last executing test programs:

2m24.341832515s ago: executing program 2 (id=128):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x7fff, @rand_addr=' \x01\x00', 0x200000}, 0x1c)
shutdown(r0, 0x1)
getpeername(r0, 0x0, &(0x7f0000000000))

2m24.08123561s ago: executing program 2 (id=130):
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000280)={0x0, 0x0, 0x0, [], [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x400000000299, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x29ed, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})
r0 = add_key$user(&(0x7f0000000280), &(0x7f0000000000), &(0x7f00000000c0)="b8", 0x1, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f0000000340), 0x584, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={'crct10dif\x00'}})

2m23.983849446s ago: executing program 2 (id=132):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x0, {0x0, 0x0, 0x0, 0x9, 0x800000000000, 0x0, 0x0, 0x10, 0x1d, "2401010000000000000d0ec0c1b4e9b1c4369d03740250ceaac500b1b3d741dd17c1c50d38ef2a565ef1e85c58d36500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d20000000100", "24431a1e58a68e174f0000000000ef8a07580000000000002000", [0x5]}})
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x2, 0x0, 0x12, 0x10, 0x0, "c25f7e0d775e40aee623452107249fe0bdbfce2fe240da8dce81a69b0edc8960ad337200b16a3e508b8040c7bc6e583cc41170a13349e2cfcc4b64bd4fbf41ee", "a5526c3b6a46c15c42022ee6cc29fd6294b85056a50f5fdd31c4e8602a620ddbe9c5e3eba358cda906ddec304859946ea27fb0b97bb826884c3d749834ad1e6c", "412d226bd7dc8ce5783126ae76e309616391f73ea9c19b4a27828e2d00195a1f", [0x10000, 0x3]})

2m23.081547908s ago: executing program 2 (id=144):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000400)='./file0\x00', 0x2000202, &(0x7f0000000480)={[{@iocharset={'iocharset', 0x3d, 'cp860'}}, {@gid}, {@gid}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@uid}, {}, {@utf8}, {@anchor={'anchor', 0x3d, 0xf87a}}, {@umask={'umask', 0x3d, 0x70ed}}]}, 0x1, 0xc3b, &(0x7f0000001a40)="$eJzs3U9sHNd9B/DfG5LiSm4qJnYUJ42LTVuksmK5+hdTsQp3VdNsA8iyEIq5BeCKXKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgpYzOxbcUmRNi2KEmV9Pjb13Z15b/a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/cvHU6fSwWwEAPEiXx7526oz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7yWJqr3HbVL7YFbt8dHRrevdjhVNfuq8uVP7fSZs+e+/MLw+W5eas98QP377XPx2tjVi/WXZ2/OzbcWFlpT9fGZ9uTsVGvXR9hr/a1OVCegfvP1W1PXry/Uzzx/dtPu20PvDz5xbOjC8LMnn+mWHR8ZHR3bKFLrLd9/zw3p2GmGx6Eo4mSkeO77P0vNiChi7+ei9mDHfqvDVSdOVJ0YHxmtOjLdbs4sljuvdE9EEVHvqdTonqPtxyL6Bx5oH3bWiFgqm182+ETZvbG55nzz2nSrfqU5v9hebM/OXEmd1pb9qUcR51PEckSsDt59uIEooj9SfPfoWroWEX3d8/ClamLwzu0o9rGPu1C2sz4QsVw8AmN2gA1GEa9Gip+/czwm83WmutZ8MeLVMn8Y8VaZL0Wk8otxLuK9bb5HPJr6o4i/KMf/wlqaqq4H3evKpa/XvzpzfbanbPe68hHvD3ddKR7S/eHwlnwwDvi1qRZFNKsr/lq699/sAAAAAAAAAAAAAAAAAHC/HY4iPhspXvn3P67mFUc1L/3oheE/GPpE75zxpz/kOGXZ5yNiqdjdnNxDeWLglXQlpYc8l/hxVosi/iTP//v2w24MAAAAAAAAAAAAAAAAAADAY62In0aKF989npajd03x9syN+tXmtenOqrDdtX+7a6avr6+v11MnGzknUrV09PpSfr+ccyXnas4ocv2cjZwTOZdyLudcybmaM/py/ZyNnBM5l3Iu51zJuZqzbGVVP2cj50TOpZzLOVdyruaMA7J2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAx0kRRfwyUnznm2spUkQ0IiaikyuDD7t1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBpMBXxg0hR/8PGnW39EZGqfzuOl7+ci8ahMj8VjeEyX4rGxZzNKvsb334I7WdvBlIRP4kUg7W37wx4Hv+Bzrs7X4N461sb7z7X38m+7s6h9wefOHb0wvDorz+90+u0XQNOXGrP3LpdHx8ZHR3r2dyfP/1TPduG8ucW96frRMTCG2++3pyebs3f+4vyK7CH6o/Qi9T/uPTUi+pF9B+IZjycvvMYKO//70WK33n3P7o3/M79vxa/0nl35w4fv/jTjfv/i1sPtMv7f//Wevn+X97Tt7v/P9mz7cX8u5GB/oja4s25gWMRtYU33jzZvtm80brRmjl36tRXhoe/cvbUwKGI2vX2dKvn1X05XQAAAAAAAAAAAAAAAAAPTiri9yJF8ydrqR4Rt6v5WkMXhp89+Uxf9FXzrTbN235t7OrF+suzN+fmWwsLran6+Ex7cnaqtduPq1XTvcZHRvelMx/q8D63/3Dt5dm5N+bbN/5ocdv9R2oXry0szjcnt98dh6OIaPRuOVE1eHxktGr0dLs5U1W9su1k+o9uIBXxn5Fi8lw9fSFvy/P/t87w3zT/f2nrgfZp/v8ne7aVn5lSEb+IFL/9l0/HF6p2Hom7zlku97eR4sT5z+dycags121D57kCnZmBZdn/jRT/+MvNZbvzIZ/cKHt61yf2EVGO/9FI8YM//178Rt62+fkP24//ka0H2qfxf6pn25FNzyvYc9fJ438yUrz05Nvxm3nbBz3/o/vsjeO58J3nc+zT+H+6Z9tQ/tzfuj9dBwAAAAAAAAAAeKQNpCL+LlL8aLQ/vZC37ebv/01tPdA+/f2vz/Rsm7o/6xV96Is9n1QAAAAAOCAGUhE/jRQ3Ft++M4d68/zvnvmfv7sx/3Mkbdlb/Tnfr1bPDbiff/7Xayh/7sTeuw0AAAAAAAAAAAAAAAAAAAAHSkpFvJDXU5+o5vNP7bie+kqkeOW/n8vl0rGyXHcd+KHq19rl2ZmTF6enZyebi81r06362FxzslXWfSpSrP3N53PdolpfvbvefGeN94212Ocjxejfd8t21mLvrk3+VLfsUut0WfaTkeK//mFz2e461p/eOO6ZsuxfR4pv/PP2ZY9tlD1blv1epPjxN+rdskfKst3no35mo+zzk7PFPowKAAAAAAAAAAAAAAAAAAAAj5uBVMSfRYr/ubl8Zy5/Xv9/oOdt5a1v9az3v8Xtap3/oWr9/51e38v6/9VzBZZ2+lQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh4SlHEm5Fi7vJaWhks33fULrVnbt0eHxndvtrhVNXsq8qXP7XTZ86e+/ILw+e7+cH177fPxmtjVy/WX569OTffWlhoTdXHZ9qTs1OtXR9hr/W3OlGdgPrN129NXb++UD/z/NlNu28PvT/4xLGhC8PPnnymU/YT9fGR0dGxnjL9A/f86XdJO2w/FEX8VaR47vs/Sz8ajChi7+fiQ747++1w1YkTVSfGR0arjky3mzOL5c4r3RNRRNR7KjW65yiP236OxZ40IpbK5pcNPlF2b2yuOd+8Nt2qX2nOL7YX27MzV1KntWV/6lHE+RSxHBGrg3cfbiCKeD1SfPfoWvqXwYi+7nn40uWxr506s3M7in3s4y6U7awPRCwXHzRm23SYTQajiH+KFD9/53j862BEf3R+4osRr5b5w4i3ojPeqfxinIt4z2n92OiPIv6vHP8La+mdwfJ60L2uXPp6/asz12d7ynavK4/8/SEe4MX8gN9PalHEj6sr/lr6N/9dAwAAAAAAAAAAAAAAABwgRfxapHjx3eOpmh98Z05xe+ZG/Wrz2nRnWl937l93zvT6+vp6PXWykXMi51LO5ZwrOVdzRpHr52yUWVtfn8jvl3Iu51zJuZoz+nL9nI2cEzmXci7nXMm5mjP6c/2cjZwTOZdyLudcybma80FOHwQAAAAAAAAAAAAAAAAAAB4fRfVPiu98cy2tD1brS/d1961YD/Rj7/8DAAD//15I9Mo=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

2m22.510487582s ago: executing program 2 (id=146):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='contention_end\x00'}, 0x18)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="030b000000000000f3ff0d"], 0x14}}, 0x0)

2m21.813052952s ago: executing program 2 (id=147):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000005700)=ANY=[@ANYBLOB="6e6f657874656e745f63616368652c6a71666d743d7666736f6c642c6e6f71756f74612c6e6f71756f74612c66617374626f6f742c6e6f696e6c696e655f64656e7472792c6a71666d743d76667376312c6673796e635f6d6f64653d7374726963742c6772706a71756f74613d278c006c6c6f635f6d6f64653d64656661756c742c696e6c696e655f78617474722c00a2b4db502b6ba8210424f7f797a6ddd50d26e73f72a841707ea019cc81c223d959a991615e17b58a4e3ec9b2e54b87aafbaf0036421993a261bd97b95beab3b8db73ad782b6009737439da6f1d157405f23efa22e2b774ebcf1fbf96b0f516775ed21aecaa6ba0f6d45e71"], 0x1, 0x550f, &(0x7f00000001c0)="$eJzs3M9rI+UbAPAn7XZ/f/dbxIO3HViEFjZh0x+L3qru4g/sUlY9eNI0SUN2k0xp0rT25MGjePA/EQVPHv0bPHj2Jh4Ub0IlM1PdqgtC08RtPx+YPPO+efPM84Zl4ZkpCeDcmk9+/bkUN+JKRMxGxPWI7LxUHJm1PLwQETcjYuaJo1TM/zFxMSKuRsSNUfI8Z6l46/Pbw1urP731yzffXbpw7Yuvv5/eroFpezEiutv5+V43j2krj4+K+dqwncXuyrCI+Rvdx8U4zeNeczPLsFc7WlfL4nIrX59u7/ZHcatTq49iq72VzW/38gv2h62jPNkHHtV2snGjuZnFdj/NYusgr2v/IP+/7aA/yPM0inwfZeljMDiK+Xxzv5nvZ/txFuu9QTGf500bzf1RHBaxuFzU004jq2PzJN/0f9vb7d7ufjJs7vTbaS9ZrVRfqlTvlqs7aaM5aK6Ua93G3ZVkodUZLSsPmrXuWitNW51mpZ52F5OFVr1erlaThXvNzXatl1SrleXKnfLqYnF2O3n9wXtJp5EsjOKr7d7uoN3pJ1vpTpJ/YjFZqiy/vJjcqibvrG8kGw/v31/feDfuvf/glfU3XysW/a2sZGHpztJSuXqnvFRdPIP7/+Ap+/+kKHqM+4cTKU27AIBnj/4fmIbT6/93HsbhYTZ/mv1/6P/HYlz97+Ek+t/z3v+fwv7hRPT/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1g9zX76Rnczn42vF/P+KqeeKcSkiZiLi8B/MxsVjOWeLPHNPWT/3lxq+LUWWYXSNS8VxNSLWiuO3/5/2twAAAABn11cf3/ws79bzl/lpF8Qk5TdtZq5/OKZ8pYiYm/9xTNlmRi/PjylZ9u/7QuyPKVt2A+vymJLlt9wujCvbvzJ7LFx+IpTyMDPRcgAAgIk43glMtgsBAABgkj6ddgFMRymOHmUePQvO/vL+zweCV46NAAAAgGdQadoFAAAAAKcu6//9/h8AAACcbfnv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/M7O/dyoDURxAH62cSD/FBTlnla4QRkpIcccIwpIE5RAWkgD1EBuKSGCFR4vWlbsaiWP7d3V90kwjAU/ZhA+zBtpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjT33q7+v3z66+uOYdjN3lmAwAAAFyzr7er5sU89d+31z+2lz63/SIiyoi4tnav4s1FZtXm1A+8v743hj8RTcLpO6bt411ELKqIRUT8/9T3rwAAAACv1269WabVenqajz0ghpSKNuWHb5nyioio5/8ypZWnvC+Zwpr/9yR+ZEprClizTGGp5DbJlfYkze1+rtrN7jRFasrHP59t7gAAwICqi2bYVQgAAABD+j72ABhHEbdbmeetwGlq2u29txc9AAAA4AUqxh4AAAAA0Ltm/f+sz/8L5/8BAABAV+n8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPq0r7er3Xqz7JpzOHaTZzYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3LA/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb373l/8TU+NMMvfaWHoeSdZOja1TY+/cOPrD+Po1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAX/e6X/xNT40wyd9pYOh5J1q4aW1eNvQeNowfj7d8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc79u0ZSxQEAfzOzs/FOxTXKFhFRsNDGy+2dd14nFkqw8E8QQm7vjLcqnim84xDS2Enqa0RLEUGJ3f0PVyeQJnYptohgYbUyszPJ5Ae4/prZZD8fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKXh24dxkh064zguzm3tP1jJ+u1jfebRxs5C1rI4qjPps+HF6oeo21wiAAAAzI6krO9DCLvp5lLWx528/k/La7Ka/9unx3FZzx+v+8u+rP2z9svPe88fDNQZj5Pd9NbqoH/5ZCqt/2+W0+2Zv7yilT/5/N1Lkn8h8Xvrzw3T/HlGXz9+/E47D+fqyBYA+CculX0RlL8PZX2vycQAmBmtSuFd1v9Jp9mcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOowXA9PlnEUQlhoHcaZ7f0HK6f1jzZ2Fsp2/eHDjeo9s1ukIYRbq4P+5RrnMu0+v3f/zvJg0L9bf/BSCKGp0d8qpn/ngwkuDqGR5yP4j4K4+LKnJZ+zETT4QwkAgHMpLVpW1++mm0vZuWg+hNF3R+v/VytxmLD+3/vw+lZ1rGr936tthg2am+yyxbU/RqPRvfuvr368fLt/u//JG1d6b/au3rh27cZi/q5k0RsTAAAA/p120ar1fzx/cv3/YiUOE9b/n33T+7I6VjJr9f+EDhf9ms4EAABgtj378u+/Raecj9rt8MXy2trd3vh48PnK+NhAqn/bXNGq9X8y33RWAAAAQB2G69GR9f+blThMuP7/1Pcv/Fi9ZxJCuFCs/19a+XRws77pTLU6/py46TkCAADQrAtFq67/p/n+//hgy0McQnjtlXFc/BvAier/5N2vfqiOVd3/f7W+KU6luDt+HnnfDaHVbTojAAAAzrMnipYV+7+mm0sf/XTx/bb9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1+zMAAP//H1NCtw==")
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fadvise64(r0, 0x0, 0x1, 0x4)

2m21.519917449s ago: executing program 32 (id=147):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000005700)=ANY=[@ANYBLOB="6e6f657874656e745f63616368652c6a71666d743d7666736f6c642c6e6f71756f74612c6e6f71756f74612c66617374626f6f742c6e6f696e6c696e655f64656e7472792c6a71666d743d76667376312c6673796e635f6d6f64653d7374726963742c6772706a71756f74613d278c006c6c6f635f6d6f64653d64656661756c742c696e6c696e655f78617474722c00a2b4db502b6ba8210424f7f797a6ddd50d26e73f72a841707ea019cc81c223d959a991615e17b58a4e3ec9b2e54b87aafbaf0036421993a261bd97b95beab3b8db73ad782b6009737439da6f1d157405f23efa22e2b774ebcf1fbf96b0f516775ed21aecaa6ba0f6d45e71"], 0x1, 0x550f, &(0x7f00000001c0)="$eJzs3M9rI+UbAPAn7XZ/f/dbxIO3HViEFjZh0x+L3qru4g/sUlY9eNI0SUN2k0xp0rT25MGjePA/EQVPHv0bPHj2Jh4Ub0IlM1PdqgtC08RtPx+YPPO+efPM84Zl4ZkpCeDcmk9+/bkUN+JKRMxGxPWI7LxUHJm1PLwQETcjYuaJo1TM/zFxMSKuRsSNUfI8Z6l46/Pbw1urP731yzffXbpw7Yuvv5/eroFpezEiutv5+V43j2krj4+K+dqwncXuyrCI+Rvdx8U4zeNeczPLsFc7WlfL4nIrX59u7/ZHcatTq49iq72VzW/38gv2h62jPNkHHtV2snGjuZnFdj/NYusgr2v/IP+/7aA/yPM0inwfZeljMDiK+Xxzv5nvZ/txFuu9QTGf500bzf1RHBaxuFzU004jq2PzJN/0f9vb7d7ufjJs7vTbaS9ZrVRfqlTvlqs7aaM5aK6Ua93G3ZVkodUZLSsPmrXuWitNW51mpZ52F5OFVr1erlaThXvNzXatl1SrleXKnfLqYnF2O3n9wXtJp5EsjOKr7d7uoN3pJ1vpTpJ/YjFZqiy/vJjcqibvrG8kGw/v31/feDfuvf/glfU3XysW/a2sZGHpztJSuXqnvFRdPIP7/+Ap+/+kKHqM+4cTKU27AIBnj/4fmIbT6/93HsbhYTZ/mv1/6P/HYlz97+Ek+t/z3v+fwv7hRPT/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1g9zX76Rnczn42vF/P+KqeeKcSkiZiLi8B/MxsVjOWeLPHNPWT/3lxq+LUWWYXSNS8VxNSLWiuO3/5/2twAAAABn11cf3/ws79bzl/lpF8Qk5TdtZq5/OKZ8pYiYm/9xTNlmRi/PjylZ9u/7QuyPKVt2A+vymJLlt9wujCvbvzJ7LFx+IpTyMDPRcgAAgIk43glMtgsBAABgkj6ddgFMRymOHmUePQvO/vL+zweCV46NAAAAgGdQadoFAAAAAKcu6//9/h8AAACcbfnv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/M7O/dyoDURxAH62cSD/FBTlnla4QRkpIcccIwpIE5RAWkgD1EBuKSGCFR4vWlbsaiWP7d3V90kwjAU/ZhA+zBtpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjT33q7+v3z66+uOYdjN3lmAwAAAFyzr7er5sU89d+31z+2lz63/SIiyoi4tnav4s1FZtXm1A+8v743hj8RTcLpO6bt411ELKqIRUT8/9T3rwAAAACv1269WabVenqajz0ghpSKNuWHb5nyioio5/8ypZWnvC+Zwpr/9yR+ZEprClizTGGp5DbJlfYkze1+rtrN7jRFasrHP59t7gAAwICqi2bYVQgAAABD+j72ABhHEbdbmeetwGlq2u29txc9AAAA4AUqxh4AAAAA0Ltm/f+sz/8L5/8BAABAV+n8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPq0r7er3Xqz7JpzOHaTZzYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3LA/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb373l/8TU+NMMvfaWHoeSdZOja1TY+/cOPrD+Po1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAX/e6X/xNT40wyd9pYOh5J1q4aW1eNvQeNowfj7d8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc79u0ZSxQEAfzOzs/FOxTXKFhFRsNDGy+2dd14nFkqw8E8QQm7vjLcqnim84xDS2Enqa0RLEUGJ3f0PVyeQJnYptohgYbUyszPJ5Ae4/prZZD8fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKXh24dxkh064zguzm3tP1jJ+u1jfebRxs5C1rI4qjPps+HF6oeo21wiAAAAzI6krO9DCLvp5lLWx528/k/La7Ka/9unx3FZzx+v+8u+rP2z9svPe88fDNQZj5Pd9NbqoH/5ZCqt/2+W0+2Zv7yilT/5/N1Lkn8h8Xvrzw3T/HlGXz9+/E47D+fqyBYA+CculX0RlL8PZX2vycQAmBmtSuFd1v9Jp9mcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOowXA9PlnEUQlhoHcaZ7f0HK6f1jzZ2Fsp2/eHDjeo9s1ukIYRbq4P+5RrnMu0+v3f/zvJg0L9bf/BSCKGp0d8qpn/ngwkuDqGR5yP4j4K4+LKnJZ+zETT4QwkAgHMpLVpW1++mm0vZuWg+hNF3R+v/VytxmLD+3/vw+lZ1rGr936tthg2am+yyxbU/RqPRvfuvr368fLt/u//JG1d6b/au3rh27cZi/q5k0RsTAAAA/p120ar1fzx/cv3/YiUOE9b/n33T+7I6VjJr9f+EDhf9ms4EAABgtj378u+/Raecj9rt8MXy2trd3vh48PnK+NhAqn/bXNGq9X8y33RWAAAAQB2G69GR9f+blThMuP7/1Pcv/Fi9ZxJCuFCs/19a+XRws77pTLU6/py46TkCAADQrAtFq67/p/n+//hgy0McQnjtlXFc/BvAier/5N2vfqiOVd3/f7W+KU6luDt+HnnfDaHVbTojAAAAzrMnipYV+7+mm0sf/XTx/bb9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1+zMAAP//H1NCtw==")
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fadvise64(r0, 0x0, 0x1, 0x4)

1m43.385777464s ago: executing program 3 (id=401):
r0 = syz_io_uring_setup(0x3d1a, &(0x7f0000000680)={0x0, 0x0, 0x80, 0x3}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x11c3, 0xd48d, 0xf, 0x0, 0x0)
io_uring_enter(r0, 0x47fa, 0x30000000, 0x0, 0x0, 0x0)

1m42.241602881s ago: executing program 3 (id=405):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)

1m41.886409871s ago: executing program 3 (id=407):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000800)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=@bridge_getvlan={0x20, 0x72, 0x7e3bfe4fa73db39f, 0x0, 0xec0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x20}}, 0x0)

1m41.56501386s ago: executing program 3 (id=408):
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x2000040, &(0x7f0000000700)=ANY=[@ANYBLOB='gid=forget,umask=00000000000000000000003,gid=', @ANYRESDEC=0x0, @ANYBLOB=',session=00000000000000043620,gid=ignore,iocharset=euc-jp,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c6164696e6963622c6d6f64653d30303030303030303030303030303030303030303030332c6e6f7374726963742c009b801a9990a34c426430bf3757fbcea5d9a21b29b4ae2c6d10e74873111016bc74ff654722640a72d8cc5e210fef2b359e9e61ade82c60025773de99df3af6548534bfdef68d88ae15c726"], 0xfe, 0xc2d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r0, &(0x7f0000003040)={0x2020}, 0x2032)

1m40.761152376s ago: executing program 3 (id=418):
setresuid(0xee01, 0xee01, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0xa00a14, &(0x7f0000000080)=ANY=[], 0x1, 0x322, &(0x7f0000000580)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT72W/ge97EE8ehN29x/wsrfdy1725mVhDyuL7CyZH5roJO6OZqPr9wMy78zzPOP7khieCc4c/vjvb7WKrVeMlsTTSmIiIkcieYlLIOZv4+44Jd225fOJZw8/Xlxe+a5YKs0uKDVXXPqyoJTKTd39/c+Mn7Y/Lgf5nw+fFp4cvH/w4eHLpV+rtqraqt5oKUOtNh63jFXLVOtVu6YrNW+Zhm2qat02m1684cUrVmNjo62M+vpkdqNp2rYy6m1VM9uq1VCtZlsZvxjVutJ1XU1mJUwq9OhtVd5ZWDCKEYvXrngyiOqF4zgDwk6saCREJHMuUt4Z6rwAAMC1dKb/T7gtfaT+X3Ju/99JPu3/dz+535r4YS/n9//7qbD+/6tH3rl6+v+0iFxp/58OWf35jujG23qT5Ev1/7geps5f08Z69prNopH1/35df/+0O+0O6P8BAAAAAAAAAAAAAAAAAAAAALgJjhxHcxxHC7b+zxenGd6xUc4Rw9Pn9dfG/Tumgv1RzxPDsbi8Imn3xr1kTsT6Z7O8Wfa2fjxInBZNjt33g68zDu48Uh15uWdt+fVbm+WEGylWpCqWmDIjmuTP1jvO3Lel2Rnl6a0fk2x3fUE0eS+8vhBan5LPPu2q10WTB2vSEEvWO+/rY+ek/q8Zpb75vnSmPuPmAQAAAADwLtDVidDrd13vF/fqT66ve78fEOm6Pp8OvT5Pah8lR7t2AAAAAABuC7v9R82wLLM5YJCRi3OiD5LRyscG5SS6VtgTku2+S075Twge3koHDIJ/pKilukJp+d8/HOXMwfqHM+e4RKmaEmfcm9VlfnvwtVG/HJkf9uuV7BP64L87z6OdOeY/tbc79PVe+oKVDm0w9lofHk7ikp8+AAAAAN6moOnP2O5ubNTzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNhrwGLDkVT1ObNRrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6LVwEAAP//mxn/6g==")
mlockall(0x7)

1m38.454131851s ago: executing program 3 (id=436):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x5)
r1 = dup(r0)
ioctl$SIOCSIFHWADDR(r1, 0x8925, &(0x7f0000002640)={'veth1\x00', @random="76f64c34b99d"})

1m37.941771051s ago: executing program 33 (id=436):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x5)
r1 = dup(r0)
ioctl$SIOCSIFHWADDR(r1, 0x8925, &(0x7f0000002640)={'veth1\x00', @random="76f64c34b99d"})

8.228786352s ago: executing program 6 (id=1161):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

8.073236711s ago: executing program 6 (id=1164):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
flistxattr(0xffffffffffffffff, 0x0, 0x0)

6.71831373s ago: executing program 6 (id=1179):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000e00)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local, {[@rr={0x7, 0x17, 0x12, [@private, @broadcast, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

6.490199473s ago: executing program 6 (id=1184):
syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file0\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@nfs_export_on}], [], 0x2c})

5.188182048s ago: executing program 6 (id=1193):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0)
mprotect(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0)
mprotect(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0)

4.357158067s ago: executing program 6 (id=1198):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000080)={0x0, 0x5, 0x1, "fd"}, 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x23, &(0x7f0000000340)={0x0, 0x5}, 0x8)

4.017381127s ago: executing program 34 (id=1198):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000080)={0x0, 0x5, 0x1, "fd"}, 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x23, &(0x7f0000000340)={0x0, 0x5}, 0x8)

4.012710587s ago: executing program 0 (id=1200):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x200000000000011, 0x2, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000380)={0x5, 0x5}, 0x0)
ioctl$sock_SIOCGSKNS(r0, 0x894c, 0x0)

3.993974288s ago: executing program 5 (id=1202):
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0xa000c8, &(0x7f00000006c0)=ANY=[], 0xfd, 0x1bf, &(0x7f0000000940)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
mount$nfs(&(0x7f0000000100)='.5.', 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)

3.860390636s ago: executing program 0 (id=1204):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x4e22, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000980)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000300000002000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000002000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x210)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @private=0x4000000}}}, 0x108)

3.637471859s ago: executing program 5 (id=1206):
syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902"], 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x803, 0x0)
unshare(0x4020400)
pselect6(0x40, &(0x7f0000000180)={0x1f, 0x0, 0x3ff, 0x0, 0x9}, 0x0, 0x0, 0x0, 0x0)

3.513652736s ago: executing program 0 (id=1207):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000307000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000299000/0x4000)=nil)
madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

3.08890693s ago: executing program 1 (id=1218):
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYRES32=0x0], 0x1, 0x14fb, &(0x7f0000001580)="$eJzs3QnYjtXWOPC19t43L0lPknmvvW6eZNgkSYYkGZIkSZJMCUmSJCHxkikJScicZA7JFG8yz1PmJDmSJEkSkuz/peE45+t8V+d855x/33fe9buu+3r2uva99r33s973uYfrHb7sOLhq/WqV6jIz/FPw55dUAEgBgH4AcAUARABQKlupbBf7M2lM/ecOIv617pv2R89A/JGk/umb1D99k/qnb1L/9E3qn75J/dM3qX/6JvUXIj3bOj33lbKl3+2ff/6f8vOLPP//P0jO/+mb1P8/zalM/8jeUv//JBdCCP9YhtQ/fZP6p29S//RN6p++Sf3TN6m/EOnZH/38WbY/dvujv/6EEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQqQPZ8MlBgB+bf/R8xJCCCGEEEIIIcS/Tsj4R89ACCGEEEIIIYQQ/34ICjQYiCADZIQUyASZ4TLIApdDVrgCEnAlZIOrIDtcDTkgJ+SC3JAH8kI+sEDggCGG/FAAknANFIRroRAUhiJQFDwUg+JwHZSA66Ek3ACl4EYoDTdBGSgL5aA83AwV4BaoCLdCJbgNKkMVqArV4HaoDndADbgTasJdUAvuhtpwD9SBe6Eu3Af14H6oDw9AA3gQGkIjaAxNoOn/KP9Z6ArPQTfoDqnQA3rC89ALekMf6Av94AXoDy/CAHgJBsIgGAwvwxB4BYbCqzAMhsMIeA1GwigYDWNgLIyD8fA6TIA3YCK8CZNgMkyBqTANpsMMeAtmwiyYDW/DHHgH5sI8mA8LYCG8C4tgMaTBe7AE3oelsAyWwwpYCatgNayBtbAO1sMG2AibYDNsga3wAWyD7bADdsIu2A174EPYCx/BPvgY9sMn/2D+mf+S3wkBARUqNGgwA2bAFEzBzJgZs2AWzIpZMYEJzIbZMDtmxxyYA3NhLsyDeTAf5kNCQkbG/Jgfk5jEglgQC2EhLIJF0KPH4lgcS+D1WBJLYikshaWxNJbBslgWy2N5rIAVsCJWxEpYCStjZayKVfF2vB3vwBpYA2tiTayFtbA21sY6WAfrYl2sh/WwPtbHBtgAG2JDbIyNsSk2xWbYDJtjc2yJLbEVtsLW2BrbYBtsi22xHbbD9tgeO2AH7IgdsRN2xs74LD6Lz+Fz2B0rqx7YE3tiL+yFfbAv9sUXsD++iC/iSzgQB+FgfBlfxldwKJ7GYTgcR+AIrKBG4Wgcg6zG4XgcjxNwAk7EiTgJJ+NknIrTcDrOwBk4E2fhLHwb5+A7+A7Ow3m4ABfiQlyEizEN03AJnsGluAyX4wpciatwJa7BtbgG1+MGXI+bcBNuwS34AX6A23E77sSduBt344f4IX6EH+FA3I/78QAewIN4EA/hITyMh/EIHsGjeBSP4TE8jsfxBH6DJ/EbPIWn8DSewbN4Fs/hOTyP5/ECXrj4za8uMsqoDCqDSlEpKrPKrLKoLCqryqoSKqGyqWwqu8qucqgcKpfKpfKoPCqfyqdIkWIVq/wqv0qqpCqoCqpCqpAqoooor7wqroqrEqqEKqlKqlLqRlVa3aTKqLKqhS+vyqsKqqWvqG5VlVQlVVlVUVVVNVVNVVfVVQ1VQ9VUNVUtVUvVVveoOqoH9sH71MXK1FeDsIEajA1VI9VYNVGv4EOqmRqKzVUL1VI9oobjMGytmvk26nHVVo3GdupJNQafUh3UOOyonlGdVGfVRT2ruqrmvpvqriZhD9VTTcVeqrfqo/qqmVhFXaxYVfWSGqgGqcHqZbUAX1FD1atqmBquRqjX1Eg1So1WY9RYNU6NV6+rCeoNNVG9qSapyWqKmqqmqelqhnpLzVSz1Gz1tpqj3lFz1Tw1Xy1QC9W7apFarNLUe2qJel8tVcvUcrVCrVSr1Gq1Rq1V69R6tUFtVJvUZrVFbVUfqG1qu9qhdqpdarfaoz5Ue1UmAPhY7VefqAPqT+qg+lQdUp+pw+pzdUR9oY6qL9Ux9ZU6rr5W+pdP+VPqO3VanVFn1ffqnPpBnVc/qgsqKNColdba6Ehn0Bl1is6kM+vLdBZ9uc6qr9AJfaXOpq/S2fXVOofOqXPp3DqPzqvzaatJO8061vl1AZ3U1+iC+lpdSBfWRXRR7XUxXVxfp0vo63VJfYMupW/UpfVNuowuq8vp8vpmXUHfoivqW3UlfZuurKvoqrqavl1X13foGvpOXVPfpWvpu3VtfY+uo+/VdfV9up6+X9fXD+gG+kHdUDfSjXUT3VQ/pJvph3Vz3UK31I/oVvpR3Vo/ptvox3Vb/YRup5/U7fVTuoN+WnfUz+hOurPuon/UF3TQ3XR3nap76J76ed1L99Z9dF/dT7+g++sX9QD9kh6oB+nB+mU9RL+ih+pX9TA9XI/Qr+mRepQercfosXqcHq9f1xP0G3qiflNP0pP1FD1VT9PTdZ9fRpr9d+S/8TfyB/x09C16q/5Ab9Pb9Q69U+/Su/UevUfv1Xv1Pr1P79f79QF9QB/UB/UhfUgf1of1EX1EH9VH9TF9TB/Xx/UJ/Y3+Xn+rT+nv9Gl9Rp/R3+tz+pw+/8t7AAaNMtoYE5kMJqNJMZlMZnOZyWIuN1nNFSZhrjTZzFUmu7na5DA5TS6T2+QxeU0+Yw0ZZ9jEJr8pYJLmGlPQXGsKmYwAUNR4U8wUN9f9D/ILmyLmUv7vza+paWqamWamuWluWpqWppVpZVqb1qaNaWPamramnWln2pv2poPpYDqajqaT6WS6mC6mq+lqAgCkmlTT0zxvepnepo/pa/qZF0x/098MMAPMQDPQDDaDzRAzxAw1Q80wM8yMMCPMSDPSjDajzVgz1ow3480EM8FMNBPNJDPJTDFTzDQzzcwwM8xMM9PMNrPNHDPHzDVzzXwz3yw0C80is8ikmTSzxCwxS80ys8ysMCvMKrPKrDFrzDqzzmwwG8wms8ksNb/+gOYOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDQnzSlzypw2p81Zc9acM+fMeXPeXDAXLl72RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo6ujHFHOKFeUO8oT5Y3yRTaiyEUcxVH+qECUjK6JCkbXRoWiwlGRqGjko2JR8ei6qER0fVQyuiEqFd0YlY5uispEZaNyUfno5qhCdEtUMbo1qhTdFlWOqkRVo2rR7VH16I6oRnRnVDO6K6oV3R3Vju6J6kT3RnWj+6J60f1R/eiBqEH0YNQwahQ1jppETf+l44dwOufDvpvtblNtD9vTPm972d62j+1r+9kXbH/7oh1gX7ID7SA72L5sh9hX7FD7qh1mh9sR9jU70o6yo+0YO9aOs+Pt63aCfcNOtG/aSXaynWKn2ml2up1h37Iz7Sw7275t59h37Fw7z863C+xC+65dZBfbNPueXWLft0vtMrvcrrAr7Sq72q6xa+06u95usBvtJrvZbrFb7Qd2m91ud9iddpfdbffYD+1e+5HdZz+2++0n9oD9kz1oP7WH7Gf2sP3cHrFf2KP2S3vMfmWP26/tCfuNPWm/tafsd/a0PWPP2u/tOfuDPW9/tBdsuHhxf/H0ToYMZaAMlEIplJkyUxbKQlkpKyUoQdkoG2Wn7JSDclAuykV5KA/lo3x0ERNTfspPSUpSQSpIhagQFaEi5MlTcSpOJagElaSSVIpKUWkqTWWoDJWji2eqm+kWuoVupVvpNrqNqlAVqkbVqDpVpxpUg2pSTapFtag21aY6VIfqUl2qR/WoPtWnBtSAGlJDakyNqSk1pWbUjJpTc2pJLakVtaLW1JraUBtqS22pHbWj9tSeOlAH6kgdqRN1oi7UhbpSV+pG3SiVUqkn9aRe1Iv6UB/qR/2oP/WnATSABtJAGkyDaQgNoaE0lIbRcBpBr9FIGkWjaQyNpXE0nsbTBJpAE2kiTaJJNIWm0DSaRjNoBs2kmTSbZtMcmkNzaS7Np/m0kBbSIlpEaZRGS2gJLaWltJyW00paSatpNa2ltbSe1tNG2kibaTNtpa20jbbRDtpBu2gX7aE9tJf20j7aR/tpPx2gA3SQDtIhOkSH6TAdoSN0lI7SMTpGx+k4naATeJJO0ik6RafpNJ2ls3SOfqDz9CNdoEApLpPL7C5zWdzlLqu7wqW4TN0B4M9xLpfb5XF5XT5nXQ6X869ics4VcoVdEVfUeVfMFXfX/SYu48q6cq68u9lVcLe4ir+Jq7s7XA13p6vp7nLV3O1/Fddyd7va7gFXxz3o6rpGrp5r4uq7B1wD96Br6Bq5xq6Ja+Ueda3dY66Ne9y1dU/8Jl7kFru1bp1b7za4ve4jd9Z97466L90594Pr5rq7fu4F19+96Aa4l9xAN+g38Qj3mhvpRrnRbowb68b9Jp7iprppbrqb4d5yM92s38QL3btujktzc908N98t+Cm+OKc0955b4t53S90yt9ytcCvdKrfarfnzXFe4TW6z2+L2uA/dNrfd7XA73S63+6f44jr2uY/dfveJO+K+cAfdp+6QO+YOu89/ii+u75j7yh13X7sT7ht30n3rTrnv3Gl35qf1X1z7t+5Hd8EFB4ysWLPhiDNwRk7hTJyZL+MsfDln5Ss4wVdyNr6Ks/PVnINzci7OzXk4L+djy8SOmWPOzwU4yddwQb6WC3FhLsJF2XMxLs7XcQm+nkvyDVyKb+TSfBOX4bJcjsvzzVyBb+GKfCtX4tu4MlfhqlyNb+fqfAfX4Du5Jt/Ftfhurs33cB2+l+vyfVyP7+f6/AA34Ae5ITfixtyEm/JD3Iwf5ubcglvyI9yKH+XW/Bi34ce5LT/B7fhJbs9PcQd+mjvyM9yJO3MXfpa78nPcjbtzKvfgnvw89+Le3If7cj9+gfvzizyAX+KBPIgH88s8hF/hofwqD+PhPIJf45E8ikfzGB7L43g8v84T+A2eyG/yJJ7MU3gqT+PpPIPf4pk8i2fz2zyH3+G5PI/n8wJeyO/yIl7MafweL+H3eSkv4+W8glfyKl7Na3gtr+P1vIE38ibezFt4K3/A23g77+CdvIt38x7+kPfyR7yPP+b9/Akf4D/xQf6UD/FnfJg/5yP8BR/lL/kYf8XH+Ws+wd/wSf6WT/F3fJrP8Fn+ns/xD3yef+QLHBhijFWsYxNHcYY4Y5wSZ4ozx5fFWeLL46zxFXEivjLOFl8VZ4+vjnPEOeNcce44T5w3zhfbmGIXcxzH+eMCcTK+Ji4YXxsXigvHReKisY+LxcXj6+IS8fVxyfiGuFR8Y1w6vikuE5eNy8Xl45vjCvEtccX41rhSfFtcOa4SV42rxbfH1eM74hrxnXHN+K64ZHx3XDu+J64T3xvXje+L68X3x/XjB+IG8YNxw7hR3DhuEjeNH4qbxQ/HzeMWccv4kbhV/GjcOn4sbhM/HreNn/jd/tS4R9wzfj5+Pg7hTj0/uSC5MPluclFycTIt+V5ySfL95NLksuTy5IrkyuSq5OrkmuTa5Lrk+uSG5MbkpuTm5JZkCNUygkevvPbGRz6Dz+hTfCaf2V/ms/jLfVZ/hU/4K302f5XP7q/2OXxOn8vn9nl8Xp/PW0/eefaxz+8L+KS/xhf01/pCvrAv4ot674v54r6Jb+qb+mb+Yd/ct/At/SP+Ef+of9Q/5h/zj/u2/gnfzj/p2/unfAf/tH/aP+M7+c6+i3/Wd/XP+W6+u0/1qb6n7+l7+V6+j+/j+/l+vr/v7wf4AX6gH+gH+8F+iB/ih/qhfpgf5kf4EX6kH+lH+9F+rB/rx/vxfoKf4Cf6iX6Sn+Sn+Cl+mp/mZ/gZfqaf6Wf72X6On+Pn+rl+vp/vF/qFfpFf5NN8ml/il/ilfqlf7pf7lX6lX+1X+7V+rV/v1/uNfqPf7Df7rX6r3+a3+R1+h9/ld/k9fo/f6/f6fX6f3+/3+wP+gD/oD/pD/jN/2H/uj/gv/FH/pT/mv/LH/df+hP/Gn/Tf+lP+O3/an/Fn/ff+nP/Bn/c/+gs++PGJ1xMTEm8kJibeTExKTE5MSUxNTEtMT8xIvJWYmZiVmJ14OzEn8U5ibmJeYn5iQWJh4t3EosTiRFrivcSSxPuJpYllieWJFYmViVWJEPJui0P+UCAkwzWhYLg2FAqFQ5FQNPhQLBQP14US4fpQMtwQSoUbQ+lwUygTyoZy4cHQMDQKjUOT0DQ8FJqFh0Pz0CK0DI+EVuHR0Do8FtqEx0Pb8ERoF54M7cNToUN4OnQMz4ROoXPoEp4NXcNzoVvoHlJDj9AzPB96hd6hT+gb+oUXQv/wYhgQXgoDw6AwOLwchoRXwtDwahgWhocR4bUwMowKo8OYMDaMC+PD62FCeCNMDG+GSWFymBKmhmlhepgR3gozw6wwO7wd5oR3wtwwL8wPC8LC8G5YFBaHtPBeWBLeD0vDsrA8rAgrw6qwOqwJa8O6sD5sCBvDprA5bAlbwwdhW9gedoSdYVfYHfaED8Pe8FHYFz4O+8Mn4UD4UzgYPg2HwmfhcPg8HAlfhKPhy3AsfBWOh6/DifBNOBm+DafCd+F0OBPOhu/DufBDOB9+DBfkd9aEEEIIIf4u+nf6e/w3OeqXdk8AuHx77sP/tX9jjp/bvTPmaZUAgMe7d7zv161y5dTU1F/2XaohKjAPABKX8jPApXgZtIRHoQ20gBJ/7k/5i2P1Vp3P8e+Mn7wRIPNf5FzM/zW+NP71f3P9vdWoOb87/jyAQgUu5WSCS/Gl8Uv+N+PnbPY742f6dDxA87/IyQKX4kvjF4eH4Qlo81d7CiGEEEIIIYQQP+utyrX/vfvbi/fnecylnIxwKf5b9+dCCCGEEEIIIYT43+Wpzl0ee6hNmxbtpfHvaoQrfn6r/7fMRxrS+Dsaf/QnkxBCCCGEEOJf7dJF/9+ZkOHfPCEhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECId+v/x58R+Pdbv/a9BIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ4j/V/wsAAP//pqA1Rw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18}, 0xfffffdef)

2.791476158s ago: executing program 4 (id=1210):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x42}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40805}, 0x20004004)
close(r1)

2.641543027s ago: executing program 1 (id=1211):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x8000000, 0x80000001, 0x2, 0x4, 0xff, 0x1, 0x3, 0x1, 0x1}}}}]}, 0x58}}, 0x0)

2.641343637s ago: executing program 4 (id=1212):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000005f40)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000640)="f3", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000f00)=']', 0x1}], 0x1}}], 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000280)=""/139, 0x8b}], 0x1, &(0x7f0000000500)=""/23, 0x17}, 0x81}], 0x1, 0x40002002, 0x0)

2.404467131s ago: executing program 4 (id=1213):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000001c0)={0x7fffffff, 0x1, 0x4})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000080)=@fd={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "2e1379f1"}})

2.378641252s ago: executing program 1 (id=1214):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x20001103, 0x0, 0x0, 0x584})

2.162967984s ago: executing program 1 (id=1215):
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={@cgroup=r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

2.136682006s ago: executing program 4 (id=1216):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x8000, &(0x7f0000000000), 0x1, 0x782, &(0x7f0000000f80)="$eJzs3c9rHFUcAPDvbPPLtNoIgtZTQNBA6cbU2Cp4qHgQwUJBz7bLZhtqNtmS3ZQmBLSI4EVQ8SDopWer9ebVH1f9A7x7kJaqaTHiQSKz2U22zW66abNZy34+MMl7M7P5znfezLyXnWE3gJ41mv7IRByKiI+SiIO1+UlE9FdLfREn1tdbXVnOp1MSa2tv/JFU17m1spyPhtek9tcqT0TED+9HHM5sjVteXJrJFYuF+Vp9vDJ7fry8uHTk3GxuujBdmDs2MTl59Pjzx4/tXq5//bx04PrHrz7z9Yl/3nv86oc/JnEiDtSWNeaxW0ZjtLZP+tNdeJtX4p3dDtdVSbc3gHuSnpr71s/yOJSk5b5ubxIA0GHpKHQNAOgxif4fAHpM/X2AWyvL+frU3Xck9taNlyNiaD3/+v3N9SV9tXt2Q9X7oMO3ktvujCQRMbIL8Ucj4otv37qSTtGh+5AAzbx7KSLOjIxuvf4nW55Z2Kln21hn9I76Rvxf+u8zOnA336Xjnxeajf8yG+OfaDL+GWxy7t6Lluf/hsy1XQjTUjr+e6nh2bbVhvxrRvbVag9Xx3z9ydlzxUJ6bXskIsaifzCtT2wTY+zmvzdbLWsc//35ydtfpvHT35trZK71Dd7+mqlcJXc/OTe6cSniyb5m+Scb7Z+0GP+eajPGay9+8HmrZWn+ab71aWv+nbV2OeLppu2/+URbsu3ziePVw2G8flA08c2vnw23it/Y/um0urK8lkRc2f1Mm0vbf3j7/EeSxuc1yzuP8dPlg9+3WtYk/3z9f6F1zY//geTNanmgNu9irlKZn4gYSF7fOv/o5mvr9fr6af5jTzU//7c7/tPRyZk28++7/vtX955/Z6X5T+2o/XdeuLo6s69V/Pbaf7JaGqvNaef61+4G3s++AwAAAAAAAAAAAAAAAAAAAAAAAIB2ZSLiQCSZ7EY5k8lm17/D+7EYzhRL5crhs6WFuamoflf2SPRn6h91ebDh81Anap+HX68fvaP+XEQ8GhGfDj5UrWfzpeJUt5MHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJr9Lb7/P/XbYLe3DgDomKFubwAAsOf0/wDQe/T/ANB79P8A0Hv0/wDQe/T/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNipkyfTae3vleV8Wp+6sLgwU7pwZKpQnsnOLuSz+dL8+ex0qTRdLGTzpdm7/b1iqXR+MuYWLo5XCuXKeHlx6fRsaWGucvrcbG66cLrQvydZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDOlBeXZnLFYmFe4QEo9NVabXPO0IPXgpl6EnsVdKBTWfwPdmbnCl28KAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8QP4LAAD//x2uII8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x20202, 0x0)

1.913998279s ago: executing program 5 (id=1217):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats})

1.804667365s ago: executing program 1 (id=1219):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x40, &(0x7f0000001200)={[{@noacl}, {@notreelog}, {@usebackuproot}, {@notreelog}, {@nodatacow}, {@enospc_debug}, {@space_cache_v2}, {@ssd_spread}, {@skip_balance}, {@noacl}]}, 0x1, 0x55a8, &(0x7f0000005680)="$eJzs3X1sVWcdB/Bz25UiL21ndGnjCyyOgOAIrk4HRFqLGF7mrG2ygXuhTuPAOSxkiOKadYOQzc1aNot2MphEp0yRSgbIFkdxCegs2UxcV8Ut4OoLjVuY7IW5+ZLee8/l3nNoe4dzndvnQ9pznvs7z3Ofe3L+uN9Ln3MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIJg3c2d1z3Y1vHyOVt3VN7xxNqGGeue6Tv7C633bn5gUl3FhKebHq1b2bRxevWTbcfO6qlY2D4pCBLJfol0/8U1c+s+V7/44yPDARs+mdqWlQ30lKmuh1ONETkP9vfL/fl0EARFkQEK09s56Z2CnAEyuyviAw5qwcIlO27cNr9vfemc/eO6EwfiL51+I4d7AsMlfV31nryWqpO/CyJHZNpZl14i5xJN9Y9ecK/JiwAAXpFptclN5u1o+i1upt0crUfa1ZF2a6QdvkNozW6cjtS4Iwaa5/hofZjmWZ2KCsUDzjNST5//TLs22j/SjkSNVzDP3EPTkWbkQPNsjNSHa54AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAryfvrfzLzOUv3l4yonvp9b9f86Gb5nVXvvuRr5XfUzn3Rx3L2u776qN1K5s2Tq9+su3YWT0VC9snBUFZsl8i1T1x3WVHV9WN+1jNN3754Z9eOfrOawvT44bbM7IODnrCnemlQXBlVqU3HPZoSRDU5haSzaA9Xlia3JkXFgAAAHgjqUj+Lsi0U3GwKKedSKbJRPJfKBUWFyxcsuPGbfP71pfO2T+uO3Hg9MerHWC86lOOl2mXnfxJZAXjMP5GxztZDw9dERtncNERo3n+4u27941Ztf6C5S90XjJz9l/P772h85kpVbd+/cExl25Z8c25K2P5v2zw/B+eOfkfAACA/4b8Hx1ncEPl/+Jv//aHrd95V9/2vU8d3fS3rc2r6584saGt/n0rJ9f//YJzW1+M5f/xOU8Zy//hjMP8XxCcXv4HAACA17P/df6vjo0zuKHy/4aqd0xZc33XHZsnbhp76+pn//HS/TMe/nnxZ6Yuftvsp/bN3Lg7lv+n5Zf/z8iedvhgVzjhq0uDYFr+JxUAAADIEf6/+8mPFsK8nvrkIJrXb9tVtXfbxglfunzMn+8+N3Fi77KpNe2bj/zhoi3fTdw7veVITyz/V+eX/4tem5cLAAAA5KHx8YOX3fzr8S99qqb97l1rv79s1vbjDTs3Pd2deGvlvJaWL7bE8n9tfvm/eHheDgAAAHAKSy685hcX94296fjSP5W09jY377m84tBD1z72x6bF35v1z/JtV8Tyf0N++X9Uepte+ZDqtD/8K4TbS4NgZP9OY6pwIGityhQAAACAV0mY0888/9LPN03YXjrxW7OvuGb5nh+0H9x625EP9p5z1Vcq1v7uuXUfiOX/xsHv/x/e6SBc/59z/7/Y+v+sQuqufzPdGAAAAIA3o/h6/vD2+KlvLhjo+/fzXf9f3LWq7bld71nQXFN7/32PTX1o0aHnJ24Zs+eW5q6qd3Z/ufztsfzfnF/+L8zevprf/wcAAACn4f/t+/8WxcYZ3FD3/3/h5Z2HZx286N+/+ejaO8e2bOhJ/Kppzc+e7Tm88+jkH1ecN/ktsfzfml/+D7ejs19eZ3h+1pQGQXn/TvpuglvD6V4dKXQUZRVSJz7Soz7skS50FGcVkhojPc4rDYKz+3eaI4Uzw0JrpHCsJF24K1J4OCykr4dM4SeRQmd4pW0oSU83WtgdFtILLDrCFRSjM0siIj2OD9Sjv3DKHocyTw4AAPCmEobndJYtym0G0SjbkRjqgFFDHVAw1AGFQx1wRuSA6IEDPR405BYyA144v+D99zzw+A1TP7tvxiOjPnLV7Ckn1q/+V1fbJ55fXd+46JJY/r8rv/wfnooRqc1A6/+DcP1/+nsNM+v/G8JCWaTQERZqo3cMqA2fIxV2bwmfo6w23eNYeaYAAAAAb2jh5wKFwzwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+wd+9xUlV3gsBPN/2EpmkNiaAEezBiMKFpBBI1ukFMjKujaUkwZmJi82hJh0aQh4qLE3wkGYX4WDGRjI6wjgkaJcTEFaMOrJMoM0N8P+IjjFk1SnyBuu66rrqf7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAfw4LfnrVx4MgX/n5lv+MPX/KPa/a5e4+njjnt+ZVrjn3p289tXts46qGJ88+64qDxT122+WN/GHzCsk+G0NJVriwpXrbwxE2nT9z7iAkXrT/0l1P6XTmvKlNvJh76df4pz9w5L7b6dP8Qbi4LoSIdGFmXBCoz9+tifUPqQtgtbA1kS7T1TUqkGw6/qw1hedgayFZ1S20IdTmBr95/x9ofdiaW1oawbwihOt3GH6uTNmrTgeFVSaBvOjCrIgn873cS2cCa8iQA2y2+GbIv+tUt+Rkaui9X5PVXucM69sFKD69PTDQUz/fiYTu5Uzmq0g+0bNfTVlAdO0XB22Odd1sveLcVbOeLPW25X6Qy31De2RqqDuXT2k6ePL9jXnykPDQ19SlW0056nh/bsnDqtqR7zeswdqBhh7wON1/+yqTm/scMumHCpiFjT1q2bHu7WWzz7mzVIfOa6zXPYzTe50kvePsVfEtq9KUrhPCfvzvm7BMrDjritoOXvjHm8Gv67TXp84fu9uI1bR/f+/jd7/rymZsK5v8N7z7/jy/neFuelzu2+mZ9MjePj9TFxMv1ydwcAAAAeo3esNf00h+Nmtrv6FsfnVy556xFf//fhrVeMXDT+YNu3f8PBzUd8ZVBK75eMP9vLO34fzzkX5c72nUhjO9KnDsghEFdjyeBa2N3pgwI4a+6Ui35gcNSgXUhDO5KjMhWlSpRE0s0pgLP1mcC41OBO2OgJRW4JgYuTgXOi4HVqcDUGFiXCkyIgdCeP4796zPjKDlQGwOtyUZcHc9CeLU+tpbaVo9nqwIAANhBMrPDyvy7Oec6bG+GOL1cXdtThngGdtEM1aka0jPY7LSqaA0VPdVQ3lMN2XEvevfhF9Rc1lPNBadhlOVnuK/h6sOH3vv2dTO+sLF90BnrP/XZ139xxoVXXvbM/5nyP0Yt/PQPniuY/ze/+/y/upuOlBUc/w/huK6/MXd5JtKRjbe25GUAAAAAtsPgyiVrnj6070+O2vj0859af/nAe25bf+0PDrju4dbyh/dcumrQXgXz//Glnf8f94n0yckcNsTdEDMGhNCcH0iq/VxhIDnq3S8TAAAAgN4gezw+eyy8PXObnKKdnk8X5m/ZxvzxwP/4bvPXXPDc93+37JL/d+XU//5fvzDt53/35W8997nqo74258ZvH/3vIyb/rPD3/y2lnf/fN/826cSdsReXDgihJidwV+xlZ6BLYww8+fn8QGb8d8YNsDhWlTkxIVvV4liiNQaaU4HlxUrcmy0xKD+QebKyjZ+bHUd7pkROAAAAAN53cXdAPC4fz/+vn/yjw7dc8Ppfr3/r+WUvPfrCD/Yd9tnW4f8w+NbPDP/u7z+z70MLC+b/rdt2/n/XPLjg9P6OfiGMqgihT/qHARv6JgsDxkBdWSZxe9+krj7pqs7uG8IhnQNLV/WnzPr/Fek1Bu+vTaqKgUHDVm4Z3pm4ujaEUbmBh7+xYlxnYl4qkG18Um0Ie3eONt34TTVJ45Xpxn9cE8LQnEC2qik1IXQ2VpWu6o7qzHUM0lX9ojqEj+QEslV9pjqEBQGAXir+K52W++DcBWfOmNzR0TZnJybiPvzacHJ7R1vT1Fkd06qL9Glaqs95yxidXTimUq9880RmiaIHL3i0oZR09neCzbltZfbjF5w4mLkfvwtVdo3zgMq8u2PSQ/7kPoVNhJxvUsWGXL6Th9w3t5KtT2JB/TF/VegXaubPbZvTdMbkefPmjE7+lpr9gORvPMyUbKvR6W3Vt7u+lfDyKLpaVsp73Vb75VYyat7M2aPmLjhzZPvMydPbpredMubAsWMPHDd29JhxozpH1Zz87WGo+3VXdWqo76wocVw7cKh7VuRU8n58akhISPS2xE3HXt/4QMf1d9S2jbz/4I6T7r5q1r8+Pv6MI3/b9K9L5q9aULlHwfx/9rvP/+OnTvzkz6zPUOz4f0M8zJ88vvUwf2sMLC/1+H9DsaP52RMDGlOBRTGwyGF+AAAAPhzi7si4NzPulb59yZbV9x7/0Z8ffOnvd/9szdy9Nkz98XXfa3up5leHtf954qFNhxXM/xeV9vv/HbT+f3bp+qOKLfM/IpZoLrb+f3qZ/+z6/4uKrf+fXuY/u/7/8g9g/f/52UBqk7xq/X8AAODD4P1b/7/H5f3TFwgoyNDj8v7pCwQUZOhxGf9SLxCwzev/n1Yz7K9PvOCLVVu+NOCV1Xfs+/NPTD/+xX9/fObfnDjyiC+eNOXTtxbM/y8ubf5v4X4AAADYdXzptz9tv3vsWQOffO2fxpy+uO3UtRdM+p+zrr9nn8fXr7qqz5SNTxTM/5eXNv9//9f/C8XO/28sFmgptjCg9f8AAADopYqt/3fTg7W/OXrw2Q2vnrr8uoF7P3TqgDk3PvjAk3cNG3pR1U0L5i95oGD+v7q0+X887aI8L3fszZv1yZp2Ib2m3cv12Z8MAAAAQO9QHpqaKkvMm7cy6mHvvc3HMkuBvls617n/aey6B154e/GU855d+eKNT97/sZdPue3q7/3jF05/7cKhI8cvHlow/19X2vw/73cZmy9/ZVJz/2MGvXnDhE1Dxp60bNnW4/8AAADAzlPqfgkAAAAAAAAAAAAAAOCD98aKlv97x/5/PrDj8U+sqfvEhCea9h8y8adXVp/z6+8/84vW6b9cWvD7/3BcV7liv/+P1/2Lvy8YmJc7ttrz+n+Z+189etWCriULN9SHsE9uYMY5M3YLmWvz75cbWPvNEXt0Js5Jl7ht44RnOhMnpQNHjtz99c7EIalAa1wkcXA6EK+q+Hr/VCAur/hAOhC3x+p0oCoTOL9/Mo6y9LbaVJdsq7L0tnqsLoQBOYHstrq5LmmjLD3ApalAdoCnpgNxgMdmAuXpXq3ql/QqBupi0av6Jb0CAGCXFb8FVoaT2zvamuNX+Hi7Z0X+bZS3ZNnZhdWWldj8E5mlyR684NGGUtJ90t9Ft15rvDJUdw5hdMHX1dwsZV2j3DG19LDpBhYZck+rvZUXKZe2rZuuqviIapMRNU2d1TGtsseBj+k5ywEVPWYZXTDZyc1S3rVJS6ilhL6UMKISt00JXY73y0NTU59UroNjsCHk6ekVUerv9XPX+Sv2KsjNc8LuW2b+y9FXffPvNvxpw7TzL51wRNmzx1yz9oq3Nj75N4+33/jyfymY/zeUNv+vzh3X65mLASyKV9b73IAQWkscEQAAAHz43fDd6288Ydadm05eV/HIfffNKP/yCZXvLPz1wjO/99jti488/9M/2974WafV7f5kxU//+YRTvtEwfdrev6756GXnvbX21M2nvla/36u153+0YP7fWNr8P+7ByhwKTvZ2rIvX/z93QAhdl9ZvSALXxuFOGRDCX3WlWmKJ5IL6R8USzUng2rjDZEQs0dqSX1VNDKxOBZ6tzwTWpQJ3xkBmL8XKkNmVc0l9COO6Usfll5gdSzSkAl+OgcZUoCkGmlOB/jEwPhV4oX8m0JIK/FsMhPb8bfWr/pltBQAAsC0y86zK/LshPc9bXdFThrKeMvTtKUN5Txmqe8pQbBTx/o0xQ2Xq5JWynEyV6VprU7UUZIgXw9/mfhVkCPfm50wXLGg6nn+QPd+gLD/Dxx+6es131nzhpWN/s+SyN+99qvxHQ1Z8t7H2rXUbLvnxsLG7v/iDgvl/c2nz/775t0nrd8b5/9br/yWBu2L3Lo2njjfGwJOfzw9kdgzcGSe7i7NVtWRKZCbti2OJ8THQmArMjoHxqUDrcZnA8j3yA5mZdrbxc7ONt2dK5AQAAADgfRd3EMTdNHH+P7Nu0sRxo36y5I3lMxetffvCFy5ccXvHq5XjNr52zae+1ufx4bcXzP/Hlzb/j+31y23svNibp/uHcHPZ1t5kAyPrkkDcj1EXfx4/pC6E3XJ2cGRLtPVNSlSlGg6/q01+oV6VruqW2mSNgXj/q/ffsfaHnYmltSHsm7P3JdvGH6uTNmrTgeFVSaBvOjCrIgnEPT/ZwJryJADbLbtXML6gMqe6ZDV0X67I6+/Dck3Q9PAK9oF2k6+731ztLNXpBzL7VLO27WkrqI6douDtsc67rTe+2xq823K/SGW+obyzNVQdyqe1nTx5fse8+EjuL1kL7KTnOfdXqqWkd8DrcNF7723PqtMdaE59fDR3X67712FZrG7z5a9Mau5/zKAbJmwaMvakZctK7kYR8YfCI9ZM2i138+5s1SHzmut1nyctPk9647+BRk9bCGH/1pdu7X/wv+310MmrvzVqr8Hj/vJPTxwZHnl46T4Ljrlo5T63HFUw/28pbf5fkbrt8kbcmHMHhPDJnI27IW7+wwckn4M5geRT8iOFgeSQ+1P1RT85AQAAYEfL7u7I7i9oz9wmJ4Sn58mF+Vu2MX/cXzG+2/yl9vu1b7z49ozTvn7Lpe+E/oc3jJ2/5ZLjZm2cseaFh6b/cdV1x7a+UTD/b333+X9NqpuO/zv+z07i+H+3dvVd0TXpBxZt167ogurYKRz/79au/m5z/L9bjv87/t8dx/974Ph/t3b1p63gW9JsX7pCCHcf9Naqv7305iX/63uTh3xq7aTGeyq+f9iM368cvu6+q75y+5FffLlg/j+7tPm/9f+6X7Qvu/5fa7H1/2YXW/9vkfX/AACAnarIQnPpeV7B6n0FGdKr9xVk6HGBwB6XGLT+3zav//f82qf+XHf8+p/86qKqRz5y+ohBQ0945sDpl1859IcPbNz87P5f21gw/19U2vw/vhz65bbeW9b/azyuSFUXx8BsCwMCAACwKyq2gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAP1nlfP+u0xcNem/bP35p4991fuW7PsqFPPPIPf/nWPafUHvLCd2YM/PhDE+efdcVB45+6bPPH/jD4hGWfDKG9q1xZUrxs4YmbTp+49xETLlp/6C+n9LtyXnWm3srM7V55uWOrb9aHsDznkbqYeLm+887WwFePXrWgojOxoT6EfXIDM86ZsVtn4pr6EPbLDaz95og9OhPnpEvctnHCM52Jk9KBI0fu/npn4pBMoCzd3Sv6J90tS3f3h/1DGJATyHb3O/3zq8q28aVMoDzdxs/qkjZioC4WvbwuaSMGOmKJ9poQRlWE0Cdd1b9UJ1X1SVf1m+qkqj7pqv62OoRDQggV6ao2ViVVVaRHfk9VUlUMDBq2csvwzsTyqhBG5QYe/saKcZ2JU1OBbOMTq0LYu/Mlk278xsqk8cp040srQxgaQqhKl3itIilRlS7xp4oQPpITyDb+7YoQFgQ+FOKHz7TcB+cuOHPG5I6Otjk7MVGVaas2nNze0dY0dVbHtOpUn4opy0m/c/Z7H/sTWxZO7bx98IJHG0pJV2TKVXZ1+YDKvLtjdvXex371za1k6/NRUH/MXxX6hZr5c9vmNJ0xed68OaOTv6VmPyD52ycTTbbV6N6yrfbLrWTUvJmzR81dcObI9pmTp7dNbztlzIFjxx44buzoMeNGdY6qOfm7I4a64v0f6p4VOZW8Hx8AEhISvS1Rnvfp1ryrf5AXfNHf2tHKUN31AV0wrcjNUtY1yh0x6MPe44jfy/eUHkc0umDiUJDlgJ6zjCmYTGzNUptk6fpeVzA5zK2pvGuTxvvloampT7Ht0JB/N3fzvrgdm/exzKYrNQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/H924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADApQAAAP//j/n+Zw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4)
openat(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x470102, 0x0)

1.442357016s ago: executing program 5 (id=1220):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000a40)=ANY=[@ANYBLOB="03000000000000000d000000020000000500000002000000ff0f000008000000080000000000000000000000000000000d000000b700000000000000050000000c000000000000000500000000000000000000000000000007"])

1.429099267s ago: executing program 0 (id=1221):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="00af268263b121dc03d7d9b98b9cdb76841d31005b31fdfd141b652968fbeae7aac982a517703dc5950f6728aecf5ec337b119ffd66d0a02970718ba573db352906385cece74366e628b6a775c9a6f6fff046416c6240e39a647186c4cf0b360bd17d4cdbd912dc61fd24e6f17d8"], 0x1, 0x152, &(0x7f00000007c0)="$eJzs0E1LKnEUx/Hf3Bnlcq/eBzKwFia0aEjMacRatdBIEtKBwk0rwSYKFCOhXBrRrkXQ1oXlVnwLlrWxRgh7E23cBS0n/o7Rw67977MZ5nsOh2FWlnoqgoAMx3KpuLdvlsvmVnDdSCc3ntrtuOhuAD8/zZ39qziwI54KMDgCRL7xAtu7BXMuXyqI90EcUAEkfjtdg7P7SzSf0+YhSaKp00Bn3Gn6aO9ji47apAIk/r7fsy+AGXHv/9s94BlApRZquZCxbNu2xfeepEJTY5LTm3cZq5sKzwbMUz050fD4ZWTN20skhvPHSDf8EGk1+z0rvWakjV5U1xeimqJpsb5xb6Vi1TMoq54DYPPLPTf8ASULHEvA+XA2uJa8ADr1F6P4Z7E++tfVQzkISJVaPud3NXK+fz8gq5BARERERERERERERERERET0Xa8BAAD//wFeZcY=")
mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000080)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1db)

1.121221975s ago: executing program 4 (id=1222):
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f0000000200)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0xaa, 0x3a, '\x02', 0x3a, ']', 0x3a, './file0/file0'}, 0x2f)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c0000000206010100000000000000000000000005000100070000000900020073797a3100000000050005000a0000000500040000000000110003"], 0x4c}}, 0x0)

1.003987742s ago: executing program 0 (id=1223):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x28, r1, 0x1, 0x70bd24, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x980}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512)

1.003646912s ago: executing program 5 (id=1224):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x573, &(0x7f0000000ec0)="$eJzs3T1sG+UbAPDnzvG/X/mTIoEEqEMFSEWq6iT9gMLUrohKlTogsUDkuFEVJ47iBJooQ7pXiA4IUJeywcAIYmBALIysLCBmpIpGIDUdwMhfaZo4wSl1XHK/n3T2vfee/bzvnZ/XvtOdHEBmHa0/pBHPRsTFJGJoXd1AtCqPNtdbXVkq3ltZKiZRq136LYkkIu6uLBXb6yet50MRsRwRz0TEd/mI4+nmuNWFxcmxcrk02yoPz03NDFcXFk9cmRqbKE2Upk+98uqZs6fPjJ4cXf+ye7X1pfzO+nr95xvvX//h9Vs3Pv/iyHLxw7EkzsVgq259Px6l5jbJx7kNy0/3IlgfJf1uAA8l18rzeio9HUORa2V9J7WhXW0a0GO1fRE1IKMS+Q8Z1f4dUD/+bU+7+fvj9vnmAUg97mpratYMNM9NxP7GscnB35MHjkzqx5uHd7Oh7EnL1yJiZGBg8+c/aX3+Ht7Io2ggPfXt+eaO2rz/07XxJzqMP4Ptc6f/Unv8W900/t2Pn9ti/LvYZYw/3/rlky3jX4t4rmP8ZC1+0iF+GhHvdBn/5ptfn92qrvZpxLHoHL8t2f788PDlK+XSSPOxY4xvjh15bbv+H9wifvOc7f7G10yn7T/TZf+/+v7L55e3if/SC9vv/07b/0BEfNBl/CfvfvbGVnW3ryV36r8Cdrr/68tudRn/5XNHf+pyVQAAAAAAAAAAYAfSxrVsSVpYm0/TQqF5D+9TcTAtV6pzxy9X5qfHm9e8HY582r7SaqhZTurl0db1uO3yyQ3lU7lWwNyBRrlQrJTH+9x3AAAAAAAAAAAAAAAAAAAAeFwc2nD//x+5xv3/G/+uGtirtv7Lb2Cvk/+QXQ/mf9K3dgC7z/c/ZFZN/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv8AAAAAAAAAAAAAAAAAAAAAAAAAANATFy9cqE+1eytLxXp5fGBhfrLy7onxUnWyMDVfLBQrszOFiUplolwqFCtT//R+SaUyMxLT81eH50rVueHqwuLbU5X56fZ/ipbyPe8RAAAAAAAAAAAAAAAAAAAA/PcMNqYkLURE2phP00Ih4v8RcTjyyeUr5dJIRDwRET/m8vvq5dF+NxoAAAAAAAAAAAAAAAAAAAD2mOrC4uRYuVyazcjMwE5WjojlR9uM+jvu+FX51r56XLahmSzM9HlgAgAAAAAAAAAAAAAAAACADLp/02+3r/irtw0CAAAAAAAAAAAAAAAAAACATEp/TSKiPh0benFwY+3/ktVc4zki3rt56aOrY3Nzs6P15XfWls993Fp+sh/tB7rVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3VRcWJ8fK5dJsD2f63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/F3AAAA///pCdd8")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000003c0)=[{&(0x7f00000002c0)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x2)
write$UHID_INPUT(r0, &(0x7f00000017c0)={0x8, {"532b7650cd96d698a54ce0e846dde23608a435ddbe06fd95bd2dcea4c391ebe7f5fa41ae31f9f1c88e684f77150b1f0bf47f39bfa3762cee6a2b159473aff70f9a680eab6a5922545386428af2a780006c07c11e692954067d39f5ce4f366b5358139b6f0928b9adc187eb01fa36f228fcecc841671ac528ab4f39963ea995f6ede22b3f0888b8b29d3608b5138ea7e2c45be56975055acb9b6df8ad55f0c6ce2c84a8503a03983cf4ab5ca45709f7191f6a2c0a285ace84d25682f39b58df661a0fc2ec8b53ee58618ce8d6410a06bbb639f6cad2a26ee14e55ff173fa44c16b55b230f7fdbc4b0f6f12c513001dacc376ed78f871b77b13cb702b32930f9d5b9f3e3a3756a2f124519a247094eef7b33c7fd6c227d606af4516b0dc17bd68251543b111418bb4790eeab62b49f4492384572e6d146faf380c31ece4dc64879ebb8d7c137eb9470134cc29adc9e76bd7a553328cccde1cc690b34c9c6b22b4cb8f67452437a56c77f30eab38a5a56ff73f821337e3ab08aab1928a29a54b8a5968255cc9ca859927fb1b570330a20fa716c42348c5a17016c617257dbcbe098de08a75b10476170eebe3e71624ce872e8d5b6afef8228634e2ab4a799ae39214f97ef31295ab57ad71ad641457d164b76c6c4cbaa215acda7bd31bf87585f99770cfea85776a8665808c60511e5571cbcd4bf0ba51c340320690527c651c4bcc877235fcde8fbc78b3511a3403c91509e77d77b6d2b01fdf11deeb011506c18e65c856f9d50cc649c3d3a4b9e3e6001e82159353661876b85f1bf01f44aad81a2dfe5647ee38995d56a89c3cb4ee831bd89e86b526d28aaba6f3b125ed6dac9e9f0a600bea266871949f47aa7a8e833f0eed33358410f13f44dd5ae4575414bf9b5a6532d6f023ff3fa903eadb960ad24cf42f942c996c3be944629202b19ba627f17ad8eaeae6b87afeb64fe5bcc4d9f9f271185644edea9e48c8ea8ce9f40858445c0d7a92fe9eb3a2bafde8cd7350d18d8574cee8361ca10b014eadb74042ea205cc5462d3f803b072444e2e3a23f45c7674aeb24244d351b51bf6d8b484a06424fa0e3d5929ae7c0d5d30bd6ae326f5814cba9b6dce1e0e28adfc1fa2ac5f616363cf5c83638adaf42fbb170b2351dd2657120b311aba9b5579f0eb54155c0b31d811fa127e5cb243f002cf17e4f07a6e6c80f694c54cd81db2f3c424a125a12c5ed681806dc35cb744614d510e91e65dc87e1f0d5ad88556b6f67d2a39872b00e74b13889f019faf894d890879906b9c779a2763830311c9de04f5334b65fb9179e4d63aaa0f802e22c896e9941095a8e47a707b1876bb78b11729a8854314f26b8bdb2bcd0e949716e8fecd1338a7b7c4fa8833da0313dcc60496316db863e475ffa58102137f81e41f0bd6e57070d792276c63405976074e102ec7192c9cb887bc0f22310211c31868de4a9c5a5713137c37a1a7536323a70b6adfba7a1627aba7701644e8f44f6e2b136b1972232d0d8529292b20bb997b871ab183304f867ecebb718a2280a1665f480711e91c17d7f445fe32e762d90941c78bdf5b13d93b557cbd20fa5e7c5dee8414c318fd1d9a89d77f718bb10dc895cd65386a1655fb184a84aa9813d1f5f4567e125be0613649d37f0e91c1a1a4d4fa0baa5975d01a5b23bd39ed8cd5942dec27f1d44e67e3e60c81f4194b938cf8a360d285b6966786e0f795616b351f5aff5d987317474aac9bef201be342dd8c2a4ac7c9dffbe534fdc727d59351897f6543563cfa5d273f96693f9659a9a20f39c53965881e6540d6d7eaef45da06aadc7b67b954ad3dec0aedcc158f9f6be6081ed0209f17ebbcac208ce27f130233e3a0edd3536d73992ad2e05599093a4a9f189abb78f0817058222ddb9300e8aac23ea6dfa6c3343111ff44dbd89c973e13cca8760e1726144e6fadaef4c00ac7acaab1d5dd6094d7c24adb2f230c787d903173247c60ecf60d3a0a4b7fe1c8e0a1f0b715916e68064a653e46ed8cc1e0496cda1e8cb872315c51dcc1d4b1a473ebdffb24c7e25110f0e809110b3ec858528e4d9201ac3d65667a4451d08ff4da4ab1f1b8e27e1486943bcf1ab8212b9c8439e4c373ff935e353bf1c0ca6d906794a3db336556950d9780ca389f72557fb2b0a952ce7442fd794079bfc47c7139f8cdd6cf0d6c98d5bcee4da568f7f1305262bf7babbf391918d8fc60ada5886ab41c5678d8631173f087239fbe45189865505850b7c96c191a2ce560d67d29452085880b930a17edd3997ca3e3e2111771dc6b42982e8044544201569ef0057589b027ff8a21935db6f5c311d29ccb74a66725c8fc880804ee0632d07e92378ce9a9a397518ae51620385bc6e5fb69e3912420079b0f3c2377d487bee853ec09e75a56f73563adb82f8e393e9addf36bffcb3b0ffe0338cdcd10e3688d692c4d6d15a64aaf9c3614e5d806f65f9825c140821b070edd975e0a3fd3e2ecad15821b9795c425aa4866dd44ccb2616e418b723efd510480b2b8cad06e560e349f42a7a385f8b9b15a4f7f6e59c45251751499ca528d6574f378cd524fb8db8851f18debd5d6c3f66bd40938f3e0a28a32b2b47be53673be970e3b175db7f148c57ddcbb8d53addf08028259c23e09798c620b59ea1129f94beec4be89c17eea8cee93d996bff0d51a8a31205890f50ad60e945ad1c71675de407d42d84324d4cfaf15933a79356f2233d6ce5bcbdab9dcd6a483651b88d3fa3e384d14eec6cda52b223704c7cbd0414d22bcb05f5b7f92ffd690d0640e5b78fb27dc3d2efea5a5a016b0a0187092dbfa17a93f067406e7bd7ee13a23ab9c93444fef2385d72778c6b2f798ad7576e4e1c34985c06fad8d5eeff6b5217d97dba4b8ba05a06405e22c6a6d62c4335591a2a0d4e27994d68df1d0f43687a5f617c1c9c3bf2a54472bbfc68a83350c7afb87b49d6d07da0725d62b72af49d55655a10ffaf8be4d32f1c6568faf4b8d08cb2f8f0550fd2947c8782d860d5bc7efdd8142fb1987ba7ab2852fe129f77dc1cf07dc1263f1b8701bdf505254427f29ef33632e8005367d748a2aebd2a92b28e9cec7a1e297883d6d35ff6ee3f242a2883c5fbb2f324803fefc5c2c8ff925a0c0ced8b4f1f8d1d7e417088d7a9cf54b14959024124f5060f51caffe8f5a85a2b82ef1ebed10caca1a4b073c789ca17897c9014a7abe99ac92d06722788cad91b2b37daab60881410b0aead3ff33bdb29a5bb64b086d145cb775b945edeb852b500b33f1f8a07e5770e1f8a57d61c86b225fb3843c70e3c124fa07773fe623dc0bfc99cfba1ec379096c41e2929213a3d905c6878059b4ef8a406dc037d4f41ebc33e5dbac5a2d8fbd630553e0b3cc3fc09500fd5c5e31c989701cb37ec60d223e5cef9cbf6cd82f8f4b50826e8e6c703a9c592bcb3f7a0a62a9ca26291838ebfdf86b560e23906830280610214667c33624e62558d3e04eba4af08cc191d14aa40b9622fa38abd5650a56463eb8f2718e858c617670e25dc677f19e4d6b7210d546b6e8b50859266e8a7681c5a6d064e23671ca2e12e49a792fde41b5ae0bc3ab6d985c15547775833654cd3d015fa8cfea0191997cd6276d2d42ef9bca03fe00bc1767ab63eda65b8e0589a9fb46fd2778e7701ff74523f7879298beedf3a3663a08f28ab176ca7ea3dc419beb82b6205aecbd5592463c3fbb64da8f0809f7859c4f4c47f007424e793623e2b56ccfc374edeb7c105f0fbc28d1681814085de26169e277f135bfbb5a64523a24bd24e4081fafc713b304ef55d6d4b77b0967f8ee39c633a5479fe08d1b796ffe6e8e8c0df364145c55812f86b8b55cae4e33f2c52a3722821ba8c6e8d0fee78981aecce706b0a9b5b35e5b95ec7f3ebb7ac1786a97f0532fe0fd3d16ca45e0cc946243387437eeeb86ceb19975492af1ceb932aad75361b74f52cf799dc234f75094000b29c78f5e577672df63e3c663a12076a89ff38a6a54bb3e75babd8b9115189391e12ab6fbc4e3c30b8c95e42f9eff2c1963d580e9c2606effc30b3560658b6c678482b1245d099be5c554cd487c346a9d05a2c6d6d351472a8f630d4cbba4533be857ba5b4cbeb707be240e67e0bcdaf766e68bfa68d0f1b4ce4ec9e0802bbc95e5a6525ab25abac3d2a4395e00c8217ed8dace8b8cbc7131376967cb1ee26dbf75b920e894d1e04e4e534e631d2bc172e8a0be41eb13e534d9996929ee0fc8f2c38696544ca418e39c4fc4f4acc00abc84c61d82e542aaac175b0eaa2cb45ed296622fcd3a42a7083cf35e19b7925aaf8f835a7e54b6f7b8aa968f92b404de19d0302741050a9cbf055f540542f59f972e24ff3b34bd80c925a29cb9d42fa5020916636cc81a332f140828fea1eb5e497996321022336d398c513bb49380359de392e865843c8f4d4178b9412411f804c49ad72899e140f0b203552df14c1f6b2e9f1f9cfd407e89192a2d114abb606ba294baa802a74cbd91682055650835c26785ded11e6057834d8c3bbd84e665c5887057c92530fd96046d8fbc1520230d3b2d6c14c8cc78d50bc67171c2a37ebc0cbda9272be34a17723008ba33e1a0af5d64b11e51a73bb79cf1ad7186d07131d53b77cb1308ff7d35d674821990c82a6c4cdad087d4988081cfd6171124a39799ca07766c1ad0c282acf2cca7439f4e14a4dfb000843caf6e0645dec6a6ca0950f2b242eaccf36dbdede8d5b40edda647d8d9b29990526c49635d167a4d9a3df35c45436a0631fd75f4d4bd60e524d3816882b9ded4cce283b742096ec62b0cf1444938b853b62d10756f0ad5241d22cc53f92e9e0cc0a4d47867f74d68f4bf5eb80974583cb63947a5bb422ade4d4295598f7e8bc5b3d8527598be5491219998e86fa1318d5f1b8f82eda148f04eea483994b5d2c015c2ebd2b60bf07fbd28af010440660ff7083918132c1516df6713c619f5e6e2ea083b8197e9770ed80695e85f19ee425b090665d22e9c436556d728952925cecbd1226f35744a3a0ea1053ad8678df805cfe9e89af4f97fe41951b9b29c484d691e15d00f0ff769b588eed3e5cac3e6b81648d73033ee8e998e8fe646fee703af8fbd82e29495bfcb616c645abef5433c6ac7570d89cbd920309f232a8086110e6df0d30e8b50bb95b356dbe7d76fd58c7779134af70e4de0fb3c18864f435413bb8c647bb1ff75bb4b46cb8e2eec1fd5e54670313c26f36bfdd5c125d28e8b6cca416fa45d2d8828c7d8c869b2b2f9ff402a8d2a2c3e8a2f042b804ef3dec1daa09349c311b341f512851f622e9613b1c8c64100a75710eaecc8cf9e0281e5991032662a5ee8768182fbce6f1b9d32a07c715bd6fcf1acd0408c74b97e7946c5a896422356150209eec72ff1bb5a2364d03eb22b4a956d474ace724fa03306ce10965b595d98783bf0d6fbe1dd7f9264dc4e1e8a43f0971813ed9ff13671ff9e5508f649b7035fc06fc907b25a07e681e5663104fb255eea37ae4735e1928dc4bd399e6f1fae6e70b9faa79a979b56d49019e2a0b6cff009a957358be85bac85fb7ebef1109ed85631eeef5b711c36c2d1a8753930c0dc1b03231f7e28be3f8c1f49a386ac8ac0305e5a1b0590d8bf88e2bf162d0443525ca92f5b8247867fdb82f86d9698f26a97204974b9064794eeea1503539836d063c2667e4e013a57b785412d384e0f4ccf49a5d243f63f371ee0b6eea9543c35b817db8b4dfae0510bf2f109192b8d12456828fc15eb0bd862552b83e3", 0x1000}}, 0x100d)

537.496049ms ago: executing program 4 (id=1225):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)=@newqdisc={0x3b4, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x384, 0x2, [@TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "547d9ed0effe82c024750032ea49f09c72384049bcc87e42ca7e2c78d6a85178e447e32b5f4e4fabff6fb16a40901dc4221e42eb745b6332c476d0c3aefed8dc95af179570cf8cc43bc29eb93c6e78f5e1153d3d7c1542f77dc4b29877e2002685e850f2969cf2164fbf8db7e1713786899d2a8ab03ca5accb2e9b50e1fb7a4e3681b35f0f68461daa4f4e1583b9a02195dee35ae7c8bca085399157d5f30c2ec691c39267b2655c782b363a11645a0c78a39fab8c0ce69f11f2db45ee16e2975a80664f687d01bd7444244a25bdb9ec5b0fa8b1afc0254ddbca2e22ca1b189502b74d7ec4665c23804df713183d428f50a0d64e31e110c707eb3fe69f437992"}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_PARMS={0xfffffffffffffde4}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "554b956aa3fcfbc4a187baf0437163b5d33108db016465f92a93480d2c246d90f03741da6ee916f7c9917dbd81da67d6150151679559af8402b932745d19fbfbd679c133c4714565f91cd05790d990818bac85598b6a844cb2c2d277aaca9a88ee0e6a834ba02b4e549f11fb13e9fe33730c55997f2d3b7e6469210db81587fc522295f49a78f4e08ddfb01172b12a19b303a0c47fa3500cdc3e6725a79dcd3731c37083c3bbe73c43e7e2ea82c72986a1499c677c565ea1cfc874e7e978e4ebe8d338f0b37807d40333ee570133982998623ec809826f1009856a9d9d8e839c65d3ead78c6b3cb8f7beee8e59f19de93d06628a2cdfa4333d96882b96c36cc3"}]}}]}, 0x3b4}}, 0x0)

337.82232ms ago: executing program 5 (id=1226):
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
r2 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000000)={@empty, 0xe, r1})

263.422615ms ago: executing program 0 (id=1227):
r0 = io_uring_setup(0x6ddd, &(0x7f00000002c0))
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, {{0x0, 0xfffffffffffe}}}, 0x28)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xffffffff00000000}], &(0x7f0000000100), 0x7}, 0x20)

262.353995ms ago: executing program 1 (id=1228):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000140)={0x2c, r2, 0x1, 0x800, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x2c}}, 0x0)

0s ago: executing program 35 (id=1227):
r0 = io_uring_setup(0x6ddd, &(0x7f00000002c0))
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, {{0x0, 0xfffffffffffe}}}, 0x28)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xffffffff00000000}], &(0x7f0000000100), 0x7}, 0x20)

kernel console output (not intermixed with test programs):

 sha256 (sha256-avx2) checksum algorithm
[  120.885808][ T5171] BTRFS info (device loop5): using free space tree
[  121.202372][ T5171] BTRFS info (device loop5): enabling ssd optimizations
[  121.418601][ T4702] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  122.170691][ T5232] loop1: detected capacity change from 0 to 4096
[  122.216353][ T5232] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  122.344423][ T5232] ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  122.403500][ T4257] Bluetooth: hci1: unexpected cc 0x1004 length: 39 > 11
[  122.414989][ T5232] ntfs: (device loop1): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  122.489702][ T5232] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  122.514587][ T5232] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  122.584527][ T5232] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  122.614105][ T4716] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  122.629788][ T5232] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  122.655103][ T5232] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  122.675778][ T5232] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  122.789938][ T5232] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  122.804597][ T4716] usb 1-1: Using ep0 maxpacket: 16
[  122.811936][ T4716] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  122.836424][ T4716] usb 1-1: config 0 has no interface number 0
[  122.886099][ T5232] ntfs: volume version 3.1.
[  122.890869][ T4716] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  122.929798][ T4716] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  122.982939][ T4716] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  123.025590][ T4716] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  123.049959][ T4716] usb 1-1: Product: syz
[  123.054187][ T4716] usb 1-1: SerialNumber: syz
[  123.105416][ T4716] usb 1-1: config 0 descriptor??
[  123.127039][ T4716] cm109 1-1:0.8: invalid payload size 0, expected 4
[  123.171915][ T4716] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input7
[  123.392252][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  123.561336][ T5272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.291'.
[  123.591028][ T5272] netlink: 24 bytes leftover after parsing attributes in process `syz.1.291'.
[  123.627721][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  123.637380][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  123.645600][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  123.652780][ T4803] usb 1-1: USB disconnect, device number 4
[  123.667547][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  123.674650][    C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  123.694237][ T4803] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  123.840139][ T5276] loop4: detected capacity change from 0 to 256
[  123.893295][ T5276] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  124.102745][ T5264] loop5: detected capacity change from 0 to 32768
[  124.136437][ T5281] loop4: detected capacity change from 0 to 64
[  124.143963][   T27] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  124.161155][ T5264] (syz.5.289,5264,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  124.238584][ T5264] (syz.5.289,5264,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  124.307632][ T5264] JBD2: Ignoring recovery information on journal
[  124.334988][   T27] usb 2-1: Using ep0 maxpacket: 16
[  124.345855][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  124.367111][ T5288] loop0: detected capacity change from 0 to 1024
[  124.383107][   T27] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  124.421050][   T27] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  124.431405][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.455754][ T5264] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  124.467979][   T27] usb 2-1: config 0 descriptor??
[  124.484700][ T5288] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  124.486622][ T5295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.299'.
[  124.493255][ T5288] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.749042][ T4248] EXT4-fs (loop0): unmounting filesystem.
[  124.751045][ T4702] ocfs2: Unmounting device (7,5) on (node local)
[  124.889740][   T27] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  124.899524][   T27] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  124.938047][   T27] kovaplus 0003:1E7D:2D50.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0
[  125.286461][ T4813] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  125.296266][   T27] kovaplus 0003:1E7D:2D50.0005: couldn't init struct kovaplus_device
[  125.324860][   T27] kovaplus 0003:1E7D:2D50.0005: couldn't install mouse
[  125.377893][   T27] kovaplus: probe of 0003:1E7D:2D50.0005 failed with error -71
[  125.402015][   T27] usb 2-1: USB disconnect, device number 5
[  125.496395][ T4813] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  125.528715][ T4813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.560230][ T4813] usb 4-1: config 0 descriptor??
[  125.591813][ T4813] cp210x 4-1:0.0: cp210x converter detected
[  125.973139][ T5331] loop4: detected capacity change from 0 to 2048
[  126.003625][ T4813] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -121
[  126.092097][ T5331] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  126.311383][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  126.405475][ T4813] cp210x 4-1:0.0: failed to get vendor val 0x370c size 15: -71
[  126.419746][ T4813] cp210x 4-1:0.0: GPIO initialisation failed: -71
[  126.469620][ T4813] usb 4-1: cp210x converter now attached to ttyUSB0
[  126.478901][ T4257] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  126.487729][ T4257] Bluetooth: hci1: Injecting HCI hardware error event
[  126.498171][ T4253] Bluetooth: hci1: hardware error 0x00
[  126.517256][ T5346] loop0: detected capacity change from 0 to 256
[  126.518333][ T5348] loop1: detected capacity change from 0 to 128
[  126.535626][ T4813] usb 4-1: USB disconnect, device number 4
[  126.564209][ T5348] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  126.593129][ T4813] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  126.602151][ T4813] cp210x 4-1:0.0: device disconnected
[  126.660743][ T5348] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  126.886420][ T5356] netlink: 12 bytes leftover after parsing attributes in process `syz.5.319'.
[  127.060938][ T5361] loop6: detected capacity change from 0 to 524287999
[  127.149878][ T5364] loop6: detected capacity change from 524287999 to 0
[  127.183407][    C1] blk_print_req_error: 7 callbacks suppressed
[  127.183426][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.198934][    C1] buffer_io_error: 7 callbacks suppressed
[  127.198950][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.213085][ T5361] ldm_validate_partition_table(): Disk read failed.
[  127.220979][ T5361] Dev loop6: unable to read RDB block 0
[  127.227895][ T5361]  loop6: unable to read partition table
[  127.251249][ T5361] loop6: partition table beyond EOD, truncated
[  127.280890][ T5361] loop_reread_partitions: partition scan of loop6 (‰u0AŠ°ßjû$UXàÈ¿`LÊAó‰8üú9>õià¼òD»K#U[ì«fÇÒW 7ÐðŽŠØ–ºg v–Þ) failed (rc=-5)
[  127.293015][ T5370] loop3: detected capacity change from 0 to 64
[  127.305110][ T5368] netlink: 16 bytes leftover after parsing attributes in process `syz.5.324'.
[  127.637958][ T5378] bond0: option miimon: invalid value (18446744072702918655)
[  127.682725][ T5378] bond0: option miimon: allowed values 0 - 2147483647
[  127.725841][ T5380] netlink: 20 bytes leftover after parsing attributes in process `syz.0.330'.
[  128.462690][ T5399] Zero length message leads to an empty skb
[  128.644553][ T4253] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  128.660269][ T5374] loop1: detected capacity change from 0 to 32768
[  129.934953][ T5435] loop5: detected capacity change from 0 to 512
[  130.085887][ T5435] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  130.104563][ T5435] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  130.147727][ T5435] EXT4-fs error (device loop5): ext4_do_update_inode:5224: inode #2: comm syz.5.352: corrupted inode contents
[  130.192434][ T5435] EXT4-fs error (device loop5): ext4_dirty_inode:6089: inode #2: comm syz.5.352: mark_inode_dirty error
[  130.253242][ T5435] EXT4-fs error (device loop5): ext4_do_update_inode:5224: inode #2: comm syz.5.352: corrupted inode contents
[  130.316119][ T5435] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #2: comm syz.5.352: mark_inode_dirty error
[  130.527303][ T5456] fuse: Invalid group_id
[  130.550476][ T4702] EXT4-fs (loop5): unmounting filesystem.
[  130.819296][ T5463] loop5: detected capacity change from 0 to 1024
[  130.958328][ T4716] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  131.154471][ T4716] usb 5-1: Using ep0 maxpacket: 8
[  131.161476][ T4716] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.194857][ T4716] usb 5-1: New USB device found, idVendor=044f, idProduct=b300, bcdDevice= 0.00
[  131.212989][ T4716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.251353][ T4716] usb 5-1: config 0 descriptor??
[  131.370437][ T5463] hfsplus: can't free extent
[  131.476517][ T5478] loop0: detected capacity change from 0 to 8192
[  131.540646][ T5478] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  131.598778][ T5475] hfsplus: can't free extent
[  131.640582][ T5478] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  131.656156][ T5478] REISERFS (device loop0): using ordered data mode
[  131.662867][ T5478] reiserfs: using flush barriers
[  131.671800][ T4300] hfsplus: b-tree write err: -5, ino 4
[  131.686374][ T5478] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  131.708617][ T4716] thrustmaster 0003:044F:B300.0006: item fetching failed at offset 4/5
[  131.746256][ T4716] thrustmaster 0003:044F:B300.0006: parse failed
[  131.753471][ T4716] thrustmaster: probe of 0003:044F:B300.0006 failed with error -22
[  131.782780][ T5478] REISERFS (device loop0): checking transaction log (loop0)
[  131.911095][ T5495] loop1: detected capacity change from 0 to 512
[  131.934765][ T4250] usb 5-1: USB disconnect, device number 3
[  132.039059][ T5495] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  132.065158][ T5495] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  132.111088][ T5506] netlink: 8 bytes leftover after parsing attributes in process `syz.5.373'.
[  132.128107][ T5478] REISERFS (device loop0): Using tea hash to sort names
[  132.163479][ T5478] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  132.187819][ T5495] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #2: comm syz.1.371: corrupted inode contents
[  132.240331][ T5495] EXT4-fs error (device loop1): ext4_dirty_inode:6089: inode #2: comm syz.1.371: mark_inode_dirty error
[  132.285131][ T5495] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #2: comm syz.1.371: corrupted inode contents
[  132.316293][ T5495] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.371: mark_inode_dirty error
[  132.526089][ T4256] EXT4-fs (loop1): unmounting filesystem.
[  132.719203][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  132.727453][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  132.896859][ T5522] loop4: detected capacity change from 0 to 16
[  132.934940][ T5522] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  133.297437][ T5534] loop0: detected capacity change from 0 to 1024
[  133.473318][ T5497] loop3: detected capacity change from 0 to 40427
[  133.532496][ T5497] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(0) root(83886083)
[  133.556827][ T5497] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  133.597365][ T5497] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3ffff
[  133.619292][ T5545] loop4: detected capacity change from 0 to 64
[  133.633554][ T5497] F2FS-fs (loop3): invalid crc value
[  133.696527][ T5497] F2FS-fs (loop3): Found nat_bits in checkpoint
[  133.705730][ T5534] hfsplus: can't free extent
[  133.882555][ T5540] hfsplus: can't free extent
[  133.935297][ T5553] loop5: detected capacity change from 0 to 128
[  133.981102][ T5497] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  134.009748][ T5497] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  134.026729][ T5553] VFS: Found a Xenix FS (block size = 512) on device loop5
[  134.086989][ T5553] syz.5.388: attempt to access beyond end of device
[  134.086989][ T5553] loop5: rw=0, sector=8767744, nr_sectors = 1 limit=128
[  134.138799][   T46] hfsplus: b-tree write err: -5, ino 4
[  134.183953][ T5553] sysv_free_block: trying to free block not in datazone
[  134.251824][ T5497] syz.3.372: attempt to access beyond end of device
[  134.251824][ T5497] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  134.299958][ T5558] syz.5.388: attempt to access beyond end of device
[  134.299958][ T5558] loop5: rw=0, sector=8767744, nr_sectors = 1 limit=128
[  134.304986][ T5497] syz.3.372: attempt to access beyond end of device
[  134.304986][ T5497] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  134.418634][ T5558] Buffer I/O error on dev loop5, logical block 8767744, async page read
[  134.461483][   T26] kauditd_printk_skb: 13 callbacks suppressed
[  134.461500][   T26] audit: type=1800 audit(1740149793.732:6): pid=5558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.388" name="/" dev="loop5" ino=2 res=0 errno=0
[  134.566856][ T4262] syz-executor: attempt to access beyond end of device
[  134.566856][ T4262] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  134.690175][ T4702] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  134.815778][ T5571] loop1: detected capacity change from 0 to 16
[  134.906889][ T5571] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  134.963326][ T5574] input: syz0 as /devices/virtual/input/input8
[  135.409964][ T5581] loop1: detected capacity change from 0 to 2048
[  135.412388][ T5584] netlink: 4 bytes leftover after parsing attributes in process `syz.5.397'.
[  135.584838][ T5590] mkiss: ax0: crc mode is auto.
[  135.654178][ T5581] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  135.667617][ T5560] loop4: detected capacity change from 0 to 40427
[  135.695798][ T5560] F2FS-fs (loop4): Wrong segment_count / block_count (64 > 16384)
[  135.703685][ T5560] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  135.840624][ T5560] F2FS-fs (loop4): Found nat_bits in checkpoint
[  135.917469][ T5568] loop0: detected capacity change from 0 to 32768
[  135.976069][ T4256] EXT4-fs (loop1): unmounting filesystem.
[  136.089751][ T5560] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  136.111335][ T5560] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  136.163628][ T5608] sch_tbf: burst 1127 is lower than device lo mtu (65550) !
[  136.224556][ T4250] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  136.279798][ T5560] syz.4.389: attempt to access beyond end of device
[  136.279798][ T5560] loop4: rw=10241, sector=53248, nr_sectors = 8 limit=40427
[  136.417965][ T4250] usb 6-1: Using ep0 maxpacket: 32
[  136.438481][ T4250] usb 6-1: config 0 has an invalid interface number: 101 but max is 0
[  136.463290][ T4250] usb 6-1: config 0 has no interface number 0
[  136.480025][ T4250] usb 6-1: config 0 interface 101 has no altsetting 0
[  136.481815][ T4260] syz-executor: attempt to access beyond end of device
[  136.481815][ T4260] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  136.500590][ T4250] usb 6-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=59.84
[  136.524504][ T4250] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.565207][ T4250] usb 6-1: config 0 descriptor??
[  136.762876][ T5617] netlink: 4 bytes leftover after parsing attributes in process `syz.0.402'.
[  136.780780][ T4250] usb 6-1: string descriptor 0 read error: -71
[  136.862728][ T5613] loop1: detected capacity change from 0 to 8192
[  136.896739][ T4250] usb 6-1: USB disconnect, device number 3
[  136.927744][ T5613] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  136.969044][ T5613] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  136.993729][ T5613] REISERFS (device loop1): using ordered data mode
[  137.000649][ T5613] reiserfs: using flush barriers
[  137.016971][ T5613] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  137.036182][ T5613] REISERFS (device loop1): checking transaction log (loop1)
[  137.310198][ T5613] REISERFS (device loop1): Using tea hash to sort names
[  137.323227][ T5613] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  137.536293][ T5627] loop5: detected capacity change from 0 to 16
[  137.543230][ T5627] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  137.972936][ T5637] loop5: detected capacity change from 0 to 256
[  138.189013][ T5641] loop3: detected capacity change from 0 to 2048
[  138.240801][ T5641] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=18576, location=18576
[  138.311982][ T5641] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  138.560972][ T4262] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh
[  138.588499][ T4262] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh
[  138.681716][ T5660] loop0: detected capacity change from 0 to 64
[  138.960332][ T5666] mkiss: ax0: crc mode is auto.
[  139.270012][   T46] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.487547][   T46] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.667009][   T46] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.851881][   T46] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.009098][ T5700] loop0: detected capacity change from 0 to 256
[  140.760383][ T5716] loop4: detected capacity change from 0 to 64
[  141.419236][ T5679] loop5: detected capacity change from 0 to 65536
[  141.592505][ T5679] XFS (loop5): Mounting V5 Filesystem
[  141.761965][ T5745] loop4: detected capacity change from 0 to 256
[  141.774554][ T5679] XFS (loop5): Ending clean mount
[  141.858923][   T26] audit: type=1800 audit(1740149801.132:7): pid=5745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.441" name="bus" dev="loop4" ino=1048606 res=0 errno=0
[  142.355574][ T4257] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  142.384597][ T4257] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  142.394176][ T4257] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  142.404748][ T4257] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  142.412332][ T4257] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  142.419862][ T4257] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  142.564662][ T5761] XFS (loop5): Metadata CRC error detected at xfs_agf_read_verify+0x1df/0x2a0, xfs_agf block 0x8001 
[  142.601417][ T5761] XFS (loop5): Unmount and run xfs_repair
[  142.609806][ T5761] XFS (loop5): First 128 bytes of corrupted metadata buffer:
[  142.643666][ T5761] 00000000: 58 41 47 46 00 00 00 01 00 00 00 01 00 00 40 00  XAGF..........@.
[  142.655236][   T46] device hsr_slave_0 left promiscuous mode
[  142.673695][   T46] device hsr_slave_1 left promiscuous mode
[  142.684268][ T5761] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  142.703667][ T5761] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  142.734852][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.744649][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.764396][ T5761] 00000030: 00 00 00 04 00 00 3b 5f 00 00 3b 5c 00 00 00 00  ......;_..;\....
[  142.773278][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.773351][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.821602][ T5761] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  142.835259][   T46] device bridge_slave_1 left promiscuous mode
[  142.854689][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.868517][ T5761] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  142.879085][   T46] device bridge_slave_0 left promiscuous mode
[  142.895083][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.919935][ T5761] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  142.974529][ T5761] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  143.014001][ T5761] XFS (loop5): metadata I/O error in "xfs_read_agf+0x2e2/0x680" at daddr 0x8001 len 1 error 74
[  143.164800][   T46] device veth1_macvtap left promiscuous mode
[  143.171009][   T46] device veth0_macvtap left promiscuous mode
[  143.186126][   T46] device veth1_vlan left promiscuous mode
[  143.202379][   T46] device veth0_vlan left promiscuous mode
[  143.259222][ T5771] netlink: 60 bytes leftover after parsing attributes in process `syz.0.449'.
[  143.373807][ T4702] XFS (loop5): Unmounting Filesystem
[  143.615292][ T5763] loop4: detected capacity change from 0 to 32768
[  144.484784][ T4257] Bluetooth: hci4: command 0x0409 tx timeout
[  144.663971][ T5776] loop5: detected capacity change from 0 to 32768
[  144.687091][ T5776] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop5 scanned by syz.5.450 (5776)
[  144.731809][ T5776] BTRFS info (device loop5): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[  144.749887][ T5776] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  144.761421][ T5776] BTRFS info (device loop5): using free space tree
[  145.098090][ T5780] loop4: detected capacity change from 0 to 32768
[  145.106289][   T46] team0 (unregistering): Port device team_slave_0 removed
[  145.116542][ T5780] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  145.124420][ T5776] BTRFS info (device loop5): enabling ssd optimizations
[  145.124793][ T5780] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  145.155073][ T5780] gfs2: fsid=syz:syz.0: journal 0 mapped with 18 extents in 0ms
[  145.164259][   T27] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  145.173715][   T27] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  145.271909][   T27] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 98ms
[  145.298314][   T27] gfs2: fsid=syz:syz.0: jid=0: Done
[  145.312556][ T5780] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  145.322191][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  145.352819][ T5780] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  145.352819][ T5780]   inode = 0 2341
[  145.352819][ T5780]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  145.353726][ T4702] BTRFS info (device loop5): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[  145.371827][ T5780] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qobnN t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  145.371872][ T5780] gfs2: fsid=syz:syz.0:  H: s:SH f:AH e:0 p:5780 [syz.4.453] inode_permission+0x22f/0x450
[  145.371937][ T5780] gfs2: fsid=syz:syz.0:  I: n:0/2341 t:4 f:0x00 d:0x00000201 s:0 p:0
[  145.371963][ T5780] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  145.371984][ T5780] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  145.371997][ T5780] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  145.372159][ T5780] gfs2: fsid=syz:syz.0: File system withdrawn
[  145.372182][ T5780] CPU: 1 PID: 5780 Comm: syz.4.453 Not tainted 6.1.129-syzkaller #0
[  145.372205][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  145.372217][ T5780] Call Trace:
[  145.372225][ T5780]  <TASK>
[  145.372234][ T5780]  dump_stack_lvl+0x1e3/0x2cb
[  145.372284][ T5780]  ? nf_tcp_handle_invalid+0x647/0x647
[  145.372318][ T5780]  ? panic+0x764/0x764
[  145.372341][ T5780]  ? kobject_uevent_env+0x54a/0x8c0
[  145.372377][ T5780]  gfs2_withdraw+0xfcb/0x1550
[  145.372424][ T5780]  ? gfs2_lm+0x230/0x230
[  145.372458][ T5780]  ? gfs2_journal_wipe+0x980/0x980
[  145.372493][ T5780]  ? gfs2_consist_inode_i+0xf1/0x110
[  145.372529][ T5780]  gfs2_inode_refresh+0xbde/0x1060
[  145.372563][ T5780]  ? gfs2_inode_metasync+0xf0/0xf0
[  145.372592][ T5780]  ? gfs2_glock_nq+0xd2d/0x1590
[  145.372616][ T5780]  gfs2_instantiate+0x188/0x250
[  145.372652][ T5780]  gfs2_glock_wait+0x1db/0x2a0
[  145.526400][ T5780]  gfs2_permission+0x2c5/0x4d0
[  145.531183][ T5780]  ? gfs2_lookupi+0x630/0x630
[  145.535904][ T5780]  ? inode_permission+0x22f/0x450
[  145.540957][ T5780]  inode_permission+0x22f/0x450
[  145.545815][ T5780]  ? gfs2_lookupi+0x630/0x630
[  145.550511][ T5780]  may_open+0x29e/0x400
[  145.554684][ T5780]  path_openat+0x24e3/0x2e60
[  145.559386][ T5780]  ? mark_lock+0x9a/0x340
[  145.563761][ T5780]  ? do_filp_open+0x480/0x480
[  145.568474][ T5780]  do_filp_open+0x230/0x480
[  145.572998][ T5780]  ? vfs_tmpfile+0x4a0/0x4a0
[  145.577618][ T5780]  ? _raw_spin_unlock+0x24/0x40
[  145.582475][ T5780]  ? alloc_fd+0x5a0/0x640
[  145.586825][ T5780]  do_sys_openat2+0x13b/0x4f0
[  145.591506][ T5780]  ? kasan_quarantine_put+0xd4/0x220
[  145.596804][ T5780]  ? do_sys_open+0x220/0x220
[  145.601431][ T5780]  ? __kmem_cache_free+0x25c/0x3c0
[  145.606563][ T5780]  __x64_sys_openat+0x243/0x290
[  145.611417][ T5780]  ? __ia32_sys_open+0x270/0x270
[  145.616369][ T5780]  ? syscall_enter_from_user_mode+0x2e/0x230
[  145.622356][ T5780]  ? lockdep_hardirqs_on+0x94/0x130
[  145.627583][ T5780]  ? syscall_enter_from_user_mode+0x2e/0x230
[  145.633569][ T5780]  do_syscall_64+0x3b/0xb0
[  145.638021][ T5780]  ? clear_bhb_loop+0x45/0xa0
[  145.642803][ T5780]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  145.648713][ T5780] RIP: 0033:0x7fd25438ba10
[  145.653146][ T5780] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  145.672799][ T5780] RSP: 002b:00007fd2551d1df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  145.681233][ T5780] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007fd25438ba10
[  145.689228][ T5780] RDX: 0000000000010000 RSI: 0000400000000100 RDI: 00000000ffffff9c
[  145.697216][ T5780] RBP: 0000400000000100 R08: 0000000000000000 R09: 0000000000008c9b
[  145.705194][ T5780] R10: 0000000000000000 R11: 0000000000000293 R12: 0000400000000100
[  145.713179][ T5780] R13: 00007fd2551d1eb0 R14: 0000000000012806 R15: 0000400000002080
[  145.721172][ T5780]  </TASK>
[  146.094166][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  146.521440][ T5807] loop5: detected capacity change from 0 to 64
[  146.565095][ T4257] Bluetooth: hci4: command 0x041b tx timeout
[  146.580785][ T5807] hfs: bad catalog entry type 0
[  146.885332][ T5813] loop4: detected capacity change from 0 to 1024
[  146.914015][ T5813] EXT4-fs: Ignoring removed orlov option
[  146.977742][ T5813] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  147.202520][ T5812] EXT4-fs (loop4): unmounting filesystem.
[  147.424203][   T46] bond0 (unregistering): Released all slaves
[  147.481868][ T5810] loop5: detected capacity change from 0 to 65536
[  147.495917][ T5810] XFS (loop5): Mounting V5 Filesystem
[  147.549212][ T5810] XFS (loop5): Ending clean mount
[  147.554532][ T5768] netlink: 'syz.1.447': attribute type 11 has an invalid length.
[  147.563415][ T5771] netlink: 60 bytes leftover after parsing attributes in process `syz.0.449'.
[  147.897767][ T5830] loop1: detected capacity change from 0 to 2048
[  147.999643][ T4702] XFS (loop5): Unmounting Filesystem
[  148.017799][ T5830] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  148.054918][ T5830] UDF-fs: Scanning with blocksize 512 failed
[  148.159509][ T5830] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  148.253517][ T5830] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  148.413434][ T5753] chnl_net:caif_netlink_parms(): no params data found
[  148.507246][ T5841] loop0: detected capacity change from 0 to 32768
[  148.559535][ T5841] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  148.567890][ T5841] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  148.618318][ T5841] gfs2: fsid=syz:syz.0: journal 0 mapped with 18 extents in 0ms
[  148.635150][ T4257] Bluetooth: hci4: command 0x040f tx timeout
[  148.654529][ T4716] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  148.661398][ T4716] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  148.960554][ T4716] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 299ms
[  149.005598][ T4716] gfs2: fsid=syz:syz.0: jid=0: Done
[  149.012148][ T5841] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  149.024517][ T5841] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  149.024517][ T5841]   inode = 0 2341
[  149.024517][ T5841]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  149.043331][ T5841] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qobnN t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  149.052846][ T5841] gfs2: fsid=syz:syz.0:  H: s:SH f:AH e:0 p:5841 [syz.0.465] inode_permission+0x22f/0x450
[  149.062982][ T5841] gfs2: fsid=syz:syz.0:  I: n:0/2341 t:4 f:0x00 d:0x00000201 s:0 p:0
[  149.071159][ T5841] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  149.078435][ T5841] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  149.087398][ T5841] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  149.094062][ T5841] gfs2: fsid=syz:syz.0: File system withdrawn
[  149.100512][ T5841] CPU: 1 PID: 5841 Comm: syz.0.465 Not tainted 6.1.129-syzkaller #0
[  149.108535][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  149.118723][ T5841] Call Trace:
[  149.122031][ T5841]  <TASK>
[  149.124990][ T5841]  dump_stack_lvl+0x1e3/0x2cb
[  149.129716][ T5841]  ? nf_tcp_handle_invalid+0x647/0x647
[  149.135231][ T5841]  ? panic+0x764/0x764
[  149.139520][ T5841]  ? kobject_uevent_env+0x54a/0x8c0
[  149.144775][ T5841]  gfs2_withdraw+0xfcb/0x1550
[  149.149524][ T5841]  ? gfs2_lm+0x230/0x230
[  149.153824][ T5841]  ? gfs2_journal_wipe+0x980/0x980
[  149.158987][ T5841]  ? gfs2_consist_inode_i+0xf1/0x110
[  149.164311][ T5841]  gfs2_inode_refresh+0xbde/0x1060
[  149.169448][ T5841]  ? gfs2_inode_metasync+0xf0/0xf0
[  149.174581][ T5841]  ? gfs2_glock_nq+0xd2d/0x1590
[  149.179477][ T5841]  gfs2_instantiate+0x188/0x250
[  149.184383][ T5841]  gfs2_glock_wait+0x1db/0x2a0
[  149.189167][ T5841]  gfs2_permission+0x2c5/0x4d0
[  149.194036][ T5841]  ? gfs2_lookupi+0x630/0x630
[  149.198722][ T5841]  ? inode_permission+0x22f/0x450
[  149.203942][ T5841]  inode_permission+0x22f/0x450
[  149.208807][ T5841]  ? gfs2_lookupi+0x630/0x630
[  149.213510][ T5841]  may_open+0x29e/0x400
[  149.217701][ T5841]  path_openat+0x24e3/0x2e60
[  149.222312][ T5841]  ? mark_lock+0x9a/0x340
[  149.226668][ T5841]  ? do_filp_open+0x480/0x480
[  149.231378][ T5841]  do_filp_open+0x230/0x480
[  149.235900][ T5841]  ? vfs_tmpfile+0x4a0/0x4a0
[  149.240518][ T5841]  ? _raw_spin_unlock+0x24/0x40
[  149.245376][ T5841]  ? alloc_fd+0x5a0/0x640
[  149.249720][ T5841]  do_sys_openat2+0x13b/0x4f0
[  149.254416][ T5841]  ? kasan_quarantine_put+0xd4/0x220
[  149.259733][ T5841]  ? do_sys_open+0x220/0x220
[  149.264338][ T5841]  ? __kmem_cache_free+0x25c/0x3c0
[  149.269479][ T5841]  __x64_sys_openat+0x243/0x290
[  149.274385][ T5841]  ? __ia32_sys_open+0x270/0x270
[  149.279352][ T5841]  ? syscall_enter_from_user_mode+0x2e/0x230
[  149.285360][ T5841]  ? lockdep_hardirqs_on+0x94/0x130
[  149.290568][ T5841]  ? syscall_enter_from_user_mode+0x2e/0x230
[  149.296561][ T5841]  do_syscall_64+0x3b/0xb0
[  149.300997][ T5841]  ? clear_bhb_loop+0x45/0xa0
[  149.305690][ T5841]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  149.311603][ T5841] RIP: 0033:0x7f0f9ab8ba10
[  149.316033][ T5841] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  149.335654][ T5841] RSP: 002b:00007f0f9b990df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  149.344170][ T5841] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007f0f9ab8ba10
[  149.352150][ T5841] RDX: 0000000000010000 RSI: 0000400000000100 RDI: 00000000ffffff9c
[  149.360128][ T5841] RBP: 0000400000000100 R08: 0000000000000000 R09: 0000000000008c9b
[  149.368106][ T5841] R10: 0000000000000000 R11: 0000000000000293 R12: 0000400000000100
[  149.376101][ T5841] R13: 00007f0f9b990eb0 R14: 0000000000012806 R15: 0000400000002080
[  149.384179][ T5841]  </TASK>
[  149.511144][ T5753] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.543516][ T5753] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.605526][ T5753] device bridge_slave_0 entered promiscuous mode
[  149.680508][ T5753] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.702488][ T5753] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.711428][ T5753] device bridge_slave_1 entered promiscuous mode
[  149.820919][ T5753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.868928][ T5753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.923300][ T5850] loop4: detected capacity change from 0 to 32768
[  149.944232][ T5850] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.468 (5850)
[  149.967993][ T5753] team0: Port device team_slave_0 added
[  150.006303][ T5753] team0: Port device team_slave_1 added
[  150.027030][ T5850] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  150.045212][ T5850] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  150.057427][ T5850] BTRFS info (device loop4): setting nodatacow, compression disabled
[  150.071750][ T4717] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  150.093102][ T5850] BTRFS info (device loop4): doing ref verification
[  150.101352][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_0
[  150.108564][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.135695][ T5850] BTRFS info (device loop4): turning off barriers
[  150.142377][ T5850] BTRFS info (device loop4): enabling ssd optimizations
[  150.155727][ T5850] BTRFS info (device loop4): using spread ssd allocation scheme
[  150.163614][ T5850] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8)
[  150.190654][ T5850] BTRFS info (device loop4): force lzo compression, level 0
[  150.204935][ T5753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  150.216052][ T5850] BTRFS info (device loop4): turning on sync discard
[  150.222787][ T5850] BTRFS info (device loop4): using free space tree
[  150.239432][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_1
[  150.252081][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.282551][ T5753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  150.294609][ T4717] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  150.305912][ T4717] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  150.317664][ T4717] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  150.330015][ T4717] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  150.353880][ T4717] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  150.384959][ T4717] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.424238][ T4717] usb 6-1: Product: syz
[  150.442200][ T4717] usb 6-1: Manufacturer: syz
[  150.447861][ T4717] usb 6-1: SerialNumber: syz
[  150.466133][ T4717] usb 6-1: config 0 descriptor??
[  150.523574][ T5753] device hsr_slave_0 entered promiscuous mode
[  150.565211][ T5753] device hsr_slave_1 entered promiscuous mode
[  150.593874][ T5753] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  150.640077][ T5753] Cannot create hsr debugfs directory
[  150.701193][ T4717] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  150.724860][ T4257] Bluetooth: hci4: command 0x0419 tx timeout
[  150.935650][ T5865] usb 6-1: Couldn't submit interrupt_out_urb -90
[  150.952744][ T4811] usb 6-1: USB disconnect, device number 4
[  151.016402][ T5753] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  151.052127][ T5753] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  151.096444][ T5753] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  151.140593][ T5753] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  151.152364][ T4260] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  151.177646][ T5870] loop0: detected capacity change from 0 to 32768
[  151.210942][ T5870] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop0 scanned by syz.0.469 (5870)
[  151.466761][ T5753] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.499250][ T5870] BTRFS info (device loop0): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[  151.526646][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  151.538374][ T5870] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  151.571004][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  151.584904][ T5870] BTRFS info (device loop0): using free space tree
[  151.617747][ T5753] 8021q: adding VLAN 0 to HW filter on device team0
[  151.657715][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  151.685472][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  151.730841][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.738073][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.754222][ T5920] loop5: detected capacity change from 0 to 1024
[  151.827821][ T5920] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  151.885438][ T5870] BTRFS info (device loop0): enabling ssd optimizations
[  151.900783][ T5920] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  151.926544][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  151.957651][ T5920] EXT4-fs error (device loop5): ext4_get_journal_inode:5723: inode #5: comm syz.5.477: unexpected bad inode w/o EXT4_IGET_BAD
[  151.988593][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  152.017557][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  152.046818][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.054033][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.095939][ T5920] EXT4-fs (loop5): no journal found
[  152.101308][ T5920] EXT4-fs (loop5): can't get journal size
[  152.111764][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  152.134475][ T5920] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  152.229494][ T4248] BTRFS info (device loop0): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[  152.248805][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  152.258026][ T4702] EXT4-fs (loop5): unmounting filesystem.
[  152.326771][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  152.428210][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  152.482233][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  152.535465][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  152.581332][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  152.623715][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  152.685758][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  152.698289][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  152.747102][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  152.783087][ T5753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  152.873611][ T5945] loop0: detected capacity change from 0 to 2048
[  153.023653][ T5945] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[  153.063495][ T5945] UDF-fs: Scanning with blocksize 512 failed
[  153.096043][ T5954] loop1: detected capacity change from 0 to 1024
[  153.110471][ T5945] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[  153.145393][ T5954] EXT4-fs: Ignoring removed orlov option
[  153.179549][ T5945] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  153.237213][ T5954] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  153.350411][ T5961] loop5: detected capacity change from 0 to 256
[  153.400664][ T5961] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1fdf94bc, utbl_chksum : 0xe619d30d)
[  153.458858][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  153.494724][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  153.512681][ T5954] EXT4-fs (loop1): unmounting filesystem.
[  153.538374][ T5753] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.284192][ T5952] loop4: detected capacity change from 0 to 40427
[  154.313465][ T5952] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  154.394759][ T5952] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  154.492165][ T5952] F2FS-fs (loop4): Found nat_bits in checkpoint
[  154.502961][ T5999] loop5: detected capacity change from 0 to 512
[  154.581785][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  154.599804][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  154.651906][ T5999] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  154.673912][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  154.681780][ T5999] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.697710][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  154.728899][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  154.739400][ T5952] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  154.749140][ T5952] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  154.764133][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  154.793447][ T5753] device veth0_vlan entered promiscuous mode
[  154.876495][ T5753] device veth1_vlan entered promiscuous mode
[  154.919556][ T5973] loop0: detected capacity change from 0 to 32768
[  154.963751][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  154.973324][ T5973] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.485 (5973)
[  154.978803][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  155.030051][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  155.067029][ T5973] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  155.079905][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  155.093918][ T5753] device veth0_macvtap entered promiscuous mode
[  155.108909][ T5753] device veth1_macvtap entered promiscuous mode
[  155.140919][ T5973] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  155.150930][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.170265][ T5973] BTRFS info (device loop0): setting nodatacow, compression disabled
[  155.190541][ T5973] BTRFS info (device loop0): doing ref verification
[  155.204533][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.229575][ T5973] BTRFS info (device loop0): turning off barriers
[  155.252316][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.266192][ T5973] BTRFS info (device loop0): enabling ssd optimizations
[  155.273564][ T5973] BTRFS info (device loop0): using spread ssd allocation scheme
[  155.304387][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.314257][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.354476][ T5973] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8)
[  155.384410][ T5973] BTRFS info (device loop0): force lzo compression, level 0
[  155.391773][ T5973] BTRFS info (device loop0): turning on sync discard
[  155.404511][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.405576][ T5973] BTRFS info (device loop0): using free space tree
[  155.444531][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.488857][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.551226][ T4702] EXT4-fs (loop5): unmounting filesystem.
[  155.555643][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_0
[  155.625303][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  155.646519][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  155.680255][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  155.710529][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  155.723765][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.750814][ T6034] loop1: detected capacity change from 0 to 2048
[  155.765094][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.775063][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.785600][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.795573][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.806123][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.816458][ T5753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.827045][ T5753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.839064][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_1
[  155.848885][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  155.920867][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  155.926712][ T5753] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.926754][ T5753] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.926786][ T5753] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.926817][ T5753] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  156.148482][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.148579][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.152672][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  156.261385][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.261466][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.273643][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  156.336211][ T6051] loop4: detected capacity change from 0 to 16
[  156.389260][ T6051] erofs: (device loop4): mounted with root inode @ nid 36.
[  156.403667][ T4248] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  156.632295][ T6034] tty tty23: ldisc open failed (-12), clearing slot 22
[  157.499427][ T6082] loop6: detected capacity change from 0 to 64
[  157.701003][ T6084] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  157.707956][ T6084] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  157.746098][ T6084] vhci_hcd vhci_hcd.0: Device attached
[  157.937899][ T4716] usb 5-1: new low-speed USB device number 4 using dummy_hcd
[  157.954615][ T4806] vhci_hcd: vhci_device speed not set
[  158.034448][ T4806] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[  158.146254][ T4716] usb 5-1: config 0 has no interfaces?
[  158.151854][ T4716] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  158.198531][ T4716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.235372][ T4716] usb 5-1: config 0 descriptor??
[  158.380955][ T6110] netlink: 'syz.0.516': attribute type 10 has an invalid length.
[  158.447669][ T6110] team0: Port device netdevsim0 added
[  158.463840][ T6087] usb 41-1: recv xbuf, 0
[  158.481376][   T33] vhci_hcd: stop threads
[  158.486089][ T4250] usb 5-1: USB disconnect, device number 4
[  158.490680][   T33] vhci_hcd: release socket
[  158.536365][   T33] vhci_hcd: disconnect device
[  158.554546][ T4806] vhci_hcd: vhci_device speed not set
[  159.930256][ T6149] netlink: 'syz.5.530': attribute type 5 has an invalid length.
[  159.969323][ T6120] loop0: detected capacity change from 0 to 32768
[  160.070677][ T6120] ERROR: (device loop0): jfs_readdir: DT_GETPAGE: dtree page corrupt
[  160.070677][ T6120] 
[  160.113056][ T6155] loop1: detected capacity change from 0 to 256
[  160.152053][ T6120] ERROR: (device loop0): remounting filesystem as read-only
[  160.335894][ T6155] FAT-fs (loop1): Directory bread(block 64) failed
[  160.343081][ T6155] FAT-fs (loop1): Directory bread(block 65) failed
[  160.351203][ T6155] FAT-fs (loop1): Directory bread(block 66) failed
[  160.413741][ T6155] FAT-fs (loop1): Directory bread(block 67) failed
[  160.436170][ T6161] loop6: detected capacity change from 0 to 190
[  160.447224][ T6155] FAT-fs (loop1): Directory bread(block 68) failed
[  160.474621][ T6161] ntfs: (device loop6): is_boot_sector_ntfs(): Invalid boot sector checksum.
[  160.498514][ T6155] FAT-fs (loop1): Directory bread(block 69) failed
[  160.526370][ T6161] ntfs: (device loop6): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match.  Run ntfsfix or chkdsk.
[  160.571599][ T6155] FAT-fs (loop1): Directory bread(block 70) failed
[  160.584267][ T6161] ntfs: (device loop6): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  160.600229][ T6155] FAT-fs (loop1): Directory bread(block 71) failed
[  160.607293][ T6155] FAT-fs (loop1): Directory bread(block 72) failed
[  160.622717][ T6155] FAT-fs (loop1): Directory bread(block 73) failed
[  160.647633][ T6161] ntfs: volume version 0.0.
[  160.660445][ T6161] ntfs: (device loop6): load_system_files(): Disabling sparse support due to NTFS volume version 0.0 (need at least version 3.0).
[  160.731160][ T6161] ntfs: (device loop6): ntfs_read_locked_inode(): Inode is not in use!
[  160.768073][ T6161] ntfs: (device loop6): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x2 as bad.  Run chkdsk.
[  160.828962][ T6161] ntfs: (device loop6): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  160.908110][ T6169] loop4: detected capacity change from 0 to 1024
[  160.929985][ T6161] syz.6.534: attempt to access beyond end of device
[  160.929985][ T6161] loop6: rw=0, sector=552, nr_sectors = 8 limit=190
[  161.030064][ T6161] ntfs: (device loop6): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x45.
[  161.074766][ T6161] ntfs: (device loop6): ntfs_lookup_inode_by_name(): Failed to map directory index page, error 5.
[  161.097352][ T6161] ntfs: (device loop6): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  161.259463][ T6161] syz.6.534: attempt to access beyond end of device
[  161.259463][ T6161] loop6: rw=0, sector=552, nr_sectors = 8 limit=190
[  161.435695][ T6182] loop5: detected capacity change from 0 to 256
[  161.669587][ T6189] loop4: detected capacity change from 0 to 256
[  161.881213][ T6195] loop0: detected capacity change from 0 to 1024
[  161.914626][ T6195] EXT4-fs: Ignoring removed mblk_io_submit option
[  162.067809][ T6195] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  162.322429][ T6211] netlink: 'syz.4.549': attribute type 10 has an invalid length.
[  162.372506][ T6211] netlink: 40 bytes leftover after parsing attributes in process `syz.4.549'.
[  162.407872][ T6211] bridge0: port 3(veth0_vlan) entered blocking state
[  162.418983][ T4248] EXT4-fs (loop0): unmounting filesystem.
[  162.444965][ T6211] bridge0: port 3(veth0_vlan) entered disabled state
[  162.467160][ T6211] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  162.516197][ T6216] sctp: [Deprecated]: syz.6.551 (pid 6216) Use of struct sctp_assoc_value in delayed_ack socket option.
[  162.516197][ T6216] Use struct sctp_sack_info instead
[  162.660516][ T6220] loop0: detected capacity change from 0 to 2048
[  162.743980][ T6220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  162.762760][ T6223] loop5: detected capacity change from 0 to 64
[  162.822069][ T6187] loop1: detected capacity change from 0 to 32768
[  162.943347][ T6234] loop6: detected capacity change from 0 to 256
[  162.997118][ T6234] exFAT-fs (loop6): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  163.054030][ T6187] XFS (loop1): Mounting V5 Filesystem
[  163.118322][ T6244] (unnamed net_device) (uninitialized): (slave batadv_slave_0): Device is not bonding slave
[  163.128676][ T6244] (unnamed net_device) (uninitialized): option active_slave: invalid value (batadv_slave_0)
[  163.257792][ T6187] XFS (loop1): Ending clean mount
[  163.293033][ T6187] XFS (loop1): Quotacheck needed: Please wait.
[  163.410535][ T6187] XFS (loop1): Quotacheck: Done.
[  163.580626][ T4256] XFS (loop1): Unmounting Filesystem
[  164.000952][ T6256] sp0: Synchronizing with TNC
[  164.262573][ T6247] loop5: detected capacity change from 0 to 32768
[  164.300308][ T6247] XFS: ikeep mount option is deprecated.
[  164.332196][ T6247] XFS: noikeep mount option is deprecated.
[  164.525939][ T6247] XFS (loop5): Mounting V5 Filesystem
[  164.752860][ T6247] XFS (loop5): Ending clean mount
[  164.776265][ T6247] XFS (loop5): Quotacheck needed: Please wait.
[  164.872991][ T6285] loop6: detected capacity change from 0 to 4096
[  164.934912][ T6247] XFS (loop5): Quotacheck: Done.
[  165.120267][ T6288] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  165.142314][ T4702] XFS (loop5): Unmounting Filesystem
[  166.303617][   T26] kauditd_printk_skb: 5 callbacks suppressed
[  166.303635][   T26] audit: type=1326 audit(1740149825.572:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  166.414017][   T26] audit: type=1326 audit(1740149825.572:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  166.516961][   T26] audit: type=1326 audit(1740149825.642:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  166.610393][   T26] audit: type=1326 audit(1740149825.642:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  166.700689][   T26] audit: type=1326 audit(1740149825.642:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  166.816303][   T26] audit: type=1326 audit(1740149825.642:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  166.904619][   T26] audit: type=1326 audit(1740149825.642:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  167.004547][   T26] audit: type=1326 audit(1740149825.642:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  167.099276][   T26] audit: type=1326 audit(1740149825.642:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  167.194825][   T26] audit: type=1326 audit(1740149825.642:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.5.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8198d0a9 code=0x7ffc0000
[  167.219104][ T6344] loop4: detected capacity change from 0 to 256
[  167.244050][ T6344] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  167.264955][ T6344] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  167.307834][ T6344] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  167.690991][ T6356] netlink: 20 bytes leftover after parsing attributes in process `syz.5.596'.
[  167.788992][ T6328] loop1: detected capacity change from 0 to 32768
[  168.251491][ T6372] loop4: detected capacity change from 0 to 64
[  169.156925][ T6398] loop4: detected capacity change from 0 to 1024
[  169.252427][ T6398] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  169.323708][ T6378] loop0: detected capacity change from 0 to 40427
[  169.361596][ T6398] EXT4-fs (loop4): shut down requested (2)
[  169.374278][ T6378] F2FS-fs (loop0): Found nat_bits in checkpoint
[  169.543193][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  169.560081][ T6378] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  169.780383][ T4248] syz-executor: attempt to access beyond end of device
[  169.780383][ T4248] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  169.922689][ T6405] loop1: detected capacity change from 0 to 40427
[  169.949045][ T6405] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  169.995930][ T6405] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  170.050118][ T6405] F2FS-fs (loop1): invalid crc value
[  170.091076][ T6405] F2FS-fs (loop1): Found nat_bits in checkpoint
[  170.263628][ T6405] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  170.282646][ T6405] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  170.405731][ T4250] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  170.440354][ T6412] loop6: detected capacity change from 0 to 32768
[  170.451617][ T6412] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by syz.6.619 (6412)
[  170.500881][ T6412] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  170.583758][ T6412] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  170.604541][ T4250] usb 6-1: Using ep0 maxpacket: 16
[  170.612923][ T4250] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  170.633907][ T6412] BTRFS info (device loop6): force clearing of disk cache
[  170.641756][ T4250] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  170.663200][ T6412] BTRFS info (device loop6): force zlib compression, level 3
[  170.681378][ T4250] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  170.693368][ T6412] BTRFS info (device loop6): enabling auto defrag
[  170.704877][ T6412] BTRFS info (device loop6): max_inline at 0
[  170.710945][ T6412] BTRFS info (device loop6): enabling disk space caching
[  170.726071][ T4250] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  170.747952][ T4250] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  170.764474][ T6412] BTRFS info (device loop6): disk space caching is enabled
[  170.793746][ T4250] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  170.829882][ T4250] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  170.861571][ T4250] usb 6-1: Manufacturer: syz
[  170.915643][ T4250] usb 6-1: config 0 descriptor??
[  171.064671][ T6412] BTRFS info (device loop6): enabling ssd optimizations
[  171.081430][ T6412] BTRFS info (device loop6): rebuilding free space tree
[  171.193730][ T6412] BTRFS info (device loop6): disabling free space tree
[  171.231912][ T6412] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  171.260319][ T6412] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  171.320009][ T4250] rc_core: IR keymap rc-hauppauge not found
[  171.329764][ T4250] Registered IR keymap rc-empty
[  171.358517][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.404508][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.447287][ T4250] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  171.477896][ T5753] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  171.483892][ T4250] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input9
[  171.564012][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.573268][ T6463] loop1: detected capacity change from 0 to 128
[  171.594580][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.608445][ T6463] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  171.639585][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.682523][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.731249][ T6463] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  171.741638][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.779669][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.819811][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.864397][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.894864][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.935713][ T4250] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  171.965929][ T4250] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  172.024606][ T4250] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  172.055224][ T4250] usb 6-1: USB disconnect, device number 5
[  172.095992][ T4494] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  172.100661][ T6474] loop0: detected capacity change from 0 to 256
[  172.370676][ T6481] loop4: detected capacity change from 0 to 512
[  172.484130][ T6479] loop1: detected capacity change from 0 to 4096
[  172.505761][ T6481] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  172.506641][ T6479] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512)
[  172.534588][ T6481] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.569497][ T6479] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  172.620433][ T6479] ntfs3: loop1: Failed to load $Extend.
[  172.657461][ T4297] kernel write not supported for file /cpu/0/msr (pid: 4297 comm: kworker/0:7)
[  172.780688][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  173.002514][ T6494] sctp: [Deprecated]: syz.4.637 (pid 6494) Use of struct sctp_assoc_value in delayed_ack socket option.
[  173.002514][ T6494] Use struct sctp_sack_info instead
[  173.157086][ T6503] loop1: detected capacity change from 0 to 2048
[  173.245792][ T6503] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  173.281997][ T6506] netlink: 20 bytes leftover after parsing attributes in process `syz.4.643'.
[  173.590985][ T6514] bond0: Unable to set up delay as MII monitoring is disabled
[  173.908770][ T6521] loop1: detected capacity change from 0 to 512
[  174.082266][ T6521] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  174.118187][ T6529] loop0: detected capacity change from 0 to 512
[  174.135650][ T6529] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  174.152290][ T6521] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.333694][ T6529] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #15: comm syz.0.653: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  174.364778][ T6529] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.653: couldn't read orphan inode 15 (err -117)
[  174.461723][ T6529] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  174.513457][ T6529] ext2 filesystem being mounted at /126/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.544128][ T6537] loop6: detected capacity change from 0 to 512
[  174.602541][ T6537] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  174.628092][ T6539] tap0: tun_chr_ioctl cmd 1074025672
[  174.633480][ T6539] tap0: ignored: set checksum disabled
[  174.670242][ T6529] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #2: comm syz.0.653: Directory hole found for htree leaf block 0
[  174.696582][ T6537] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.656: invalid indirect mapped block 4294967295 (level 1)
[  174.730229][ T6537] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.656: invalid indirect mapped block 4294967295 (level 1)
[  174.730668][ T4256] EXT4-fs (loop1): unmounting filesystem.
[  174.746242][ T6537] EXT4-fs (loop6): 2 truncates cleaned up
[  174.756945][ T6537] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  174.873880][ T4248] EXT4-fs (loop0): unmounting filesystem.
[  175.021241][ T6537] EXT4-fs (loop6): shut down requested (2)
[  175.123425][ T6550] loop0: detected capacity change from 0 to 190
[  175.166714][ T5753] EXT4-fs (loop6): unmounting filesystem.
[  175.176575][ T6550] __ntfs_warning: 16 callbacks suppressed
[  175.176593][ T6550] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid boot sector checksum.
[  175.277933][ T6552] Driver unsupported XDP return value 0 on prog  (id 60) dev N/A, expect packet loss!
[  175.324699][ T6550] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match.  Run ntfsfix or chkdsk.
[  175.374455][ T6550] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  175.448483][ T6550] ntfs: volume version 0.0.
[  175.453060][ T6550] ntfs: (device loop0): load_system_files(): Disabling sparse support due to NTFS volume version 0.0 (need at least version 3.0).
[  175.530100][ T6550] ntfs: (device loop0): ntfs_read_locked_inode(): Inode is not in use!
[  175.574543][ T6550] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x2 as bad.  Run chkdsk.
[  175.604603][ T6550] ntfs: (device loop0): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  175.644069][ T6550] syz.0.659: attempt to access beyond end of device
[  175.644069][ T6550] loop0: rw=0, sector=552, nr_sectors = 8 limit=190
[  175.688380][ T6550] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x45.
[  175.717024][ T6550] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Failed to map directory index page, error 5.
[  175.728527][ T6550] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  175.869020][ T6550] syz.0.659: attempt to access beyond end of device
[  175.869020][ T6550] loop0: rw=0, sector=552, nr_sectors = 8 limit=190
[  175.952034][ T6576] loop5: detected capacity change from 0 to 1024
[  176.073398][ T6576] hfsplus: catalog searching failed
[  176.341274][ T6587] loop5: detected capacity change from 0 to 1024
[  176.387121][ T6587] hfsplus: request for non-existent node 3 in B*Tree
[  176.405029][ T6587] hfsplus: request for non-existent node 3 in B*Tree
[  176.441749][ T6590] loop0: detected capacity change from 0 to 4096
[  176.516670][ T6592] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  176.573314][ T6594] bridge_slave_0: default FDB implementation only supports local addresses
[  177.127321][ T6616] loop5: detected capacity change from 0 to 256
[  177.190293][ T6616] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  177.234079][ T6622] netlink: 96 bytes leftover after parsing attributes in process `syz.6.681'.
[  177.274616][ T6616] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  177.330173][ T6616] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  178.150939][ T6652] capability: warning: `syz.5.692' uses 32-bit capabilities (legacy support in use)
[  178.489146][ T4250] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  178.603318][ T6633] loop6: detected capacity change from 0 to 40427
[  178.684625][ T4250] usb 2-1: Using ep0 maxpacket: 16
[  178.692789][ T4250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.721506][ T4250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  178.744179][ T4250] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  178.761542][ T6633] F2FS-fs (loop6): Found nat_bits in checkpoint
[  178.784357][ T4250] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.828164][ T4250] usb 2-1: config 0 descriptor??
[  178.944442][ T6633] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  179.256920][ T4250] lua 0003:1E7D:2C2E.0007: unknown main item tag 0x0
[  179.264859][ T5753] syz-executor: attempt to access beyond end of device
[  179.264859][ T5753] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  179.279231][ T4250] lua 0003:1E7D:2C2E.0007: unknown main item tag 0x0
[  179.304463][ T4250] lua 0003:1E7D:2C2E.0007: unknown main item tag 0x0
[  179.311241][ T4250] lua 0003:1E7D:2C2E.0007: unknown main item tag 0x0
[  179.360080][ T4250] lua 0003:1E7D:2C2E.0007: unknown main item tag 0x0
[  179.399735][ T4250] lua 0003:1E7D:2C2E.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2c2e] on usb-dummy_hcd.1-1/input0
[  179.484837][ T4250] usb 2-1: USB disconnect, device number 6
[  179.700155][ T6697] loop0: detected capacity change from 0 to 128
[  179.841989][ T6697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  179.928301][ T6697] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.030091][ T6697] fscrypt (loop0, inode 12): Mutually exclusive encryption flags (0x1b)
[  180.192473][ T4248] EXT4-fs (loop0): unmounting filesystem.
[  180.861702][ T6727] loop1: detected capacity change from 0 to 256
[  181.499665][ T6745] loop5: detected capacity change from 0 to 128
[  181.533029][ T6745] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  181.594641][ T6745] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  181.663092][ T6716] loop0: detected capacity change from 0 to 40427
[  181.755924][ T6716] F2FS-fs (loop0): Found nat_bits in checkpoint
[  181.803526][   T56] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  181.937701][ T6716] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  182.070115][ T4248] syz-executor: attempt to access beyond end of device
[  182.070115][ T4248] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  182.402971][ T6733] loop6: detected capacity change from 0 to 32768
[  182.512556][ T6733] XFS (loop6): Mounting V5 Filesystem
[  182.572007][ T6780] loop5: detected capacity change from 0 to 256
[  182.652687][ T6733] XFS (loop6): Ending clean mount
[  182.693155][ T6780] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  182.710305][ T6733] XFS (loop6): Quotacheck needed: Please wait.
[  182.850195][ T6733] XFS (loop6): Quotacheck: Done.
[  183.162797][ T5753] XFS (loop6): Unmounting Filesystem
[  183.371379][ T6775] loop4: detected capacity change from 0 to 32768
[  183.404934][ T6775] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop4 scanned by syz.4.724 (6775)
[  183.494790][ T6775] BTRFS info (device loop4): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  183.542366][ T6775] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  183.595142][ T6775] BTRFS info (device loop4): using free space tree
[  183.858945][ T6782] loop1: detected capacity change from 0 to 32768
[  183.887572][ T6782] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.725 (6782)
[  183.940742][ T6782] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  184.036748][ T6775] BTRFS info (device loop4): enabling ssd optimizations
[  184.063247][ T6782] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  184.134166][ T6782] BTRFS info (device loop1): using free space tree
[  184.282561][ T6834] loop6: detected capacity change from 0 to 64
[  184.515012][ T6782] BTRFS info (device loop1): enabling ssd optimizations
[  184.845270][ T6794] loop0: detected capacity change from 0 to 32768
[  184.897963][ T4260] BTRFS info (device loop4): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  185.109477][ T6863] ERROR: (device loop0): diAllocBit: iag inconsistent
[  185.109477][ T6863] 
[  185.293749][ T6863] ialloc: diAlloc returned -5!
[  185.500801][   T56] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  185.648366][ T4256] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  186.084014][ T6881] netlink: 'syz.6.740': attribute type 39 has an invalid length.
[  186.218641][ T6886] loop5: detected capacity change from 0 to 256
[  186.292482][ T6886] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[  186.510841][   T26] kauditd_printk_skb: 6 callbacks suppressed
[  186.510859][   T26] audit: type=1800 audit(1740149845.782:37): pid=6886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.741" name="file1" dev="loop5" ino=1048624 res=0 errno=0
[  187.129875][ T6907] loop0: detected capacity change from 0 to 2048
[  187.172439][ T6904] loop6: detected capacity change from 0 to 4096
[  187.219863][ T6907] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[  187.253708][ T6907] UDF-fs: Scanning with blocksize 512 failed
[  187.291899][ T6907] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  187.450688][ T6888] loop4: detected capacity change from 0 to 32768
[  187.794948][ T6926] loop6: detected capacity change from 0 to 64
[  188.515152][ T6913] loop1: detected capacity change from 0 to 32768
[  188.691835][ T6913] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  188.865966][ T6957] netlink: 40 bytes leftover after parsing attributes in process `syz.4.759'.
[  189.006270][ T4256] (syz-executor,4256,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
[  189.079197][ T4256] ocfs2: Unmounting device (7,1) on (node local)
[  189.085003][ T6960] delete_channel: no stack
[  189.164186][ T6959] delete_channel: no stack
[  189.167806][ T6964] loop4: detected capacity change from 0 to 64
[  189.414721][ T4709] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  189.604604][ T4709] usb 1-1: Using ep0 maxpacket: 8
[  189.612475][ T4709] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  189.645450][ T4709] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  189.684883][ T4709] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  189.702940][ T4709] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  189.737237][ T4709] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  189.760725][ T4709] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  189.789115][ T4709] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.026842][ T4709] usb 1-1: GET_CAPABILITIES returned 0
[  190.032399][ T4709] usbtmc 1-1:16.0: can't read capabilities
[  190.276876][ T4806] usb 1-1: USB disconnect, device number 5
[  190.633328][ T6979] loop5: detected capacity change from 0 to 32768
[  190.696393][ T6981] loop1: detected capacity change from 0 to 32768
[  190.716823][ T6979] XFS (loop5): Mounting V5 Filesystem
[  190.883900][ T6979] XFS (loop5): Ending clean mount
[  191.042741][ T4702] XFS (loop5): Unmounting Filesystem
[  191.718875][ T7027] loop4: detected capacity change from 0 to 128
[  191.777644][ T7027] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  191.856261][ T7031] loop0: detected capacity change from 0 to 128
[  191.908960][ T7027] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  192.058550][ T4248] sysv_free_block: flc_count > flc_size
[  192.097403][ T4248] sysv_free_block: flc_count > flc_size
[  192.114203][ T4248] sysv_free_block: flc_count > flc_size
[  192.132869][ T4248] sysv_free_block: flc_count > flc_size
[  192.144129][ T4248] sysv_free_block: flc_count > flc_size
[  192.157666][   T11] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  192.177501][ T4248] sysv_free_block: flc_count > flc_size
[  192.186992][ T4248] sysv_free_block: flc_count > flc_size
[  192.202075][ T4248] sysv_free_block: flc_count > flc_size
[  192.222200][ T4248] sysv_free_block: flc_count > flc_size
[  192.248911][ T4248] sysv_free_block: flc_count > flc_size
[  192.294416][ T4248] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  192.322681][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.793'.
[  192.421737][ T7044] use of bytesused == 0 is deprecated and will be removed in the future,
[  192.459125][ T7044] use the actual size instead.
[  192.613653][ T7049] netlink: 28 bytes leftover after parsing attributes in process `syz.6.795'.
[  192.643047][ T7049] netlink: 28 bytes leftover after parsing attributes in process `syz.6.795'.
[  192.777541][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.4.799'.
[  192.782703][ T7057] loop0: detected capacity change from 0 to 1024
[  192.855772][ T7057] EXT4-fs: Ignoring removed nobh option
[  192.861480][ T7057] EXT4-fs: Ignoring removed bh option
[  192.906467][ T7057] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  193.009372][ T7057] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  193.143715][ T7057] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz.0.798: Allocating blocks 497-513 which overlap fs metadata
[  193.164139][ T7057] EXT4-fs (loop0): pa ffff888074b21700: logic 256, phys. 385, len 8
[  193.172928][ T7057] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[  193.296078][ T7075] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  193.485409][ T4248] EXT4-fs (loop0): unmounting filesystem.
[  193.629048][ T7091] loop1: detected capacity change from 0 to 16
[  193.643665][ T7091] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  194.160324][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  194.167350][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  194.226255][ T7111] Falling back ldisc for ttyS3.
[  194.605387][ T7124] sctp: [Deprecated]: syz.1.825 (pid 7124) Use of int in max_burst socket option.
[  194.605387][ T7124] Use struct sctp_assoc_value instead
[  194.850862][ T7133] loop6: detected capacity change from 0 to 64
[  194.859804][ T7134] loop5: detected capacity change from 0 to 128
[  195.467312][ T7152] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  196.465842][ T7180] netlink: 'syz.0.852': attribute type 4 has an invalid length.
[  196.494437][ T7180] netlink: 152 bytes leftover after parsing attributes in process `syz.0.852'.
[  196.546814][ T7180] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  196.902617][ T7160] loop4: detected capacity change from 0 to 40427
[  196.928241][ T7160] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  196.954805][ T7160] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  196.985113][ T7160] F2FS-fs (loop4): invalid crc value
[  197.023322][ T7165] loop1: detected capacity change from 0 to 32768
[  197.035889][ T7160] F2FS-fs (loop4): Found nat_bits in checkpoint
[  197.045898][ T7165] gfs2: fsid=__Š°"_½z'²˱1Ä	¢ “I¡3ØÆÆåwÕøx9: Trying to join cluster "lock_nolock", "__Š°"_½z'²˱1Ä	¢ “I¡3ØÆÆåwÕøx9"
[  197.119102][ T7165] gfs2: fsid=__Š°"_½z'²˱1Ä	¢ “I¡3ØÆÆåwÕøx9: Now mounting FS (format 1801)...
[  197.194085][ T7165] gfs2: fsid=__Š°"_½z'²˱1Ä	¢ “I¡3ØÆÆåwÕøx9.s: journal 0 mapped with 16 extents in 0ms
[  197.251761][ T7160] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  197.269423][ T7160] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  197.372765][ T7201] netlink: 32 bytes leftover after parsing attributes in process `syz.0.859'.
[  197.455759][ T7165] gfs2: fsid=__Š°"_½z'²˱1Ä	¢ “I¡3ØÆÆåwÕøx9.s: first mount done, others may mount
[  197.644662][   T56] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  197.695151][   T56] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  198.254448][ T5908] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  198.464367][ T5908] usb 6-1: Using ep0 maxpacket: 32
[  198.471638][ T5908] usb 6-1: config 0 has no interfaces?
[  198.503148][ T5908] usb 6-1: New USB device found, idVendor=ff7a, idProduct=007f, bcdDevice=a6.00
[  198.528378][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.563502][ T5908] usb 6-1: Product: syz
[  198.577293][ T5908] usb 6-1: Manufacturer: syz
[  198.581949][ T5908] usb 6-1: SerialNumber: syz
[  198.619187][ T5908] usb 6-1: config 0 descriptor??
[  198.839576][ T5908] usb 6-1: USB disconnect, device number 6
[  198.851499][ T7217] loop0: detected capacity change from 0 to 32768
[  198.883322][ T7217] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.869 (7217)
[  198.944672][ T7217] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  198.979081][ T7217] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  199.000420][ T7217] BTRFS info (device loop0): use no compression
[  199.014873][ T7217] BTRFS info (device loop0): force zlib compression, level 3
[  199.036489][ T7217] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8)
[  199.056273][ T7217] BTRFS info (device loop0): use lzo compression, level 0
[  199.072382][ T7217] BTRFS info (device loop0): turning on flush-on-commit
[  199.094460][ T7217] BTRFS info (device loop0): enabling auto defrag
[  199.125081][ T7217] BTRFS info (device loop0): using free space tree
[  199.183684][ T7226] loop4: detected capacity change from 0 to 32768
[  199.406725][ T7217] BTRFS info (device loop0): enabling ssd optimizations
[  199.588511][ T4248] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  200.339414][ T7271] loop0: detected capacity change from 0 to 128
[  200.635881][ T7278] device veth0_to_batadv entered promiscuous mode
[  200.643347][ T7277] device veth0_to_batadv left promiscuous mode
[  200.883208][ T7284] loop5: detected capacity change from 0 to 128
[  200.976154][ T7284] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  201.031256][ T7284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  201.232558][ T7292] loop4: detected capacity change from 0 to 128
[  201.266920][ T7292] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  201.354421][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  201.354646][ T4257] Bluetooth: hci0: command 0x0406 tx timeout
[  201.360503][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  201.625876][ T7303] xt_CT: You must specify a L4 protocol and not use inversions on it
[  201.668612][ T5908] kernel write not supported for file /amidi2 (pid: 5908 comm: kworker/0:19)
[  201.897719][ T7315] loop0: detected capacity change from 0 to 16
[  201.907726][ T7315] erofs: (device loop0): mounted with root inode @ nid 36.
[  201.936256][ T4257] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  201.955866][ T7315] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  201.968006][   T26] audit: type=1800 audit(1740149861.242:38): pid=7315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.906" name="file3" dev="loop0" ino=89 res=0 errno=0
[  201.989002][ T7313] netlink: 112 bytes leftover after parsing attributes in process `syz.4.904'.
[  202.011328][ T7318] loop1: detected capacity change from 0 to 256
[  202.053765][ T7318] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  202.925201][ T7349] Bluetooth: MGMT ver 1.22
[  202.930383][ T7349] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[  203.314479][ T4806] hid-generic 0005:0B57:0200.0008: item fetching failed at offset 0/1
[  203.327208][ T7337] loop1: detected capacity change from 0 to 32768
[  203.334907][ T7337] XFS: ikeep mount option is deprecated.
[  203.348820][ T4806] hid-generic: probe of 0005:0B57:0200.0008 failed with error -22
[  203.422946][ T7337] XFS (loop1): Mounting V5 Filesystem
[  203.474802][ T7369] loop6: detected capacity change from 0 to 256
[  203.532344][ T7374] loop0: detected capacity change from 0 to 128
[  203.545698][ T7374] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  203.554568][ T7369] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  203.597403][ T7337] XFS (loop1): Ending clean mount
[  203.598146][ T7376] loop4: detected capacity change from 0 to 4096
[  203.606050][ T7337] XFS (loop1): Quotacheck needed: Please wait.
[  203.706057][ T7374] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  203.719890][ T7369] Process accounting resumed
[  203.737616][ T7381] Process accounting resumed
[  203.747254][ T7374] ext2 filesystem being mounted at /184/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  203.756433][ T7337] XFS (loop1): Quotacheck: Done.
[  203.764190][ T7381] FAT-fs (loop6): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  203.824986][ T7382] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  203.834489][ T7381] FAT-fs (loop6): Filesystem has been set read-only
[  203.877206][ T7369] FAT-fs (loop6): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  203.971701][ T7376] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 648518346341351424
[  204.035663][ T7376] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=12)
[  204.082404][ T4248] EXT4-fs (loop0): unmounting filesystem.
[  204.132801][ T7376] Remounting filesystem read-only
[  204.149068][ T7376] NILFS (loop4): error -5 truncating bmap (ino=12)
[  204.172902][ T4256] XFS (loop1): Unmounting Filesystem
[  204.321431][ T7389] loop0: detected capacity change from 0 to 736
[  204.331063][ T4260] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer
[  204.907819][ T7399] loop5: detected capacity change from 0 to 2048
[  204.916772][ T5908] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  205.008722][ T7399] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  205.119517][ T7399] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  205.144918][ T5908] usb 5-1: Using ep0 maxpacket: 8
[  205.154057][ T5908] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  205.173850][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.196339][ T5908] usb 5-1: Product: syz
[  205.200593][ T5908] usb 5-1: Manufacturer: syz
[  205.207822][ T7399] EXT4-fs (loop5): Remounting filesystem read-only
[  205.230076][ T5908] usb 5-1: SerialNumber: syz
[  205.253689][ T5908] usb 5-1: config 0 descriptor??
[  205.273577][ T5908] gspca_main: se401-2.14.0 probing 047d:5003
[  205.383354][ T4702] EXT4-fs (loop5): unmounting filesystem.
[  205.682235][ T5908] gspca_se401: ExtraFeatures: 47
[  205.698341][ T5908] gspca_se401: Too many frame sizes
[  205.819940][ T7397] loop0: detected capacity change from 0 to 32768
[  205.855135][ T7397] XFS: ikeep mount option is deprecated.
[  205.877798][ T7397] XFS: noikeep mount option is deprecated.
[  205.903568][ T4297] usb 5-1: USB disconnect, device number 5
[  206.019064][ T7397] XFS (loop0): Mounting V5 Filesystem
[  206.177455][ T7397] XFS (loop0): Ending clean mount
[  206.211336][ T7397] XFS (loop0): Quotacheck needed: Please wait.
[  206.324125][ T7397] XFS (loop0): Quotacheck: Done.
[  206.457941][ T7410] loop1: detected capacity change from 0 to 32768
[  206.633944][ T4248] XFS (loop0): Unmounting Filesystem
[  206.961692][ T7412] loop5: detected capacity change from 0 to 40427
[  207.033121][ T7412] F2FS-fs (loop5): invalid crc value
[  207.106807][ T7412] F2FS-fs (loop5): Found nat_bits in checkpoint
[  207.347433][ T7412] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  207.559880][ T7442] MPI: mpi too large (16392 bits)
[  207.634123][ T4702] syz-executor: attempt to access beyond end of device
[  207.634123][ T4702] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  207.919463][ T7422] loop6: detected capacity change from 0 to 40427
[  207.949383][ T7422] F2FS-fs (loop6): build fault injection attr: rate: 691, type: 0x3ffff
[  207.972954][ T7422] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x4
[  208.036041][ T7422] F2FS-fs (loop6): invalid crc value
[  208.071007][ T7422] F2FS-fs (loop6): Found nat_bits in checkpoint
[  208.284054][ T7422] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  208.423936][ T7422] syz.6.947: attempt to access beyond end of device
[  208.423936][ T7422] loop6: rw=2049, sector=53248, nr_sectors = 256 limit=40427
[  208.484892][ T4806] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  208.700121][ T4806] usb 2-1: Using ep0 maxpacket: 16
[  208.708668][ T4806] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.751663][ T4806] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.795941][ T4806] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  208.830771][ T4806] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.863534][ T4806] usb 2-1: config 0 descriptor??
[  209.060731][ T7477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.969'.
[  209.253436][ T7480] netlink: 132 bytes leftover after parsing attributes in process `syz.0.971'.
[  209.290422][ T7462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.336418][ T7462] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.370586][ T4806] hid (null): bogus close delimiter
[  209.377495][ T7470] loop5: detected capacity change from 0 to 32768
[  209.430756][ T7470] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.956 (7470)
[  209.462814][ T7470] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  209.523627][ T7470] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  209.535250][ T7470] BTRFS info (device loop5): using free space tree
[  209.596765][ T4806] usb 2-1: string descriptor 0 read error: -71
[  209.644790][ T4806] usb 2-1: Max retries (5) exceeded reading string descriptor 200
[  209.679896][ T4806] letsketch: probe of 0003:6161:4D15.0009 failed with error -32
[  209.756175][ T4806] usb 2-1: USB disconnect, device number 7
[  209.943928][ T7470] BTRFS info (device loop5): enabling ssd optimizations
[  210.380362][   T46] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared)
[  210.467562][ T4702] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  211.311438][ T7515] loop6: detected capacity change from 0 to 32768
[  211.320249][ T7515] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by syz.6.978 (7515)
[  211.353519][ T7515] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  211.376938][ T7515] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  211.385808][ T4292] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  211.386407][ T7515] BTRFS info (device loop6): force clearing of disk cache
[  211.418438][ T4714] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  211.421505][ T7515] BTRFS info (device loop6): force zlib compression, level 3
[  211.454129][ T7515] BTRFS info (device loop6): enabling auto defrag
[  211.462158][ T7515] BTRFS info (device loop6): max_inline at 0
[  211.468646][ T7515] BTRFS info (device loop6): enabling disk space caching
[  211.476657][ T7515] BTRFS info (device loop6): disk space caching is enabled
[  211.574557][ T4292] usb 6-1: Using ep0 maxpacket: 32
[  211.586862][ T4292] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  211.604411][ T4714] usb 1-1: Using ep0 maxpacket: 16
[  211.612066][ T4714] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  211.631516][ T4292] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.640705][ T4714] usb 1-1: config 0 has no interface number 0
[  211.651379][ T4714] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  211.670514][ T4292] usb 6-1: config 0 descriptor??
[  211.683255][ T4292] gspca_main: sunplus-2.14.0 probing 041e:400b
[  211.693136][ T4714] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  211.718152][ T7515] BTRFS info (device loop6): enabling ssd optimizations
[  211.719387][ T4714] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.735258][ T4806] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  211.748607][ T7515] BTRFS info (device loop6): rebuilding free space tree
[  211.753796][ T4714] usb 1-1: Product: syz
[  211.780772][ T7515] BTRFS info (device loop6): disabling free space tree
[  211.794528][ T4714] usb 1-1: Manufacturer: syz
[  211.803487][ T4714] usb 1-1: SerialNumber: syz
[  211.822729][ T7515] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  211.845405][ T4714] usb 1-1: config 0 descriptor??
[  211.863453][ T7515] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  211.936165][ T4806] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  211.952841][ T4806] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  211.973656][ T4806] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  212.000223][ T4806] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.036212][ T4806] usb 2-1: SerialNumber: syz
[  212.208553][    T9] BTRFS info (device loop6): qgroup scan completed (inconsistency flag cleared)
[  212.277911][ T4806] usb 2-1: 0:2 : does not exist
[  212.327819][ T4806] usb 2-1: USB disconnect, device number 8
[  212.409872][ T5753] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  212.465300][ T4714] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.214/input/input12
[  212.512017][ T4292] gspca_sunplus: reg_r err -71
[  212.528672][ T4292] sunplus: probe of 6-1:0.0 failed with error -71
[  212.594050][ T4292] usb 6-1: USB disconnect, device number 7
[  212.608294][ T7569] udevd[7569]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  212.705946][ T4295] usb 1-1: USB disconnect, device number 6
[  213.474259][ T7594] netlink: 'syz.0.1004': attribute type 4 has an invalid length.
[  213.979529][ T7603] loop6: detected capacity change from 0 to 4096
[  214.007482][ T7603] ntfs3: loop6: Different NTFS' sector size (1024) and media sector size (512)
[  214.096965][ T7603] ntfs3: loop6: ino=0, attr_set_size
[  214.193484][ T7603] ntfs3: loop6: ino=0, attr_set_size
[  214.214436][ T4294] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  214.408471][ T4294] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  214.434340][ T4294] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.444763][ T4294] usb 2-1: Product: syz
[  214.448976][ T4294] usb 2-1: Manufacturer: syz
[  214.456415][ T7613] loop5: detected capacity change from 0 to 1024
[  214.485777][ T4294] usb 2-1: SerialNumber: syz
[  214.499299][ T4294] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  214.536953][ T7613] hfsplus: request for non-existent node 3 in B*Tree
[  214.601174][ T4294] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  214.610411][ T7613] hfsplus: request for non-existent node 3 in B*Tree
[  214.682583][   T26] audit: type=1800 audit(1740149873.952:39): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1013" name="bus" dev="loop5" ino=2 res=0 errno=0
[  214.717057][ T7613] hfsplus: bad catalog folder thread
[  214.734014][ T7617] loop4: detected capacity change from 0 to 512
[  214.763136][ T7617] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  214.788838][ T7601] loop0: detected capacity change from 0 to 40427
[  214.810611][ T7617] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  214.832869][ T7601] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3ffff
[  214.855065][ T4806] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  214.911727][ T7617] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2186: inode #15: comm syz.4.1015: corrupted in-inode xattr
[  214.925383][ T7601] F2FS-fs (loop0): invalid crc value
[  214.940762][ T7601] F2FS-fs (loop0): Found nat_bits in checkpoint
[  214.967905][ T7617] EXT4-fs (loop4): Remounting filesystem read-only
[  214.984757][ T7617] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  215.013482][ T7617] EXT4-fs (loop4): 1 truncate cleaned up
[  215.024831][ T7617] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  215.039157][ T7601] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  215.067980][ T4806] usb 7-1: config index 0 descriptor too short (expected 539, got 27)
[  215.081914][   T26] audit: type=1800 audit(1740149874.352:40): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1015" name="bus" dev="loop4" ino=18 res=0 errno=0
[  215.087447][ T4806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4
[  215.184713][ T4806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023
[  215.220319][ T4806] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  215.240858][ T4806] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.250003][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  215.260296][ T4806] usb 7-1: Product: syz
[  215.271522][ T4806] usb 7-1: Manufacturer: syz
[  215.282561][ T4806] usb 7-1: SerialNumber: syz
[  215.316371][ T4709] usb 2-1: USB disconnect, device number 9
[  215.339251][ T4806] usb 7-1: config 0 descriptor??
[  215.349170][ T4806] hub 7-1:0.0: bad descriptor, ignoring hub
[  215.375371][ T4806] hub: probe of 7-1:0.0 failed with error -5
[  215.400566][ T4806] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input13
[  215.429823][ T4806] usbtouchscreen 7-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -22
[  215.493181][ T4806] usbtouchscreen: probe of 7-1:0.0 failed with error -22
[  215.527119][ T7627] device syz_tun entered promiscuous mode
[  215.554360][ T7627] device syz_tun left promiscuous mode
[  215.763643][ T4806] usb 7-1: USB disconnect, device number 2
[  215.915601][ T4294] usb 2-1: Service connection timeout for: 256
[  215.934997][ T4294] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  215.961740][ T4294] ath9k_htc: Failed to initialize the device
[  215.981635][ T4709] usb 2-1: ath9k_htc: USB layer deinitialized
[  216.435579][ T7629] loop5: detected capacity change from 0 to 32768
[  216.453546][ T7629] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.1019 (7629)
[  216.484681][ T7650] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1027'.
[  216.495874][ T7629] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  216.514752][ T7650] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1027'.
[  216.541191][ T7629] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  216.566095][ T7647] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1027'.
[  216.584508][ T7629] BTRFS info (device loop5): using free space tree
[  216.602407][ T7652] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1027'.
[  217.004484][ T7629] BTRFS info (device loop5): enabling ssd optimizations
[  217.234536][ T4294] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  217.256010][ T4702] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  217.462703][ T4294] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.481189][ T4294] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.513191][ T4294] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  217.542828][ T4294] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  217.582755][ T4294] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.621126][ T4294] usb 1-1: config 0 descriptor??
[  217.913850][ T7697] loop5: detected capacity change from 0 to 256
[  218.070584][ T4294] plantronics 0003:047F:FFFF.000A: unbalanced collection at end of report description
[  218.115369][ T4294] plantronics 0003:047F:FFFF.000A: parse failed
[  218.121705][ T4294] plantronics: probe of 0003:047F:FFFF.000A failed with error -22
[  218.282296][ T4294] usb 1-1: USB disconnect, device number 7
[  218.437939][ T7714] loop1: detected capacity change from 0 to 256
[  218.451572][ T7714] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  218.552585][ T7717] loop6: detected capacity change from 0 to 1024
[  218.643800][   T26] audit: type=1800 audit(1740149877.912:41): pid=7717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1050" name="file1" dev="loop6" ino=20 res=0 errno=0
[  219.290259][ T7733] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1058'.
[  219.819049][ T7747] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  219.949225][ T7730] loop1: detected capacity change from 0 to 32768
[  220.080463][ T7730] XFS (loop1): Mounting V5 Filesystem
[  220.271677][ T7730] XFS (loop1): Ending clean mount
[  220.427283][ T7769] tipc: Started in network mode
[  220.455107][ T7769] tipc: Node identity ac1414aa, cluster identity 4711
[  220.475362][ T7769] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  220.518949][ T4256] XFS (loop1): Unmounting Filesystem
[  221.193002][ T7787] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1074'.
[  221.625779][ T7797] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  221.665482][ T7797] CIFS mount error: No usable UNC path provided in device string!
[  221.665482][ T7797] 
[  221.695922][ T7777] loop5: detected capacity change from 0 to 40427
[  221.752606][ T7797] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  221.777764][ T7777] F2FS-fs (loop5): Invalid SB checksum offset: 0
[  221.801254][ T7777] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  221.875933][ T7777] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  222.098715][ T7777] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  222.116629][ T7777] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  222.125751][ T7795] loop6: detected capacity change from 0 to 32768
[  222.165764][ T7795] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.1082 (7795)
[  222.238274][ T7795] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  222.239992][ T7777] syz.5.1073: attempt to access beyond end of device
[  222.239992][ T7777] loop5: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  222.252515][ T7795] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  222.283616][ T7795] BTRFS info (device loop6): max_inline at 0
[  222.290794][ T7795] BTRFS info (device loop6): enabling disk space caching
[  222.298638][ T7795] BTRFS info (device loop6): turning off barriers
[  222.305599][ T7795] BTRFS info (device loop6): turning on flush-on-commit
[  222.312723][ T7795] BTRFS info (device loop6): doing ref verification
[  222.320497][    T7] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  222.326623][ T7792] loop1: detected capacity change from 0 to 32768
[  222.333272][ T7795] BTRFS info (device loop6): force clearing of disk cache
[  222.353003][ T7795] BTRFS info (device loop6): enabling ssd optimizations
[  222.360520][ T7795] BTRFS info (device loop6): max_inline at 4096
[  222.376695][ T7795] BTRFS info (device loop6): disk space caching is enabled
[  222.387952][ T7792] 
[  222.387952][ T7792]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  222.387952][ T7792] 
[  222.436894][ T7792] read_mapping_page failed!
[  222.448807][ T7792] ERROR: (device loop1): txCommit: 
[  222.448807][ T7792] 
[  222.459800][ T4702] syz-executor: attempt to access beyond end of device
[  222.459800][ T4702] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  222.476941][ T7792] ERROR: (device loop1): remounting filesystem as read-only
[  222.514425][    T7] usb 5-1: Using ep0 maxpacket: 8
[  222.523975][    T7] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  222.543843][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.563903][    T7] usb 5-1: Product: syz
[  222.568798][    T7] usb 5-1: Manufacturer: syz
[  222.573442][    T7] usb 5-1: SerialNumber: syz
[  222.609790][ T7795] BTRFS info (device loop6): rebuilding free space tree
[  222.655971][ T7795] BTRFS info (device loop6): disabling free space tree
[  222.669137][    T7] usb 5-1: config 0 descriptor??
[  222.685072][ T7795] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  222.726146][ T7795] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  222.743919][    T7] gspca_main: se401-2.14.0 probing 047d:5003
[  223.142908][ T7833] loop0: detected capacity change from 0 to 24
[  223.185145][ T7833] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  223.202557][ T5753] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  223.222204][ T3622] udevd[3622]: worker [7569] terminated by signal 33 (Unknown signal 33)
[  223.238938][ T7833] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  223.247747][ T3622] udevd[3622]: worker [7569] failed while handling '/devices/virtual/block/loop6'
[  223.293440][    T7] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input14
[  223.389461][ T7837] loop5: detected capacity change from 0 to 8
[  223.404633][ T7835] loop1: detected capacity change from 0 to 1024
[  223.459686][ T7837] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  223.478785][ T7835] hfsplus: request for non-existent node 3 in B*Tree
[  223.507849][ T7835] hfsplus: request for non-existent node 3 in B*Tree
[  223.725330][ T7837] cramfs: bad data blocksize 503316507
[  223.732997][ T5800] usb 5-1: USB disconnect, device number 6
[  223.738311][ T7837] cramfs: bad data blocksize 503316507
[  223.798343][   T26] audit: type=1800 audit(1740149883.072:42): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1091" name="file0" dev="overlay" ino=244 res=0 errno=0
[  224.617230][ T7860] loop4: detected capacity change from 0 to 2048
[  224.701339][ T7869] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1103'.
[  224.714651][ T7860] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  224.723271][ T7860] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.813824][   T26] audit: type=1800 audit(1740149884.082:43): pid=7860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1101" name="file0" dev="loop4" ino=13 res=0 errno=0
[  224.816297][ T7860] fs-verity: sha512 using implementation "sha512-avx2"
[  225.057978][ T7848] loop6: detected capacity change from 0 to 32768
[  225.190662][ T7848] XFS (loop6): Mounting V5 Filesystem
[  225.445632][ T7848] XFS (loop6): Ending clean mount
[  225.458685][ T7848] XFS (loop6): Quotacheck needed: Please wait.
[  225.505366][ T7887] loop5: detected capacity change from 0 to 16
[  225.521702][ T7848] XFS (loop6): Quotacheck: Done.
[  225.527681][ T7887] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  225.656187][ T7860] fs-verity (loop4, inode 13): Error -4 building Merkle tree
[  225.723817][ T5753] XFS (loop6): Unmounting Filesystem
[  225.991463][ T7874] loop0: detected capacity change from 0 to 32768
[  226.023537][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  226.155360][ T7874] XFS (loop0): Mounting V5 Filesystem
[  226.350569][ T7874] XFS (loop0): Ending clean mount
[  226.508660][ T4248] XFS (loop0): Unmounting Filesystem
[  227.034483][ T4712] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  227.081798][ T7927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1125'.
[  227.236427][ T4712] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  227.253207][ T4712] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.285157][ T4712] usb 6-1: config 0 descriptor??
[  227.498766][ T4712] [drm] vendor descriptor length:25 data:25 5f 00 00 00 00 00 00 00 00 00
[  227.517051][ T4712] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  227.530756][ T7940] device dummy0 entered promiscuous mode
[  227.557440][ T7940] device dummy0 left promiscuous mode
[  227.745848][ T4712] [drm] Initialized udl 0.0.1 20120220 for 6-1:0.0 on minor 2
[  227.771137][ T4712] [drm] Initialized udl on minor 2
[  228.012098][ T7922] loop6: detected capacity change from 0 to 40427
[  228.090471][ T7922] F2FS-fs (loop6): Found nat_bits in checkpoint
[  228.109034][ T4712] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9
[  228.136861][ T4712] udl 6-1:0.0: [drm] Cannot find any crtc or sizes
[  228.194642][ T4712] usb 6-1: USB disconnect, device number 8
[  228.270413][ T7953] loop0: detected capacity change from 0 to 512
[  228.284674][ T7922] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  228.291956][ T7932] loop1: detected capacity change from 0 to 32768
[  228.339227][ T7953] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  228.354615][ T7953] ext4 filesystem being mounted at /225/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.434156][ T7953] EXT4-fs error (device loop0): ext4_do_update_inode:5224: inode #2: comm syz.0.1134: corrupted inode contents
[  228.450428][ T7932] XFS (loop1): Mounting V5 Filesystem
[  228.542936][ T7932] XFS (loop1): Ending clean mount
[  228.564579][ T7953] EXT4-fs error (device loop0): ext4_dirty_inode:6089: inode #2: comm syz.0.1134: mark_inode_dirty error
[  228.588861][ T7953] EXT4-fs error (device loop0): ext4_do_update_inode:5224: inode #2: comm syz.0.1134: corrupted inode contents
[  228.626317][ T5753] syz-executor: attempt to access beyond end of device
[  228.626317][ T5753] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  228.645487][ T7953] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.1134: mark_inode_dirty error
[  228.771674][ T4248] EXT4-fs (loop0): unmounting filesystem.
[  228.779713][ T7932] syz.1.1127 (7932) used greatest stack depth: 19240 bytes left
[  228.827904][ T4256] XFS (loop1): Unmounting Filesystem
[  229.225650][ T4708] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  229.414565][ T4708] usb 6-1: Using ep0 maxpacket: 32
[  229.421597][ T4708] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  229.472209][ T4708] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  229.512426][ T4708] usb 6-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  229.544398][ T4708] usb 6-1: config 0 interface 0 has no altsetting 0
[  229.566227][ T4708] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  229.594375][ T4708] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.627654][ T4708] usb 6-1: config 0 descriptor??
[  230.011149][ T7996] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1148'.
[  230.105932][ T7977] loop4: detected capacity change from 0 to 32768
[  230.401977][ T4708] corsair-cpro 0003:1B1C:0C10.000B: hidraw0: USB HID v0.00 Device [HID 1b1c:0c10] on usb-dummy_hcd.5-1/input0
[  230.831536][ T4708] corsair-cpro: probe of 0003:1B1C:0C10.000B failed with error -110
[  230.884653][ T4708] usb 6-1: USB disconnect, device number 9
[  231.448573][ T8032] capability: warning: `syz.1.1165' uses deprecated v2 capabilities in a way that may be insecure
[  231.794847][ T8045] loop0: detected capacity change from 0 to 256
[  231.840521][ T8047] loop4: detected capacity change from 0 to 1024
[  231.861602][ T8047] EXT4-fs: Ignoring removed nobh option
[  231.874843][ T8045] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  231.886659][ T8047] EXT4-fs: Ignoring removed bh option
[  231.909255][ T8047] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  231.954030][ T8047] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  232.033813][   T26] audit: type=1804 audit(1740149891.302:44): pid=8045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1180" name="/newroot/232/file0/bus" dev="loop0" ino=1048632 res=1 errno=0
[  232.276507][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  232.942716][ T8075] netlink: 'syz.1.1182': attribute type 11 has an invalid length.
[  233.162652][ T8078] loop6: detected capacity change from 0 to 8192
[  233.227450][ T8078] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  233.324434][ T8078] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal
[  233.346003][ T8084] Dead loop on virtual device ip6_vti0, fix it urgently!
[  233.365167][ T8078] REISERFS (device loop6): using ordered data mode
[  233.371763][ T8078] reiserfs: using flush barriers
[  233.400605][ T8078] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  233.420036][ T8078] REISERFS (device loop6): checking transaction log (loop6)
[  233.653781][ T8078] REISERFS (device loop6): Using tea hash to sort names
[  233.682496][ T8078] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  233.901527][ T8078] overlayfs: upper fs needs to support d_type.
[  233.930774][ T8078] overlayfs: upper fs does not support tmpfile.
[  233.955763][ T8078] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  234.262083][ T8079] loop4: detected capacity change from 0 to 40427
[  234.287426][ T8079] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  234.326912][ T8079] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  234.369770][ T8102] loop0: detected capacity change from 0 to 128
[  234.393260][ T8079] F2FS-fs (loop4): invalid crc value
[  234.422484][ T8102] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  234.455758][ T8079] F2FS-fs (loop4): Found nat_bits in checkpoint
[  234.627490][ T8079] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  234.664390][ T8079] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  234.689028][ T8103] sctp: [Deprecated]: syz.5.1194 (pid 8103) Use of int in max_burst socket option.
[  234.689028][ T8103] Use struct sctp_assoc_value instead
[  234.924601][   T56] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.157957][   T56] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.280853][   T56] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.406594][   T56] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.440325][ T8118] loop5: detected capacity change from 0 to 256
[  235.967904][   T56] tipc: Left network mode
[  236.076892][ T8134] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1208'.
[  236.144514][ T4712] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  236.330651][ T8140] loop1: detected capacity change from 0 to 256
[  236.364602][ T4712] usb 6-1: Using ep0 maxpacket: 8
[  236.377444][ T4712] usb 6-1: config 0 has no interfaces?
[  236.388114][ T8140] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x30074a1d, utbl_chksum : 0xe619d30d)
[  236.419557][ T4712] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  236.450701][ T4712] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.500704][ T4712] usb 6-1: config 0 descriptor??
[  236.530784][   T48] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  236.544249][   T48] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  236.559678][   T48] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  236.569854][   T48] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  236.580277][   T48] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  236.587916][   T48] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  237.331329][ T5800] usb 6-1: USB disconnect, device number 10
[  237.522036][ T8171] loop4: detected capacity change from 0 to 2048
[  237.611873][ T8143] chnl_net:caif_netlink_parms(): no params data found
[  237.650567][ T8171] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  238.038982][ T8189] loop0: detected capacity change from 0 to 16
[  238.061022][ T8189] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  238.193592][ T8189] cramfs: Error -3 while decompressing!
[  238.201304][ T8189] cramfs: ffffffff9754a518(42)->ffff88807cbd6000(4096)
[  238.216225][ T8143] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.233700][ T8143] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.249891][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  238.275968][ T8143] device bridge_slave_0 entered promiscuous mode
[  238.292759][ T8176] loop1: detected capacity change from 0 to 32768
[  238.326356][ T8176] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop1 scanned by syz.1.1219 (8176)
[  238.444331][ T8176] BTRFS info (device loop1): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  238.491324][ T8176] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  238.564517][ T8176] BTRFS info (device loop1): disabling tree log
[  238.568876][ T8196] loop5: detected capacity change from 0 to 1024
[  238.571141][ T8176] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  238.624570][ T8176] BTRFS info (device loop1): trying to use backup root at mount time
[  238.633306][ T8143] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.641397][ T4253] Bluetooth: hci4: command 0x0409 tx timeout
[  238.662008][ T8143] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.672074][ T8176] BTRFS info (device loop1): setting nodatacow, compression disabled
[  238.681180][ T8176] BTRFS info (device loop1): enabling ssd optimizations
[  238.688666][ T8176] BTRFS info (device loop1): using spread ssd allocation scheme
[  238.693057][ T8196] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  238.697539][ T8176] BTRFS info (device loop1): using free space tree
[  238.717037][ T8143] device bridge_slave_1 entered promiscuous mode
[  238.741934][ T8196] ext4 filesystem being mounted at /216/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.022907][   T56] device hsr_slave_0 left promiscuous mode
[  239.030425][ T4702] EXT4-fs (loop5): unmounting filesystem.
[  239.040040][   T56] device hsr_slave_1 left promiscuous mode
[  239.055383][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  239.072324][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  239.148952][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  239.160022][ T4256] BTRFS info (device loop1): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  239.180991][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  239.205105][   T56] device bridge_slave_1 left promiscuous mode
[  239.237694][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
SYZFAIL: posix_spawnp failed
 (errno 2: No such file or directory)
[  239.580298][   T56] device bridge_slave_0 left promiscuous mode
[  239.594349][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.663032][   T56] device veth1_macvtap left promiscuous mode
[  239.679962][   T56] device veth0_macvtap left promiscuous mode
[  239.690046][   T56] device veth1_vlan left promiscuous mode
[  239.701351][   T56] device veth0_vlan left promiscuous mode
[  240.428435][   T56] team0 (unregistering): Port device team_slave_1 removed
[  240.488058][   T56] team0 (unregistering): Port device team_slave_0 removed
[  240.547603][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  240.602848][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  240.724467][ T4257] Bluetooth: hci4: command 0x041b tx timeout
[  241.195195][   T56] bond0 (unregistering): Released all slaves
[  241.309847][ T8216] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1225'.
[  242.447401][   T56] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.523224][   T56] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.608230][   T56] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.667436][   T56] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.822239][   T56] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.928326][   T56] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.013278][   T56] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.095052][   T56] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.273769][   T56] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.359442][   T56] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.429786][   T56] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.479545][   T56] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.790897][   T56] device hsr_slave_0 left promiscuous mode
[  245.797657][   T56] device hsr_slave_1 left promiscuous mode
[  245.804045][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  245.811564][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.821153][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  245.828766][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.837086][   T56] device bridge_slave_1 left promiscuous mode
[  245.843395][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.858534][   T56] device bridge_slave_0 left promiscuous mode
[  245.865269][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.883869][   T56] device hsr_slave_0 left promiscuous mode
[  245.891462][   T56] device hsr_slave_1 left promiscuous mode
[  245.904050][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  245.911672][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.919877][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  245.927471][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.939103][   T56] device bridge_slave_1 left promiscuous mode
[  245.945542][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.953935][   T56] device bridge_slave_0 left promiscuous mode
[  245.960602][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.974045][   T56] device bridge_slave_1 left promiscuous mode
[  245.982686][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.990996][   T56] device bridge_slave_0 left promiscuous mode
[  245.997528][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.009671][   T56] device hsr_slave_0 left promiscuous mode
[  246.016252][   T56] device hsr_slave_1 left promiscuous mode
[  246.022587][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.030106][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.038124][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.045702][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.053307][   T56] device bridge_slave_1 left promiscuous mode
[  246.059777][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.068649][   T56] device bridge_slave_0 left promiscuous mode
[  246.075394][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.139909][   T56] device veth1_macvtap left promiscuous mode
[  246.146290][   T56] device veth0_macvtap left promiscuous mode
[  246.152447][   T56] device veth1_vlan left promiscuous mode
[  246.168761][   T56] device veth1_macvtap left promiscuous mode
[  246.177686][   T56] device veth0_macvtap left promiscuous mode
[  246.183846][   T56] device veth1_vlan left promiscuous mode
[  246.200465][   T56] device veth0_vlan left promiscuous mode
[  246.207818][   T56] device veth1_vlan left promiscuous mode
[  246.215804][   T56] device veth0_vlan left promiscuous mode
[  247.043391][   T56] team0 (unregistering): Port device team_slave_1 removed
[  247.101614][   T56] team0 (unregistering): Port device team_slave_0 removed
[  247.174427][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.235510][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  247.922308][   T56] bond0 (unregistering): Released all slaves
[  248.530882][   T56] team0 (unregistering): Port device team_slave_1 removed
[  248.607081][   T56] team0 (unregistering): Port device team_slave_0 removed
[  248.663143][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.728870][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface