge_slave_0: left allmulticast mode
[ 1501.400611][T16418] bridge_slave_0: left promiscuous mode
[ 1501.438567][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1501.519873][T16418] bridge_slave_1: left allmulticast mode
[ 1501.525512][T16418] bridge_slave_1: left promiscuous mode
[ 1501.638534][T15698] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1502.388917][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1502.422936][T16418] bridge_slave_0: left allmulticast mode
[ 1502.428657][T16418] bridge_slave_0: left promiscuous mode
[ 1502.442444][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1502.559073][T15698] usb 7-1: Using ep0 maxpacket: 8
[ 1502.566135][T15698] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1502.586538][T15698] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1502.647401][T15698] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1502.683545][T15698] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1502.728188][T15698] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1502.769707][T15698] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1503.028651][T15698] usb 7-1: usb_control_msg returned -71
[ 1503.034299][T15698] usbtmc 7-1:16.0: can't read capabilities
[ 1503.154779][T15698] usb 7-1: USB disconnect, device number 25
[ 1503.245620][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1503.336648][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1503.412014][T16418] bond0 (unregistering): Released all slaves
[ 1504.250833][T18509] loop6: detected capacity change from 0 to 40427
[ 1504.260790][T18509] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 1504.268582][T18509] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1504.308609][T18509] F2FS-fs (loop6): invalid crc value
[ 1504.449080][T18509] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1504.456287][T18509] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1504.704181][   T30] audit: type=1800 audit(1752781531.878:58): pid=18509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2900" name="file1" dev="loop6" ino=10 res=0 errno=0
[ 1505.354561][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1506.359880][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1506.634051][T16418] bond0 (unregistering): Released all slaves
[ 1506.650548][ T6957] syz-executor: attempt to access beyond end of device
[ 1506.650548][ T6957] loop6: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1506.716593][ T6957] CPU: 0 UID: 0 PID: 6957 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1506.716624][ T6957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1506.716640][ T6957] Call Trace:
[ 1506.716650][ T6957]  <TASK>
[ 1506.716661][ T6957]  dump_stack_lvl+0x189/0x250
[ 1506.716701][ T6957]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1506.716729][ T6957]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1506.716772][ T6957]  ? __pfx_queue_work_on+0x10/0x10
[ 1506.716805][ T6957]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1506.716834][ T6957]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1506.716874][ T6957]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1506.716915][ T6957]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1506.716943][ T6957]  ? f2fs_hw_is_readonly+0x39b/0x470
[ 1506.716993][ T6957]  f2fs_handle_critical_error+0x37c/0x540
[ 1506.717027][ T6957]  f2fs_write_end_io+0x495/0x810
[ 1506.717055][ T6957]  ? blkg_put+0x22/0x240
[ 1506.717111][ T6957]  __submit_merged_bio+0x27a/0x6a0
[ 1506.717150][ T6957]  ? up_write+0x1c4/0x420
[ 1506.717190][ T6957]  __submit_merged_write_cond+0x44c/0x530
[ 1506.717240][ T6957]  f2fs_sync_node_pages+0x1869/0x1a00
[ 1506.717309][ T6957]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[ 1506.717386][ T6957]  ? f2fs_write_checkpoint+0xe33/0x1de0
[ 1506.717431][ T6957]  ? up_write+0x1c4/0x420
[ 1506.717461][ T6957]  ? do_raw_spin_unlock+0x122/0x240
[ 1506.717504][ T6957]  f2fs_write_checkpoint+0xe5f/0x1de0
[ 1506.717565][ T6957]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1506.717656][ T6957]  ? kill_f2fs_super+0x298/0x6c0
[ 1506.717694][ T6957]  kill_f2fs_super+0x2c3/0x6c0
[ 1506.717733][ T6957]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1506.717761][ T6957]  ? radix_tree_delete_item+0x2b6/0x400
[ 1506.717795][ T6957]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1506.717823][ T6957]  ? shrinker_free+0x2ce/0x3e0
[ 1506.717855][ T6957]  deactivate_locked_super+0xbc/0x130
[ 1506.717888][ T6957]  cleanup_mnt+0x425/0x4c0
[ 1506.717917][ T6957]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1506.717946][ T6957]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1506.717975][ T6957]  task_work_run+0x1d4/0x260
[ 1506.718019][ T6957]  ? __pfx_task_work_run+0x10/0x10
[ 1506.718055][ T6957]  ? __x64_sys_umount+0x122/0x160
[ 1506.718098][ T6957]  ? exit_to_user_mode_loop+0x40/0x110
[ 1506.718130][ T6957]  exit_to_user_mode_loop+0xec/0x110
[ 1506.718157][ T6957]  do_syscall_64+0x2bd/0x3b0
[ 1506.718184][ T6957]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1506.718209][ T6957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1506.718233][ T6957]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1506.718261][ T6957]  ? exc_page_fault+0x9f/0xf0
[ 1506.718294][ T6957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1506.718321][ T6957] RIP: 0033:0x7fa444b8fc57
[ 1506.718343][ T6957] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1506.718365][ T6957] RSP: 002b:00007ffccb7990a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1506.718391][ T6957] RAX: 0000000000000000 RBX: 00007fa444c10a8d RCX: 00007fa444b8fc57
[ 1506.718415][ T6957] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffccb799160
[ 1506.718434][ T6957] RBP: 00007ffccb799160 R08: 0000000000000000 R09: 0000000000000000
[ 1506.718450][ T6957] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffccb79a1f0
[ 1506.718467][ T6957] R13: 00007fa444c10a8d R14: 000000000016fab8 R15: 00007ffccb79a230
[ 1506.718508][ T6957]  </TASK>
[ 1507.047628][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1507.200906][T18525] loop9: detected capacity change from 0 to 32768
[ 1507.227636][ T6957] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1507.466032][T18525] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1507.599928][T18525] XFS (loop9): Ending clean mount
[ 1507.607654][T18525] XFS (loop9): Quotacheck needed: Please wait.
[ 1507.665074][T18525] XFS (loop9): Quotacheck: Done.
[ 1508.288922][T16418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1508.386258][T14807] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1508.501048][T16418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1508.590517][T16418] bond0 (unregistering): Released all slaves
[ 1509.170684][T18253] hsr_slave_0: entered promiscuous mode
[ 1509.177648][T18253] hsr_slave_1: entered promiscuous mode
[ 1509.199136][T18253] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1509.206710][T18253] Cannot create hsr debugfs directory
[ 1509.468895][T18517] bond0: entered promiscuous mode
[ 1509.475490][T18517] batadv0: entered promiscuous mode
[ 1509.513762][T18517] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[ 1509.576170][T18517] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[ 1509.628539][T18517] hsr1: entered allmulticast mode
[ 1509.633630][T18517] bond0: entered allmulticast mode
[ 1509.668446][T18517] batadv0: entered allmulticast mode
[ 1509.684618][T18517] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1509.939236][T13692] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1509.960742][T13692] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1509.969042][T13692] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1510.018559][T13692] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1510.049344][T13692] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1510.761971][T18556] loop6: detected capacity change from 0 to 128
[ 1511.030777][T18556] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1511.120275][T18556] ext4 filesystem being mounted at /682/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1512.108587][T18562] loop9: detected capacity change from 0 to 40427
[ 1512.116817][T18562] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[ 1512.124772][T18562] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[ 1512.137257][T18562] F2FS-fs (loop9): invalid crc value
[ 1512.269565][T18562] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[ 1512.276657][T18562] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[ 1512.361073][T16446] Bluetooth: hci2: command tx timeout
[ 1512.506675][   T30] audit: type=1800 audit(1752781539.688:59): pid=18562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2916" name="file1" dev="loop9" ino=10 res=0 errno=0
[ 1513.489164][ T6957] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1514.127079][T14807] syz-executor: attempt to access beyond end of device
[ 1514.127079][T14807] loop9: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1514.211723][T14807] CPU: 1 UID: 0 PID: 14807 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1514.211760][T14807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1514.211777][T14807] Call Trace:
[ 1514.211787][T14807]  <TASK>
[ 1514.211798][T14807]  dump_stack_lvl+0x189/0x250
[ 1514.211839][T14807]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1514.211869][T14807]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1514.211910][T14807]  ? __pfx_queue_work_on+0x10/0x10
[ 1514.211943][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1514.211972][T14807]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1514.212013][T14807]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1514.212054][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1514.212082][T14807]  ? f2fs_hw_is_readonly+0x39b/0x470
[ 1514.212131][T14807]  f2fs_handle_critical_error+0x37c/0x540
[ 1514.212165][T14807]  f2fs_write_end_io+0x495/0x810
[ 1514.212194][T14807]  ? blkg_put+0x22/0x240
[ 1514.212251][T14807]  __submit_merged_bio+0x27a/0x6a0
[ 1514.212290][T14807]  ? up_write+0x1c4/0x420
[ 1514.212331][T14807]  __submit_merged_write_cond+0x44c/0x530
[ 1514.212382][T14807]  f2fs_sync_node_pages+0x1869/0x1a00
[ 1514.212458][T14807]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[ 1514.212535][T14807]  ? f2fs_write_checkpoint+0xe33/0x1de0
[ 1514.212572][T14807]  ? up_write+0x1c4/0x420
[ 1514.212603][T14807]  ? do_raw_spin_unlock+0x122/0x240
[ 1514.212646][T14807]  f2fs_write_checkpoint+0xe5f/0x1de0
[ 1514.212707][T14807]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1514.212799][T14807]  ? kill_f2fs_super+0x298/0x6c0
[ 1514.212837][T14807]  kill_f2fs_super+0x2c3/0x6c0
[ 1514.212877][T14807]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1514.212905][T14807]  ? radix_tree_delete_item+0x2b6/0x400
[ 1514.212939][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1514.212968][T14807]  ? shrinker_free+0x2ce/0x3e0
[ 1514.213000][T14807]  deactivate_locked_super+0xbc/0x130
[ 1514.213034][T14807]  cleanup_mnt+0x425/0x4c0
[ 1514.213063][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1514.213091][T14807]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1514.213122][T14807]  task_work_run+0x1d4/0x260
[ 1514.213166][T14807]  ? __pfx_task_work_run+0x10/0x10
[ 1514.213202][T14807]  ? __x64_sys_umount+0x122/0x160
[ 1514.213245][T14807]  ? exit_to_user_mode_loop+0x40/0x110
[ 1514.213277][T14807]  exit_to_user_mode_loop+0xec/0x110
[ 1514.213304][T14807]  do_syscall_64+0x2bd/0x3b0
[ 1514.213331][T14807]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1514.213356][T14807]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1514.213380][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1514.213408][T14807]  ? exc_page_fault+0x9f/0xf0
[ 1514.213441][T14807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1514.213466][T14807] RIP: 0033:0x7fb34958fc57
[ 1514.213488][T14807] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1514.213509][T14807] RSP: 002b:00007ffc121bb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1514.213535][T14807] RAX: 0000000000000000 RBX: 00007fb349610a8d RCX: 00007fb34958fc57
[ 1514.213553][T14807] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc121bb0e0
[ 1514.213569][T14807] RBP: 00007ffc121bb0e0 R08: 0000000000000000 R09: 0000000000000000
[ 1514.213586][T14807] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc121bc170
[ 1514.213604][T14807] R13: 00007fb349610a8d R14: 0000000000171812 R15: 00007ffc121bc1b0
[ 1514.213644][T14807]  </TASK>
[ 1514.213655][T14807] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[ 1514.418590][T16446] Bluetooth: hci2: command tx timeout
[ 1515.166128][T18584] loop6: detected capacity change from 0 to 2048
[ 1515.226719][T18584] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1515.290711][T11959] IPVS: starting estimator thread 0...
[ 1515.420344][T18585] IPVS: using max 23 ests per chain, 55200 per kthread
[ 1516.648507][T16446] Bluetooth: hci2: command tx timeout
[ 1517.329373][T18602] loop6: detected capacity change from 0 to 16
[ 1517.369411][T18602] MTD: Attempt to mount non-MTD device "/dev/loop6"
[ 1517.661745][T16418] hsr_slave_0: left promiscuous mode
[ 1517.694057][T16418] hsr_slave_1: left promiscuous mode
[ 1517.706347][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1517.750000][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1517.868456][T16418] hsr_slave_0: left promiscuous mode
[ 1517.882549][T16418] hsr_slave_1: left promiscuous mode
[ 1517.889525][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1517.910191][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1517.978621][T16418] hsr_slave_0: left promiscuous mode
[ 1517.992305][T16418] hsr_slave_1: left promiscuous mode
[ 1518.014753][T16418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1518.065432][T16418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1518.730028][T16446] Bluetooth: hci2: command tx timeout
[ 1518.771279][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1518.883872][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1520.445931][T18618] netlink: 76 bytes leftover after parsing attributes in process `syz.6.2935'.
[ 1521.268410][   T30] audit: type=1326 audit(1752781547.688:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1521.358494][   T30] audit: type=1326 audit(1752781547.688:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1521.428580][   T30] audit: type=1326 audit(1752781547.688:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1521.608493][   T30] audit: type=1326 audit(1752781547.688:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1521.708742][   T30] audit: type=1326 audit(1752781547.688:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1522.078406][   T30] audit: type=1326 audit(1752781547.768:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1522.802532][   T30] audit: type=1326 audit(1752781547.768:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1522.838398][   T30] audit: type=1326 audit(1752781547.768:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1522.938885][T13692] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1522.948983][T13692] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1522.957728][T13692] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1522.966505][T13692] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1522.978882][T13692] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1522.996334][   T30] audit: type=1326 audit(1752781547.768:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1523.072023][   T30] audit: type=1326 audit(1752781547.768:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18616 comm="syz.6.2935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa444b8e929 code=0x7ffc0000
[ 1523.094270][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1523.438377][ T5962] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1523.639240][ T5962] usb 7-1: Using ep0 maxpacket: 8
[ 1523.656671][ T5962] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1523.675004][ T5962] usb 7-1: config 0 has no interface number 0
[ 1523.691537][ T5962] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1523.728382][ T5962] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1523.750826][ T5962] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1523.789631][ T5962] usb 7-1: config 0 descriptor??
[ 1523.819452][ T5962] iowarrior 7-1:0.1: no interrupt-in endpoint found
[ 1523.875490][T18644] loop9: detected capacity change from 0 to 40427
[ 1523.900696][T18644] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[ 1523.908500][T18644] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[ 1523.952218][T18644] F2FS-fs (loop9): invalid crc value
[ 1524.048851][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1524.064656][T18644] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[ 1524.071789][T18644] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[ 1525.139817][T13692] Bluetooth: hci4: command tx timeout
[ 1525.164326][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1526.218538][ T6982] usb 7-1: USB disconnect, device number 26
[ 1526.566896][T14807] syz-executor: attempt to access beyond end of device
[ 1526.566896][T14807] loop9: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1526.588386][ T6982] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1526.623188][T14807] CPU: 0 UID: 0 PID: 14807 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1526.623224][T14807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1526.623240][T14807] Call Trace:
[ 1526.623251][T14807]  <TASK>
[ 1526.623281][T14807]  dump_stack_lvl+0x189/0x250
[ 1526.623325][T14807]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1526.623354][T14807]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1526.623397][T14807]  ? __pfx_queue_work_on+0x10/0x10
[ 1526.623430][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1526.623459][T14807]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1526.623500][T14807]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1526.623542][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1526.623571][T14807]  ? f2fs_hw_is_readonly+0x39b/0x470
[ 1526.623620][T14807]  f2fs_handle_critical_error+0x37c/0x540
[ 1526.623654][T14807]  f2fs_write_end_io+0x495/0x810
[ 1526.623684][T14807]  ? blkg_put+0x22/0x240
[ 1526.623749][T14807]  __submit_merged_bio+0x27a/0x6a0
[ 1526.623789][T14807]  ? up_write+0x1c4/0x420
[ 1526.623830][T14807]  __submit_merged_write_cond+0x44c/0x530
[ 1526.623881][T14807]  f2fs_sync_node_pages+0x1869/0x1a00
[ 1526.623951][T14807]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[ 1526.624028][T14807]  ? f2fs_write_checkpoint+0xe33/0x1de0
[ 1526.624067][T14807]  ? up_write+0x1c4/0x420
[ 1526.624097][T14807]  ? do_raw_spin_unlock+0x122/0x240
[ 1526.624141][T14807]  f2fs_write_checkpoint+0xe5f/0x1de0
[ 1526.624209][T14807]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1526.624309][T14807]  ? kill_f2fs_super+0x298/0x6c0
[ 1526.624351][T14807]  kill_f2fs_super+0x2c3/0x6c0
[ 1526.624393][T14807]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1526.624424][T14807]  ? radix_tree_delete_item+0x2b6/0x400
[ 1526.624461][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1526.624490][T14807]  ? shrinker_free+0x2ce/0x3e0
[ 1526.624523][T14807]  deactivate_locked_super+0xbc/0x130
[ 1526.624560][T14807]  cleanup_mnt+0x425/0x4c0
[ 1526.624590][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1526.624620][T14807]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1526.624652][T14807]  task_work_run+0x1d4/0x260
[ 1526.624699][T14807]  ? __pfx_task_work_run+0x10/0x10
[ 1526.624748][T14807]  ? __x64_sys_umount+0x122/0x160
[ 1526.624792][T14807]  ? exit_to_user_mode_loop+0x40/0x110
[ 1526.624826][T14807]  exit_to_user_mode_loop+0xec/0x110
[ 1526.624856][T14807]  do_syscall_64+0x2bd/0x3b0
[ 1526.624885][T14807]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1526.624911][T14807]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1526.624937][T14807]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1526.624967][T14807]  ? exc_page_fault+0x9f/0xf0
[ 1526.624997][T14807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1526.625022][T14807] RIP: 0033:0x7fb34958fc57
[ 1526.625045][T14807] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1526.625068][T14807] RSP: 002b:00007ffc121bb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1526.625095][T14807] RAX: 0000000000000000 RBX: 00007fb349610a8d RCX: 00007fb34958fc57
[ 1526.625114][T14807] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc121bb0e0
[ 1526.625131][T14807] RBP: 00007ffc121bb0e0 R08: 0000000000000000 R09: 0000000000000000
[ 1526.625148][T14807] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc121bc170
[ 1526.625167][T14807] R13: 00007fb349610a8d R14: 0000000000174638 R15: 00007ffc121bc1b0
[ 1526.625210][T14807]  </TASK>
[ 1526.625222][T14807] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[ 1526.768872][ T6982] usb 7-1: Using ep0 maxpacket: 16
[ 1527.208167][T16418] team0 (unregistering): Port device team_slave_1 removed
[ 1527.228612][T13692] Bluetooth: hci4: command tx timeout
[ 1527.354120][T16418] team0 (unregistering): Port device team_slave_0 removed
[ 1527.367746][ T6982] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[ 1527.377771][ T6982] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1527.420862][ T6982] usb 7-1: Product: syz
[ 1527.425082][ T6982] usb 7-1: Manufacturer: syz
[ 1527.468626][ T6982] usb 7-1: SerialNumber: syz
[ 1527.513248][ T6982] usb 7-1: config 0 descriptor??
[ 1527.580730][ T6982] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[ 1527.628211][ T6982] usb 7-1: Detected FT232H
[ 1527.982176][ T6982] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1528.006383][ T6982] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71
[ 1528.066849][ T6982] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1528.124569][ T6982] usb 7-1: USB disconnect, device number 27
[ 1528.174742][ T6982] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1528.232232][ T6982] ftdi_sio 7-1:0.0: device disconnected
[ 1529.348634][T13692] Bluetooth: hci4: command tx timeout
[ 1529.928529][T18543] chnl_net:caif_netlink_parms(): no params data found
[ 1530.031381][T18253] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1530.580972][T18253] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1530.777400][T18253] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1531.369549][T13692] Bluetooth: hci4: command tx timeout
[ 1531.958366][T18253] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1532.700257][T18543] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1532.707512][T18543] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1532.736923][T18543] bridge_slave_0: entered allmulticast mode
[ 1532.761668][T18543] bridge_slave_0: entered promiscuous mode
[ 1532.788777][T18543] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1532.808485][T18543] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1532.815711][T18543] bridge_slave_1: entered allmulticast mode
[ 1532.874797][T18543] bridge_slave_1: entered promiscuous mode
[ 1533.153108][T18543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1533.232226][T18543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1533.951556][T18543] team0: Port device team_slave_0 added
[ 1534.060812][T18543] team0: Port device team_slave_1 added
[ 1534.401087][T18543] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1534.425100][T18543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1534.566388][T18543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1534.620270][T18543] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1534.645734][T18543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1534.838566][T18543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1535.685766][T18634] chnl_net:caif_netlink_parms(): no params data found
[ 1536.140326][T16446] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1536.161686][T16446] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1536.181705][T16446] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1536.195510][T16446] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1536.209073][T16446] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1536.672390][T18543] hsr_slave_0: entered promiscuous mode
[ 1536.711848][T18543] hsr_slave_1: entered promiscuous mode
[ 1536.752404][T18543] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1536.777362][T18543] Cannot create hsr debugfs directory
[ 1537.502397][T18634] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1537.670254][T18634] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1538.370318][T13692] Bluetooth: hci1: command tx timeout
[ 1538.489586][T18634] bridge_slave_0: entered allmulticast mode
[ 1538.497358][T18634] bridge_slave_0: entered promiscuous mode
[ 1539.901789][T18634] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1539.928688][T18634] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1539.936060][T18634] bridge_slave_1: entered allmulticast mode
[ 1540.020682][T18758] binder: 18754:18758 ioctl 40046205 0 returned -22
[ 1540.066194][T18634] bridge_slave_1: entered promiscuous mode
[ 1540.408479][T16446] Bluetooth: hci1: command tx timeout
[ 1540.566353][T18634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1541.048463][T13692] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1541.139248][T18634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1541.887829][T18634] team0: Port device team_slave_0 added
[ 1542.055785][T18634] team0: Port device team_slave_1 added
[ 1542.353932][T18634] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1542.380088][T18634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1542.445285][T18634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1542.488578][T13692] Bluetooth: hci1: command tx timeout
[ 1542.645208][T18634] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1542.698811][T18634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1543.587852][T18634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1544.568484][T13692] Bluetooth: hci1: command tx timeout
[ 1545.021612][T18634] hsr_slave_0: entered promiscuous mode
[ 1545.049713][T18634] hsr_slave_1: entered promiscuous mode
[ 1545.056117][T18634] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1545.098388][T18634] Cannot create hsr debugfs directory
[ 1545.216316][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.223926][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.206755][T18543] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1546.570028][T18543] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1546.620049][T18543] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1546.915035][T18543] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1547.600223][T18805] 9pnet_virtio: no channels available for device syz
[ 1547.815386][T18722] chnl_net:caif_netlink_parms(): no params data found
[ 1551.164556][T18819] ==================================================================
[ 1551.172687][T18819] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0
[ 1551.180864][T18819] Read of size 1 at addr ffff88802f5adeb0 by task syz.6.2998/18819
[ 1551.188760][T18819] 
[ 1551.191082][T18819] CPU: 0 UID: 0 PID: 18819 Comm: syz.6.2998 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1551.191107][T18819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1551.191120][T18819] Call Trace:
[ 1551.191129][T18819]  <TASK>
[ 1551.191139][T18819]  dump_stack_lvl+0x189/0x250
[ 1551.191165][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.191188][T18819]  ? __kasan_check_byte+0x12/0x40
[ 1551.191219][T18819]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1551.191240][T18819]  ? rcu_is_watching+0x15/0xb0
[ 1551.191264][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.191286][T18819]  ? lock_release+0x4b/0x3e0
[ 1551.191308][T18819]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1551.191333][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.191356][T18819]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1551.191383][T18819]  print_report+0xca/0x230
[ 1551.191401][T18819]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1551.191431][T18819]  kasan_report+0x118/0x150
[ 1551.191461][T18819]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1551.191496][T18819]  ? remove_wait_queue+0x24/0x120
[ 1551.191525][T18819]  __kasan_check_byte+0x2a/0x40
[ 1551.191553][T18819]  lock_acquire+0x8d/0x360
[ 1551.191579][T18819]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1551.191605][T18819]  ? task_work_add+0x281/0x420
[ 1551.191640][T18819]  _raw_spin_lock_irqsave+0xa7/0xf0
[ 1551.191670][T18819]  ? remove_wait_queue+0x24/0x120
[ 1551.191699][T18819]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1551.191735][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.191757][T18819]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1551.191789][T18819]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1551.191824][T18819]  remove_wait_queue+0x24/0x120
[ 1551.191855][T18819]  poll_freewait+0x17f/0x240
[ 1551.191885][T18819]  do_select+0x172f/0x17e0
[ 1551.191918][T18819]  ? do_select+0xc51/0x17e0
[ 1551.191956][T18819]  ? __pfx_do_select+0x10/0x10
[ 1551.191983][T18819]  ? rcu_is_watching+0x15/0xb0
[ 1551.192005][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.192027][T18819]  ? trace_sched_exit_tp+0x38/0x120
[ 1551.192045][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.192067][T18819]  ? __schedule+0x1713/0x4d00
[ 1551.192089][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192120][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192151][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192181][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192212][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192242][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192273][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192304][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192334][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1551.192368][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.192398][T18819]  core_sys_select+0x6dd/0xa20
[ 1551.192433][T18819]  ? __pfx_core_sys_select+0x10/0x10
[ 1551.192479][T18819]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1551.192517][T18819]  __se_sys_pselect6+0x27a/0x300
[ 1551.192556][T18819]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1551.192593][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.192619][T18819]  ? rcu_is_watching+0x15/0xb0
[ 1551.192643][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.192665][T18819]  ? __x64_sys_pselect6+0x21/0xf0
[ 1551.192693][T18819]  do_syscall_64+0xfa/0x3b0
[ 1551.192719][T18819]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1551.192738][T18819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1551.192756][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1551.192776][T18819]  ? exc_page_fault+0x9f/0xf0
[ 1551.192795][T18819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1551.192814][T18819] RIP: 0033:0x7fa444b8e929
[ 1551.192832][T18819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1551.192849][T18819] RSP: 002b:00007fa4459c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1551.192868][T18819] RAX: ffffffffffffffda RBX: 00007fa444db5fa0 RCX: 00007fa444b8e929
[ 1551.192882][T18819] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1551.192895][T18819] RBP: 00007fa444c10ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1551.192907][T18819] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000
[ 1551.192919][T18819] R13: 0000000000000000 R14: 00007fa444db5fa0 R15: 00007ffccb799e18
[ 1551.192941][T18819]  </TASK>
[ 1551.192948][T18819] 
[ 1551.601788][T18819] Allocated by task 1:
[ 1551.605840][T18819]  kasan_save_track+0x3e/0x80
[ 1551.610523][T18819]  __kasan_kmalloc+0x93/0xb0
[ 1551.615110][T18819]  __kmalloc_cache_noprof+0x230/0x3d0
[ 1551.620486][T18819]  comedi_device_postconfig+0x4a8/0xc90
[ 1551.626031][T18819]  comedi_auto_config+0x267/0x380
[ 1551.631054][T18819]  comedi_test_init+0x8e/0x110
[ 1551.635813][T18819]  do_one_initcall+0x236/0x820
[ 1551.640576][T18819]  do_initcall_level+0x137/0x1f0
[ 1551.645525][T18819]  do_initcalls+0x69/0xd0
[ 1551.649856][T18819]  kernel_init_freeable+0x3d9/0x570
[ 1551.655049][T18819]  kernel_init+0x1d/0x1d0
[ 1551.659384][T18819]  ret_from_fork+0x3fc/0x770
[ 1551.663970][T18819]  ret_from_fork_asm+0x1a/0x30
[ 1551.668738][T18819] 
[ 1551.671063][T18819] Freed by task 18828:
[ 1551.675117][T18819]  kasan_save_track+0x3e/0x80
[ 1551.679795][T18819]  kasan_save_free_info+0x46/0x50
[ 1551.684818][T18819]  __kasan_slab_free+0x62/0x70
[ 1551.689584][T18819]  kfree+0x18e/0x440
[ 1551.693475][T18819]  comedi_device_detach+0x372/0x720
[ 1551.698673][T18819]  comedi_unlocked_ioctl+0xc4b/0xf40
[ 1551.703967][T18819]  __se_sys_ioctl+0xfc/0x170
[ 1551.708570][T18819]  do_syscall_64+0xfa/0x3b0
[ 1551.713092][T18819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1551.718974][T18819] 
[ 1551.721285][T18819] The buggy address belongs to the object at ffff88802f5ade00
[ 1551.721285][T18819]  which belongs to the cache kmalloc-256 of size 256
[ 1551.735326][T18819] The buggy address is located 176 bytes inside of
[ 1551.735326][T18819]  freed 256-byte region [ffff88802f5ade00, ffff88802f5adf00)
[ 1551.749119][T18819] 
[ 1551.751432][T18819] The buggy address belongs to the physical page:
[ 1551.757830][T18819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f5ac
[ 1551.766580][T18819] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1551.775069][T18819] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1551.782607][T18819] page_type: f5(slab)
[ 1551.786578][T18819] raw: 00fff00000000040 ffff88801a441b40 dead000000000122 0000000000000000
[ 1551.795156][T18819] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1551.803736][T18819] head: 00fff00000000040 ffff88801a441b40 dead000000000122 0000000000000000
[ 1551.812400][T18819] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1551.821064][T18819] head: 00fff00000000001 ffffea0000bd6b01 00000000ffffffff 00000000ffffffff
[ 1551.829723][T18819] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1551.838378][T18819] page dumped because: kasan: bad access detected
[ 1551.844774][T18819] page_owner tracks the page as allocated
[ 1551.850474][T18819] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19920464913, free_ts 0
[ 1551.870180][T18819]  post_alloc_hook+0x240/0x2a0
[ 1551.874953][T18819]  get_page_from_freelist+0x21e4/0x22c0
[ 1551.880503][T18819]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1551.886308][T18819]  alloc_pages_mpol+0x232/0x4a0
[ 1551.891164][T18819]  allocate_slab+0x8a/0x3b0
[ 1551.895663][T18819]  ___slab_alloc+0xbfc/0x1480
[ 1551.900331][T18819]  __kmalloc_cache_noprof+0x296/0x3d0
[ 1551.905703][T18819]  bus_add_driver+0x162/0x640
[ 1551.910380][T18819]  driver_register+0x23a/0x320
[ 1551.915133][T18819]  usb_register_driver+0x1e4/0x390
[ 1551.920242][T18819]  do_one_initcall+0x236/0x820
[ 1551.925003][T18819]  do_initcall_level+0x137/0x1f0
[ 1551.929941][T18819]  do_initcalls+0x69/0xd0
[ 1551.934277][T18819]  kernel_init_freeable+0x3d9/0x570
[ 1551.939494][T18819]  kernel_init+0x1d/0x1d0
[ 1551.943833][T18819]  ret_from_fork+0x3fc/0x770
[ 1551.948431][T18819] page_owner free stack trace missing
[ 1551.953794][T18819] 
[ 1551.956108][T18819] Memory state around the buggy address:
[ 1551.961727][T18819]  ffff88802f5add80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1551.969783][T18819]  ffff88802f5ade00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1551.977837][T18819] >ffff88802f5ade80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1551.985895][T18819]                                      ^
[ 1551.991517][T18819]  ffff88802f5adf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1551.999570][T18819]  ffff88802f5adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1552.007617][T18819] ==================================================================
[ 1552.015665][T18819] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1552.022847][T18819] CPU: 0 UID: 0 PID: 18819 Comm: syz.6.2998 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1552.034903][T18819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1552.044954][T18819] Call Trace:
[ 1552.048227][T18819]  <TASK>
[ 1552.051155][T18819]  dump_stack_lvl+0x99/0x250
[ 1552.055747][T18819]  ? __asan_memcpy+0x40/0x70
[ 1552.060348][T18819]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1552.065551][T18819]  ? __pfx__printk+0x10/0x10
[ 1552.070154][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.075793][T18819]  panic+0x2db/0x790
[ 1552.079694][T18819]  ? __pfx_panic+0x10/0x10
[ 1552.084111][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.089747][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.095384][T18819]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1552.101297][T18819]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1552.107639][T18819]  ? print_memory_metadata+0x314/0x400
[ 1552.113107][T18819]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1552.118489][T18819]  check_panic_on_warn+0x89/0xb0
[ 1552.123445][T18819]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1552.128836][T18819]  end_report+0x78/0x160
[ 1552.133090][T18819]  kasan_report+0x129/0x150
[ 1552.137606][T18819]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1552.142995][T18819]  ? remove_wait_queue+0x24/0x120
[ 1552.148027][T18819]  __kasan_check_byte+0x2a/0x40
[ 1552.152892][T18819]  lock_acquire+0x8d/0x360
[ 1552.157309][T18819]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1552.162692][T18819]  ? task_work_add+0x281/0x420
[ 1552.167481][T18819]  _raw_spin_lock_irqsave+0xa7/0xf0
[ 1552.172702][T18819]  ? remove_wait_queue+0x24/0x120
[ 1552.177742][T18819]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1552.183652][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.189288][T18819]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1552.195193][T18819]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1552.201538][T18819]  remove_wait_queue+0x24/0x120
[ 1552.206406][T18819]  poll_freewait+0x17f/0x240
[ 1552.211009][T18819]  do_select+0x172f/0x17e0
[ 1552.215442][T18819]  ? do_select+0xc51/0x17e0
[ 1552.219969][T18819]  ? __pfx_do_select+0x10/0x10
[ 1552.224738][T18819]  ? rcu_is_watching+0x15/0xb0
[ 1552.229512][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.235145][T18819]  ? trace_sched_exit_tp+0x38/0x120
[ 1552.240343][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.245975][T18819]  ? __schedule+0x1713/0x4d00
[ 1552.250655][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.255360][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.260067][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.264757][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.269454][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.274149][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.278844][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.283541][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.288232][T18819]  ? __pfx_pollwake+0x10/0x10
[ 1552.292928][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.298574][T18819]  core_sys_select+0x6dd/0xa20
[ 1552.303357][T18819]  ? __pfx_core_sys_select+0x10/0x10
[ 1552.308669][T18819]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1552.314051][T18819]  __se_sys_pselect6+0x27a/0x300
[ 1552.319006][T18819]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1552.324480][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.330128][T18819]  ? rcu_is_watching+0x15/0xb0
[ 1552.334901][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.340537][T18819]  ? __x64_sys_pselect6+0x21/0xf0
[ 1552.345574][T18819]  do_syscall_64+0xfa/0x3b0
[ 1552.350081][T18819]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1552.355277][T18819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1552.361345][T18819]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1552.366980][T18819]  ? exc_page_fault+0x9f/0xf0
[ 1552.371657][T18819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1552.377549][T18819] RIP: 0033:0x7fa444b8e929
[ 1552.381966][T18819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1552.401576][T18819] RSP: 002b:00007fa4459c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1552.409995][T18819] RAX: ffffffffffffffda RBX: 00007fa444db5fa0 RCX: 00007fa444b8e929
[ 1552.417966][T18819] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1552.425935][T18819] RBP: 00007fa444c10ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1552.433903][T18819] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000
[ 1552.441870][T18819] R13: 0000000000000000 R14: 00007fa444db5fa0 R15: 00007ffccb799e18
[ 1552.449853][T18819]  </TASK>
[ 1552.453070][T18819] Kernel Offset: disabled
[ 1552.457397][T18819] Rebooting in 86400 seconds..