last executing test programs:

2m3.308063787s ago: executing program 1 (id=116):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000340)={0x0, 0xd, 0x6, "3a0603fd3dac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2m0.80469683s ago: executing program 1 (id=131):
syz_mount_image$jfs(&(0x7f0000005d00), &(0x7f0000005d40)='./file0\x00', 0x0, &(0x7f0000000040)={[{@iocharset={'iocharset', 0x3d, 'cp863'}}]}, 0x1, 0x5ce8, &(0x7f0000005dc0)="$eJzs3U1vHVcZB/Dnvvj6pbSNKlSFiEWaQmkpzXsC5a0pCxawAAllTSLXrQIpoMQgWlnElReIFV8BNt2w6FfgA/QzID4AkWxWXVAGjX1OMh5f5zokvnPt8/tJzswz547vmfw9nns9M/cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/+uHPLvQi4sbv0oITEV+IQUQ/YrGuT0c9cy0/fhgRJ2O7OV6MiMF8RL3+9j/PR1yOiE+fi9jcWluuF188YD+unF+98/mPf/CPP/554+Qv3vn5x+32n37x0id/uhdx4idvfvL5vaez7QAAAFCKqqqqXnqbfyq9v+933SkAYCry8b9K8nK1Wq1Wq9XHr26qxrvXLCJivblO/ZrB6XgAOGLW47Ouu0CH5F+0YUQ803UngJnW67oDHIrNrbXlXsq31zwenN5pz9eC7Mp/vffg/o79ppO0rzGZ1s/XRgzihX36szilPsySnH+/nf+NnfZRetxh5z8t++U/2rn1qTg5/0E7/5bjk39/bP6lyvkPHyv/gfwBAAAAAGCG5b//n+j4/O/8k2/KgTzq/O/pKfUBAAAAAAAAAJ62Jx3/7wHj/wEAAMDMqt+r1/7y3MNl+30WW738ei/i2dbjgcKkm2WWuu4HAAAAAAAAAAAAAJRkuHMN7/VexFxEPLu0VFVV/dXUrh/Xk65/1JW+/VCyrn/JAwDAjk+fa93L34tYiIjr6bP+5paWlqpqYXGpWqoW5/Pr2dH8QrXYeF+bp/Wy+dEBXhAPR1X9zRYa6zVNer88qb39/ernGlWDA3RsOjoMHAAiYudotOmIdMxU1fPR9ascjgb7//Fj/+cguv45BQAAAA5fVVVVL32c96l0zr/fdacAgKnIx//2eQG1Wq1Wq9XHr26qxrvXLCJivblO/ZrBcPwAcMSsx2ddd4EOyb9ow4g42XUngJnW67oDHIrNrbXlXsq31zwepPHd87Ugu/Jf722vl9cfN52kfY3JtH6+NmIQL+zTnxen1IdZkvPvt/O/sdM+So877PynZb/86+080UF/upbzH7Tzbzk++ffH5l+qnP/wsfIfyB8AAAAAAGZY/vv/Ced/8yYDAAAAAAAAwJGzubW2nO97zef/vzzmce7/PJ5y/j35Fynn32/n37ogZ9CYv//2w/z/vbW2/PHqv76UpzOf/9xgVD/3XK8/GKZrfqq5d+NW3I6VOL/n8cNd7Rf2tM/tar84of3SnvZR3b6Y28/Gcvw6bsc7D9rnJ1wYtTChvZrQnvMf2P+LlPMfNr7q/JdSe681rd3/qL9nv29Oxz3Ptb/955W9e9f0bcTgwbY11dt3poP+bP+fPDOK395duXP29zdXV+9ciDTZtfRipMlTlvOfS185/1df3mnPv/eb++v9j0aPnf+s2Ijhvvm/3Jivt/e1KfetCzn/UfrK+ecj0Pj9/yjnv//+/3oH/QEAAAAAAAAAAAAAAIBHqapq+xbRaxFxNd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49f3VSN91aziIi/N9epXzP8Ydw3AwBm2X8j4p9dd4LOyL9g+fP+6ulXuu4MMFV3P/jwlzdv3165c7frngAAAAAAAAAA/688/ufpxvjP29cBtcaN3jX+69tx+siO/9kfDbbHOk8b9FI8evzvM/Ho8b+HE55vbkL7aEL7/IT2hQntY2/0aMj5v5QyzvmfShtW0vivr3bQn67l/M+ksZ5z/l9rPa6Zf/XXo5x/f1f+51bf/825ux98+Mat92++t/Leyq8unL96+dKVy5euXDn37q3bK+d3/u2wx4cr55/HvnYdaFly/jlz+Zcl5//VVMu/LDn/V1It/7Lk/PPrPfmXJeef3/vIvyw5/9dSLf+y5Py/nmr5lyXn/3qq5V+WnP83Ui3/suT830i1/MuS8z+bavmXJed/LtXyL0vOP5/hkn9Zcv75ygb5lyXnfzHV8i9Lzv9SquVflpz/5VTLvyw5/yupln9Zcv5XUy3/suT8v5lq+Zcl5/+tVMu/LDn/N1Mt/7Lk/L+davmXJef/nVTLvyw5/++mWv5lyfl/L9XyL0vO//upln9Zcv5vpVr+ZXn4+f9mzJgxk2e6/s0EAAAAAAAAAAAAALRN43LirrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO/cWI2d53w/83ZO9NgT8D2figG1OBhZ21ydwiMEkIX9KeqAkpE1Lahx7bZz4VO8up6KyKbQlClKR2gt60TSJ0ihSW4GqSE0lGiE1UnvXXDXiJmqlXPgCKgcllVIFtnpnnufxzOx63jVmYOZ9Pp8I/+ydd2aeeeeZ2f1u9B0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAVhs/PvOnQ0VRlP81/lhXFOeXf19T7C7/ubDj/V4hAAAAcK7eavz5dxemL+xewZVajvnXq/79u4uLi4vFF948+fafLy6mCzYUxcjqomhcFv3bL36+2HpM8EwxPjTc8u/hirsfqbh8tOLysYrLV1Vcvrri8vGKy5ecgCXWNH8f07ixaxt/Xdc8pcXFxVjjsmuXudYzQ6uHh+PvchqGGtdZHDtQHCoOFzPF1JLrDDX+VxSvbCzv694i3tdwy32tL4ri1E+f2hfXMBTO8bVF2501tD53b9xdbHjzp0/t+/bc61csNytPw5KVFsXmTeU6ny2K07+uKoaK1emcxHUOt6xz/TLrHGlb51DjeuXfO9d5aoXrjI97PKzzh13WuT587fFriqJYKM54TKdniuFibce9pvM93twR5W2UT+UHi9Gz2icbV7BPyuv85Jr2fdK5J+P53xjOyegZ1tD6dLzx5VVLzvs73Sflo+6HvVre9v3lnY6Pt/5qtW2vlsc8dd2Z98Cyz90yeyDt5ZY9sKlqDwyvGmnsgeHTa97Utgeml1xnuBhq3NfJ67rvgcm5I8cnZ5948pZDR/YenDk4c3R6ase2rdu3bd2+ffLAocMzU80/z+6UDpC1xXDag5vCe03cgzd0HNu6JRe/8e69Dsb75HVQPvbPXF8u6Pzh4gx7vDzm2c3n/jpI3/dbXgejLa+DZd9Tl3kdjK7gdVAec2rzyr5njrb8t9waevVeuK5lD7yf3w/L+3zoxjO/F64P63ruprP9fjiyZA/EhzUUXnvlV9LPe+O3h/OydF9cWV5w3qpifnbmxK2P752bOzFdhPGeuKjluercL2tbHlOxZL8Mn/V+2f23v7z+ymW+vi6cq/Gbuz9X5THbJro/V4139+XPZ9tXtxRhvMve6/O53Hez8nymLNHlfJbHPHvLuf8smHJJy/vfWNX738jYaPP9bySdjbG297+lT81IY2VFceqWlb3/jYX/3uv3v4v75P2vPFcP3dp9D5THPDd5tntgtOv73zVhDoX13BgSw3hL7n+7cflCc5u2PJeV+2Z0dCzsm9F4j+37ZuuS65S3Vt735ql3tm82X9P+XLX93FLDfVOeq7+Y6r5vymNenT7394418a8t7x2rqvbA2Miqcr1jaRM03+8W18Q9cGuxrzhWHC72p+uUz3J5XxNbVrYHVoX/3uv3jsv7ZA+U5+rFLd33QHnMD7a+uz87bQ5fSce0/OzU+fuFM2X+K0dP317naXu3M3+5zk9s6/67ofKY17edbc7ofp5uDl85b5nz1Pn6OdOe3l+8N+fp8rDOw9u7/26qPObiHSvcT7uLonht+rXG77vC73f/Yf4/vtv2e9/lfqf82vRr900+8KOzWT8AAO/c240/F1Y1f9Zs+X+sV/L//wMAAAADIeb+4TAT+R8AAABqI+b+kTAT+R8AAABqI+b+0TCTTPL/I7fvfOmtp4v0aYCLQbw8nob772weFzveC+HfGxZPK7/+sW+NvfSVp1d238NFUfzyvg8te/wjd8Z1NR2P6/xI+9eXuPzqFd3/ww+ePq718xNO7Wzefnw8K90Gsav8yuSWxu1ueGK6MV+9r2jMBxaee6Z5+81/x+NPbm0e/1fhQ0t2Hxhqu/7msJ5rw9wQPlPm/t2nz0M54/VeWn/Vv1z02dP3F683tOmCxsN88Q+btxs/I+qFi5rHx8d9pvX/81e/81J5/OPXLb/+p4eXX//JcLs/CfMXu5rHt57zr7Ss/4/D+uP9xevd+s3vL7v+ly9rHv9y2BdfD7Nz/Xf/2YffWu75ivez+47m9eL9T/3Ptsb14u3F2+9c//jT023no/P2X32zeTu7Hv3ZSOvx8evxfqKH72jf30Ph+W3rkRdF8Z0/KdrOc/HR5vX+qWP98faO37H8+m/uWOfxoasb1z/9eNa1Pa6v/c2WZR9vXM/uv1/X9nheuCecvzcnf1De7skHwn4Ml//vD5u31/lZpi/f0/5+E4//+rrm6zbe3mTH+l/oWP/C1eW5q17/vW821//yXavb1r/7k2E/3ducVes/+NcXtl3/G99uPh8nHps4emx2/tD+lrPa+jpePb5m7Xnnf+CCC8N7aee/9xybe2TmxIapDVNFsWEAPzKw1+v/Zpj/3RwL7/49NP3oZ8199/ynmt+3bvh5898vhK8/HJ7P+P3xa3851rZfO5/3hbua81zXf1NYx0pd9tX/unpFB578/Cvz//hHr3f+XBAfz/FLxhuP78WNlzYuG3q1eXnn+1WV/7yk/XX949GpxvxeOK+L4ZOZN13avL/O24+fTfL8p5uv3/iTXLx+0fF5IutG2h/Hua7/x+HnmO9f3v7+F/fH957u+DTndcVQuYSF8P5QLDQvj0fF8/38qUuXvb/4OTzFwhVns8wzmn1idvLwoaPzj0/OzczOTc4+8eSeI8fmj87taXx26Z4vVl3/9Ot7beP1vX9mx7ai8Wo/1hw99n6v//iD+/bfNnX9/pkDe+cPzD14fObEwX2zs/tm9s9ev/fAgZnHqq5/aP+u6S07t962ZeLgof27bt+5c+vOiUNHj5XLaC6qwo6pL00cPbGncZXZXdt2Tm/fvm1q4six/TO7bpuampivun7je9NEee1HJ07MHN47d+jIzMTsoSdndk3v3LFjS+WnPx45fmB2w+SJ+aOT87MzJyabj2XDXOPL5fe+quuTh9lj4f2uw1D46fxzN+9In49b+taXz3hTzUPafzwt3gifBRW/v1X9O+b+sTCTTPI/AAAA5CDm/vDB/6cvkP8BAACgNmLuXx1mIv8DAABAbcTcPx5mkkn+1//X/9f/1//X/9f/7yX9f/3/bvT/9f8Hef36//r/VOu3/n/M/WuKIsv8DwAAADmIuX9tmIn8DwAAALURc/95YSbyPwAAANRGzP3nh5lkkv/1//X/9f/1//X/9f97Sf9f/78b/X/9/0Fev/6//j/V+q3/H3P/B8JMMsn/AAAAkIOY+y8IM5H/AQAAoDZi7r8wzET+BwAAgNqIuX9dmEkm+V//X/9f/1//X/9f/7+X9P/1/7vR/9f/H+T16//r/1Ot3/r/Mff/vzCTTPI/AAAA5CDm/g+Gmcj/AAAAUBsx918UZiL/AwAAQG3E3H9xmEkm+V//X/9f/1//X/9f/7+X9P/1/7vR/9f/H+T16//r/1Ot3/r/MfdfEmaSSf4HAACAHMTcf2mYifwPAAAAtRFz/2VhJvI/AAAA1EbM/ZeHmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc/8VYSaZ5H8AAADIQcz9V4aZyP8AAABQGzH3fyjMRP4HAACA2oi5f32YSSb5X/9f/1//X/9f/1//v5f0//X/u9H/1/8f5PXr/+v/U63f+v8x9384zCST/A8AAAA5iLn/qjAT+R8AAABqI+b+q8NM5H8AAACojZj7N4SZZJL/9f/1//X/9f/1//X/e0n/X/+/G/1//f9BXr/+v/4/1fqt/x9z/8Ywk0zyPwAAAOQg5v5NYSbyPwAAANRGzP3XhJnI/wAAAFAbMfdfG2aSSf7X/9f/1//X/9f/1//vJf1//f9u9P/1/wd5/fr/+v9U67f+f8z914WZZJL/AQAAIAcx918fZiL/AwAAQG3E3H9DmIn8DwAAALURc//mMJNM8r/+v/6//r/+v/6//n8v6f/r/3ej/6//P8jr1//X/6dav/X/Y+6/Mcwkk/wPAAAAOYi5/6YwE/kfAAAAaiPm/pvDTOR/AAAAqI2Y+yfCTDLJ//r/+v/6//r/+v/6/72k/6//343+v/7/IK9f/1//n2r91v+Puf+WMJNM8j8AAADkIOb+W8NM5H8AAACojZj7J8NM5H8AAACojZj7p8JMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5fzrMJJP8DwAAADmIuX9LmIn8DwAAALURc//WMBP5HwAAAGoj5v5tYSaZ5H/9f/1//X/9f/1//f9e0v/X/+9G/1//f5DXr/+v/0+1fuv/x9y/Pcwkk/wPAAAAOYi5f0eYifwPAAAAtRFz/21hJvI/AAAA1EbM/beHmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc//OMJNM8j8AAADkIOb+j4SZyP8AAABQGzH33xFmIv8DAABAbcTc/9Ewk0zyv/6//r/+v/6//r/+fy/p/+v/d6P/r/8/yOvX/9f/p1q/9f9j7t8VZpJJ/gcAAIAcxNx/Z5iJ/A8AAAC1EXP/XWEm8j8AAADURsz9u8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/+4wk0zyPwAAAOQg5v6PhZnI/wAAAFAbMfd/PMxE/gcAAIDaiLn/E2EmmeR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fcf0+YSSb5HwAAAHIQc/8nw0zkfwAAAKiNmPv/f5iJ/A8AAAC1EXP/vWEmmeR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fc/ythJpnkfwAAAMhBzP33hZnI/wAAAFAbMfd/KsxE/gcAAIDaiLn/V8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/9fCTDLJ/wAAAJCDmPt/PcxE/gcAAIDaiLn/N8JM5H8AAACojZj77w8zyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/t8MM8kk/wMAAEAOYu5/IMxE/gcAAIDaiLn/02Em8j8AAADURsz9nwkzyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/gfDTDLJ/wAAAJCDmPs/G2Yi/wMAAEBtxNz/W2Em8j8AAADURsz9vx1mkkn+1//X/9f/1//X/9f/7yX9f/3/bvT/9f8Hef36//r/VOu3/n/M/Z8LM8kk/wMAAEAOYu7/nTAT+R8AAABqI+b+3w0zkf8BAACgNmLufyjMJJP8r/+v/6//r/+v/6//30v6//r/3ej/6/8P8vr1//X/qdZv/f+Y+z8fZpJJ/gcAAIAcxNz/e2Em8j8AAADURsz9e8JM5H8AAACojZj7Hw4zyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/r1hJpnkfwAAAMhBzP1fCDOR/wEAAKA2Yu7fF2Yi/wMAAEBtxNy/P8wkk/yv/6//r/+v/6//r//fS/r/+v/d6P/r/w/y+vX/9f+p1m/9/5j7Z8JMMsn/AAAAkIOY+w+Emcj/AAAAUBsx9x8MM5H/AQAAoDZi7n8kzCST/K//r/+v/6//r/+v/99L+v/6/93o/+v/D/L69f/1/6nWb/3/mPsPhZlkkv8BAAAgBzH3fzHMRP4HAACA2oi5/0thJvI/AAAA1EbM/YfDTDLJ//r/+v/6//r/+v/6/72k/6//343+v/7/IK9f/1//n2r91v+Puf9ImEkm+R8AAAByEHP/0TAT+R8AAABqI+b+Y2Em8j8AAADURsz9x8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5//fDTDLJ/wAAAJCDmPtPhJnI/wAAAFAbMffPhpnI/wAAAFAbMffPhZlkkv/1//X/9f/1//X/9f97Sf9f/78b/X/9/0Fev/6//j/V+q3/H3P/fJhJJvkfAAAAchBz/6NhJvI/AAAA1EbM/Y+Fmcj/AAAAUBsx9z8eZpJJ/tf/1//X/9f/1//X/+8l/X/9/270//X/B3n9+v/6/1Trt/5/zP1PhJlkkv8BAAAgBzH3PxlmIv8DAABAbcTc/wdh/h/79qwF4NKDYfTGf9u2bdu2bRzbVnGaJOU31aw1M9m7SZv2LZ5i/wMAAMAxcvc/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+58YtTfY/AAAAdJC7/3lxi/0PAAAAx8jd//y4xf4HAACAY+Tuf0Hc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/S+MW5rsfwAAAOggd/+L4hb7HwAAAI6Ru//FcYv9DwAAAMfI3f+SuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/uftfGrc02f8AAADQQe7+l8Ut9j8AAAAcI3f/y+MW+x8AAACOkbv/FXFLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3vzJuabL/AQAAoIPc/a+KW+x/AAAAOEbu/lfHLfY/AAAAHCN3/2vilib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7n9t3NJk/wMAAEAHuftfF7fY/wAAAHCM3P2vj1vsfwAAADhG7v43xC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/xrilyf4HAACADnL3vylusf8BAADgGLn73xy32P8AAABwjNz9b4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/61xS5P9DwAAAB3k7n9b3GL/AwAAwDFy9789brH/AQAA4Bi5+98RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8745Ym+x8AAAA6yN3/rrjF/gcAAIBj5O5/d9xi/wMAAMAxcve/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+98YtTfY/AAAAdJC7/31xi/0PAAAAx8jd//64xf4HAACAY+Tu/0Dc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/R+MW5rsfwAAAOggd/+H4hb7HwAAAI6Ru//DcYv9DwAAAMfI3f+RuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/ufs/Grc02f8AAADQQe7+j8Ut9j8AAAAcI3f/x+MW+x8AAACOkbv/E3FLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3fzJuabL/AQAAoIPc/Z+KW+x/AAAAOEbu/k/HLfY/AAAAHCN3/2filib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7v9s3NJk/wMAAEAHufs/F7fY/wAAAHCM3P2fj1vsfwAAADhG7v4vxC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/xbilyf4HAACADnL3fylusf8BAADgGLn7vxy32P8AAABwjNz9X4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/6txS5P9DwAAAB3k7v9a3GL/AwAAwDFy9389brH/AQAA4Bi5+78RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8345Ym+x8AAAA6yN3/rbjF/gcAAIBj5O7/dtxi/wMAAMAxcvd/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+78YtTfY/AAAAdJC7/3txi/0PAAAAx8jd//24xf4HAACAY+Tu/0Hc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/T+MW5rsfwAAAOggd/+P4hb7HwAAAI6Ru//HcYv9DwAAAMfI3f+TuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/uft/Grc02f8AAADQQe7+n8Ut9j8AAAAcI3f/z+MW+x8AAACOkbv/F3FLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3/zJuabL/AQAAoIPc/b+KW+x/AAAAOEbu/l/HLfY/AAAAHCN3/2/ilib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7v9t3NJk/wMAAEAHuft/F7fY/wAAAHCM3P2/j1vsfwAAADhG7v4/xC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/x7ilyf4HAACADnL3/ylusf8BAADgGLn7/xy32P8AAABwjNz9f4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/69xS5P9DwAAAB3k7v9b3GL/AwAAwDFy9/89brH/AQAA4Bi5+/8RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8/45Ym+x8AAAA6yN3/r7jF/gcAAIBj5O7/d9xi/wMAAMAxcvf/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+/8YtTfY/AAAAdJC7/39xi/0PAAAAx8jd//+4xf4HAACAY+TuvyFuabL/9f/6f/2//l//r/+fSf+v/7+i/9f/7/y//l//z9hq/X/u/hvjlib7HwAAADrI3X9T3GL/AwAAwDFy998ct9j/AAAAcIzc/bfELU32v/5f/6//1//r//X/M+n/9f9X9P/6/53/1//r/xlbrf/P3X9r3NJk/wMAAEAHuftvi1vsfwAAADhG7v7b4xb7HwAAAI6Ru/+OuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/ufvvjFua7H8AAADoIHf/XXGL/Q8AAADHyN1/d9xi/wMAAMAxcvffE7c02f/6f/2//l//r//X/8+k/9f/X9H/6/93/l//r/9nbLX+P3f/vXFLk/0PAAAAHeTuvy9usf8BAADgGLn7749b7H8AAAA4Ru7+B+KWJvtf/6//1//r//X/+v+Z9P/6/yv6f/3/zv/r//X/jK3W/+fufzBuabL/AQAAoIPc/Q/FLfY/AAAAHCN3/8Nxi/0PAAAAx8jd/0jc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/Y/GLU32PwAAAHSQu/+xuMX+BwAAgGPk7n88brH/AQAA4Bi5+5+IW5rsf/2//l//r//X/+v/Z9L/6/+v6P/1/zv/r//X/zO2Wv+fu//JuKXJ/gcAAIAOcvc/FbfY/wAAAHCM3P1Pxy32PwAAABwjd/8zcUuT/a//1//r//X/+n/9/0z6f/3/Ff2//n/n//X/+n/GVuv/c/c/GwAA//9/h0Q1")
setxattr$system_posix_acl(&(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000003c0)='system.posix_acl_default\x00', &(0x7f0000000080)={{}, {0x1, 0x6}, [], {}, [], {0x10, 0x1}}, 0x24, 0x3)
setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x1)
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x60)

1m59.310974628s ago: executing program 1 (id=141):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'geneve0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a8014000700fc"], 0x58}, 0x1, 0x2}, 0x0)

1m58.999269218s ago: executing program 1 (id=142):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
lsetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

1m58.62188697s ago: executing program 1 (id=143):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f0000000300)={[{@space_cache_v1}, {@autodefrag}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@nospace_cache}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
fsync(r0)

1m57.277941908s ago: executing program 1 (id=156):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))

1m56.68426024s ago: executing program 32 (id=156):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))

1m27.736869928s ago: executing program 4 (id=311):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
fallocate(r0, 0x10, 0x80, 0x1)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f514, &(0x7f0000000100)={0x0, 0xc158, 0x1})

1m25.659545535s ago: executing program 4 (id=322):
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xe, &(0x7f0000000100), 0xff, 0x454, &(0x7f0000001080)="$eJzs281vVFUbAPDn3umUlxewFfGDD7WKxsaPlgIqCxdqNHGBiYkudNm0hSADNbQmQoiCMbgyxsS9cem/4Eo3xrgycat7Q0IMG8DVmDtzL50pM0M7zHQK8/slF86599ye88y5Z+bce2YCGFoT2T9JxPaI+DMixurZ5gIT9f+uXz0/d+Pq+bkkqtV3/0lq5a5dPT9XFC3O25ZnJtOI9Isk9raod+nsuZOzlcrCmTw/vXzqo+mls+deOHFq9vjC8YXTB48cOXxo5uWXDr7YkzizNl3b8+nivt1vffDN20e/aop/VRw9MtHp4NPVao+rG6wdDelkZIANYV1KEZF1V7k2/seiFCudNxZvfj7QxgF9Va1Wq9vaH75QBe5hSTTnDXkYFsUHfXb/W2yrJwGv9m/6MXBXXqvfAGVxX8+3+pGRSPMy5fz+ttSH+ici4v0L/36XbdGf5xAAAE1+yuY/z7ea/6XxUEO5+/K1ofGIuD8idkbEAxGxKyIejKiVfTgiHlln/Q2LJNej5fwnvdx1cGuQzf9eyde2mud/xewvxkt5bkct/nJy7ERl4UD+mkxGeUuWn+lQx89v/PF1u2ON879sy+ov5oJ5Oy6PbGk+Z352efZOYm505WLEnpFW8Sc3VwKSiNgdEXu6rOPEsz/sa3fs9vF30IN1pur3Ec/U+/9CrIq/kHRen5z+X1QWDkwXV8Wtfvv90jvt6r+j+Hsg6///t7z+b8Y/njSu1y6tv45Lf33Z9p6m2+t/NHmvlh7N930yu7x8ZiZiNDlab3Tj/oMr5xb5onwW/+T+1uN/Z6y8EnsjIruIH42IxyLi8bztT0TEkxGxv0P8v77+1Ifdx99fWfzz6+r/lcRorN7TOlE6+cuPTZWO3xL/jc79f7iWmsz3rOX9by3t6u5qBgAAgLtPGhHbI0mnbqbTdGqq/n35XRFpZXFp+bljix+fnq//RmA8Ii2edI01PA+dyW/r6/mLEVH/akFx/FD+3Pjb0tZafmpusTI/6OBhyG1rM/4zf/fjCy/A5uL3WjC8jH8YXsY/DK91jP+kn+0ANl6L8b91EO0ANl6rz//PBtAOYOOtGv+W/WCIeP4Hw8v4h+Fl/MNQWtoat/+RfMdE8Ze6PP2eTUR5UzSjb4lIN0UzNm2ifJePi8G9JwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTSfwEAAP//L1neZg==")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x13)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
creat(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1m22.947426885s ago: executing program 4 (id=339):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xac3, &(0x7f0000002a80)="$eJzs3V2MVFcBAOAzuzsLC1SWCnal2ILVtv50KcuKP0ShgZhISmN8adL4QiitRMTEmqhNE4En32zTYOKTP/GpL001JvbFkD750sSSNCZ9qj74IMG0iQ8VhWmYOWf2zmGGOzMsc3eY70vOnjn3nDvn3Nk7d+7fuScAE2uq+Xd5eaEWwvnXXz78rwf/OXd9yoF2ifnm35lCqh5CqMX0TPZ+70634qvvxxnDC8db6VZcC0vNvykdnrjcnndjCOFM2BkuhPmw/fzFl95cevzo2SPndr31yv5Lt2PZAQBg0nzzwv7lbX//671brrx638Gwrj097Z/HnfiwKe73H4w7/mn/fyp0pmuFUDSblZuJYWqus9x0l3LFeupZuZke9c9m9dd7lFsXbl7/dGFat+WGcZbW4/lQm1rsSE9NLS62jslD87h+trZ4+uSpZ56rqKHAqvvP/SGEnYVw6Fxneq2FA2ugDUOGxhpow1iGg6Or60qjpfJlHlFobK56CwTQks47tK8P5s7kZxZuTfvdZvqr//JjU93nh1Uw6vV/oPpnK64/qP93Z21xWD136tqUlit9jzbFdH4dIb9/qff3L7/S0Tk1vx5R77Odva4jjMv1hV7tnB5xO4bVq/35enGn+mqM0+fwtY7c+zu+P/n/dFz+x0B3H+Tn/wVBWNshdKTrt/JejR736wDk98010vXRKL+vL89fV5K/viR/riR/Q0n+xpJ8mGR/+OHPw4u1lfNd+TH9oOfD03m2u2L8kQHbk++HDFp/ft/voG61/vx+YljL/nTsyRNfevqpi637/2vt9f9aXN/T4cZ8/G5diAXS+cL8vHr7WGK+s56pHuXuztpzV5fyzddbO8vVtq68TyhsZ25ox0LnfJt7ldvRWW4+KzcXw/qsvfn+yYZsvrT/kbar6fOayZa3ni3HbNaOtF3ZEuO8HTCMtD72uv8/rZ8LoV575uSpE4/GdFpP/zJdX3d9+p4Rtxu4df32/1kInf1/NrWn16eK24XNK9Nrre3Ca/H9OqcvtespTC/8qKXfue9MzzXLLx7//qmnV3nZYdI995Pnv3vs1KkTP/DiJi/SXn73Ml9fAy0c8EVaoLXSHi8GfbHzdldR4UYJGIndP23tBDxy8nvHnj3x7InTe/ft27u0tO/Le5d3N/frdxf37ovOVNBaYDWt/OhX3RIAAAAAAAAAAACgXz86cvji22988Z1W//+V/n+p/3+68zf1//9Z1v8/7yef+sGnfoBbuuQ3y2QPWJ3NytVj+GjW3q1ZPduy+T4W4/Y4frH/f6ouf65ras892fR6j2T2OIEbnpcymz2DJB8v8JMxPhfj3waoUG2u++QY3+T51rUPCut6ej5FoQtvw/OBx0f6vzXXhsIjjVL/767PderSX5vxMooei1UvI9Ddvyfq+d/vrSx45W0ReoeZ0db3y8ldJxo999L7HcEGYHVUPf5nOu+Z4tN//sb66yEVu/xY5/Yyf34pDOJvb3em1/r4k7e7/nzcvlHXX/Xyj3r8z/b4d31v/7IR8+aHq/e/v7r0TqHasL3f+vPlT8+B3jpY/Vdi/WlpHgr91d/4TVZ/fkGoT//L6t/QZ/03LP+O4er/f6w/fWwPP9Bv/a0W16Y62zGXLUe6/pefN06uZsufnu15k/q/9Xy35R9yoMZrsX6YZOMyzuygsv2I9k778OP/RmdWd/zfdmOzzVp+H8YXYjptiNN9Dvl4J4O2P91fkX4HtmXvXyv5fTP+73j7SozLvg9p/N+0Ps7Hn/xCuvlZpnS9y2d7p25rYFy9O9T1v/cqv26xtsOl1mHQcPOvr779wgChMT3EfO1x4ipuf6PRqHToX+MOV6vqz7/q44Sq66/68y+Tj/+b78Pn4//m+fn4v3l+Pv5vnj8X/0O98vPxf/PPMx//N8+/J3vffHzghZL8j5fkb++e3z5sv7dk/h0l+Z8oyd/Vzj/QUSLl33fT+VfK9Xr/u0vyHyjJ/1RJ/qdL8h8syX+4kF8cAzrlf6Zk/jtd6o8yqcsPkyzvn+f7D5MjXf/p9f3fWpIPjK9fvLrn0FO///Z8q///bPt8SLqOdzCm6/H46ccxnV/3DoX09bw3YvofWf5aP98BkyR/fkb++/5QST4wvtJ9Xr7fMIFq67tPjnHZc6t67eczXj4b48/F+PMxfiTGizHeHeM9MV4aUfu4PQ699sf9L9ZWjvc3Z/n93k+e9wfqeE5UCGFvn+3Jzw8Mej97/hy/Qd1q/UN2BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjMVPPv8vJCLYTzr798+MmjJ3dfn3KgXWK++XemkKq35wvh0RhPx/jX8cXV9184XoyvxbgWlkIt1NrTwxOX2zVtDCGcCTvDhTAftp+/+NKbS48fPXvk3K63Xtl/6fZ9AgAAAHDn+zAAAP//LlQL6Q==")
r0 = open(&(0x7f0000000300)='./file1\x00', 0x14127e, 0x196)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0xb, 0x0, {0x7, 0x29, 0x6, 0x0, 0x7, 0x7, 0x6, 0x85, 0x0, 0x0, 0x10, 0x4}}, 0x50)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
sendfile(r1, r0, 0x0, 0x8009)

1m21.763248942s ago: executing program 4 (id=346):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file1\x00', 0x4810, &(0x7f0000000140)=ANY=[], 0x11, 0x693, &(0x7f0000000880)="$eJzs3c1vHGcdB/DvrNcvm0qO26ZpQJUwjVQQEYkdK4VwSUAIBalCVThwthqnseKkwXFR2gNxAYkrB/6AcggXOIEQEhJSpHKGW8XN4lQJiUtPaQ8MmtlZe+3u2ptXO/TziWaf55ln5pnf/OZlXyJrAnxuXTiR9t10cuHEa7eq9sadhZWNOwvXevUkk0laSbtbpLieFB8k59Od8oVqZjNcMWw7v14+e/HDjzc+6rba2RqveukMD7A9yl6sN1Nmk4w15UPYNt4bDzbe5Fa12MxMlbDjvcTBfhtPUm7z46NbPYOUY32Nodc78PQouu+bfbrX/0xyKMlU7w1tvdvZevIR7um+7kXrjy8OAAAAODAO37ud3Mr0fscBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT5Pm+f9FM7V69dkUvef/T/Q9Y39in8MdbvfIpnqVu60nEQwAAAAAAAAAPF5fupffXSzL6V67LOr/83+5bhypX5/J27mZpazmZG5lMWtZy2rmk8z0DTRxa3FtbXW+t+anZVkOWfP0wDVPjxhw51HsNQAAAAAAAAD83zjXlD/LhUzvcywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBNkYx1i3o60qvPpNVOMpVkolpuPflHr/40u7vfAQAAAMATcPhe7uVWpnvtsqi/8x+tv/dP5e1cz1qWs5aVLOVS/VtA91t/a+POwsrGnYVr1fTZcb/9n636H6f3DKMeMd3fHgZv+Vi9RCeXs1zPOZk38lZWcimtes3KsV48g+N6r4qpONdVlqMl6FJTVnv+q6Y8GGbqjIxvZmSuia3KxrO7Z6L/6DzAlubT2vzl58h95Pzcrlsp/ts7Jod6c5Jnvr93zsfva2ceys5MnO47+47unonkK3/6/Y+urFy/eqVYP3FwTqP7MPmvratmZyYW+jLx4siZuHzz6czETq28sFm/kO/lhzmR2bye1SznJ1nMWpYym+/WtcXmfK5eZ3bP1Pltrdf3imKiOS5jO2L68uFuuVtML9frTmc5P8hbuZSlvFr/O535fCNnciZn+47wCyNc9a0BV/2fhwd//KtNpZPkl015MFR5fbYvr/333Jm6r39OK+Vkd73nHtm9cVP7i02lOhI/b8qDYTMTU9l8l+hF93wvA+MDM/Gb+rZyc+X61dUrizd2jFusD97eK9m++wfnRlKdL89VB6tubT87qr7nB/bN131HNvtaO/t+29ns2+tKnWg+w312pNN134sD+xbqvmN9fVuftz4ty7L7eQuAA+/Q1w5NdP7d+Xvn/c4vOlc6r019Z/Kbky9NZPxv499qz4290nqp+EPez0+z9zd0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgTzffeffq4srK0uqOSlmWt4d0PZZK2sm2OX/9S98ySeqHAY0+YLX0+VZSz2mnqdxfYLcfbHfee9Ak/LM5Jk8k4Y+kMjX0/NlZ+aQsy4MR8yiVsnFQ4tmPyr7eloAn4NTatRunbr7z7teXry2+ufTm0vWzZ86cnTt75tWFU5eXV5bmuq/7HSXwOPR9AgcAAAAAAAAAAACeEqP9cU7xcH/bAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAQLpxI+26KzM+dnKvaG3cWVqqpV99a8pMkrSTFbFJ8kJxPd8pM33DFsO2sJxc//Hjjo26r3Uz18q3d1hvNejNlNslYUw4wNWhmeXvYeEU9zo3h442o2NzDKmHHe4mD/fa/AAAA///tbhq7")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f00000000c0)='./file0/file0/file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc51, 0x0)

1m21.189229378s ago: executing program 4 (id=350):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='contention_end\x00', r0}, 0x18)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r1)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x9c}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x90)

1m20.470660413s ago: executing program 4 (id=356):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

1m19.936867291s ago: executing program 33 (id=356):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

3.366783675s ago: executing program 2 (id=997):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000080)='./file0\x00', 0x2010050, &(0x7f0000000580)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="574ebc0e94989fcde4c7e6c29d5b7d84ea1d3b850bb44bd48bb9519bc17acbb165391925581f91c0647c1d56315d4d044e055c5842362d6e3547a65f0d1dc45f590e08b80c1182db21b765ab93d407000000a9415a11b2facb5efbeda5c99dab23a7176fd9bdcc116a308a7b3a9e3562550da7ba26451b761e0bc1c92c045eee"], 0xff, 0x2ce, &(0x7f0000000640)="$eJzs3M9LFH8cx/G3uu6uK7p7+PL98i2iN3UpgkG3e7CEUrRQqBtZEIw6W8tOu7IzGBuhduoa/REdxKM3oTp09dKtU5duHgo6JPRjYmdnddUVk9od0+cDdN7OzNvP58OM8hrBWb/17EEx7xh505XueK90iyzKhkiqVolUa5+6RCQudV0SlWaLcr7/87tT45O3r2Wy2ZEx1dHMxMW0qg6efvnw8fKZ127/zZXB1Zispe6uf0p/WPt37f/1HxP3C44WHC2VXTV1qvzejU7Zls4UnKKhesPzTMfSQunNpIh/vOyateN5uzw7W1WzNDOQmK1YjqNmqapFq6oSEalU1bxnFkpqGIYOJAT7iS2NjZkZv4wfuHm6DRPCb7uy68avVDJmj4j07To3t9SpWQEAgMNje/7Xnfnf1xVsa3u+e57X3H+w/L8a3SP/B/m+kf9tq57/Havi/lr+d8vq1vJ/hPx/ALmt/I8jq5b/E8HPr+/JneUhvyD/AwAAAAAAAAAAAAAAAAAAAADwN9jwvKTnecnGtvERC/4lvPF12PNEe3D9j7dxDQrVuIj9dC43lxOxe+s7N6+7JUOSlG/+/RCo16NXsyND6kvJK3sh6F+Yy/X4jZm8FMQWS4YlKanW/cP1ft3e3yuJ5v60JOWf1v3plv1ROXe2qd+QpLydlrLYMuPf11v988Oql69nd/T3+ecBAAAAAHAUGLqp5fO7Yex1vN6fyYv4z9f7/31gx/N1RE5Ewl07AAAAAADHhVN9VDRt26p0sIiLSPvHqq2us+tqUcxfCHP0sItk057GS6Q7Po1I86CxYBZtGuu/5y++/LlveGnl5NfwrmB4v5MAAAAAtMdW6N/7HO9jJ2cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx04nXiYW9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCw+BkAAP//0b8mQA==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='contention_end\x00'}, 0x10)
mount$nfs(&(0x7f0000000100)='...', 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)

3.127983376s ago: executing program 2 (id=1000):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x6, 0x800000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000000)={r2}, &(0x7f0000000100)=0x8)

2.594305773s ago: executing program 0 (id=1001):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000100)={r1, 0xff81, 0x1, [0xa]}, 0xa)

2.159935251s ago: executing program 2 (id=1008):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x6d33, 0x1000, 0x0, 0x4000000})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)

2.132214386s ago: executing program 5 (id=1010):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}, @IFLA_XFRM_LINK={0x8, 0x1, 0x3}]}}}]}, 0x44}}, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x5, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000500), 0x0}, 0x20)

1.970623595s ago: executing program 5 (id=1011):
socket(0x40000000015, 0x5, 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000400)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

1.910704018s ago: executing program 0 (id=1012):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000300)='rxrpc_client\x00', r0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000140)='rxrpc_client\x00', r0, 0x0, 0x5}, 0x18)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)

1.753020585s ago: executing program 2 (id=1023):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r2=>0x0]}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={r2, 0x2, 0x1, 0x5}, &(0x7f0000000040)=0x10)

1.721015778s ago: executing program 0 (id=1014):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x4004743b, &(0x7f0000001200))

1.630962392s ago: executing program 6 (id=1015):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
r1 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r1, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f00000003c0)='`', 0x1}], 0x1}, 0x41)

1.563151066s ago: executing program 3 (id=1016):
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='c 1:23'], 0xa)

1.502176783s ago: executing program 5 (id=1017):
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000340)={[{@discard}, {@errors_remount}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@time_offset={'time_offset', 0x3d, 0x5}}, {@namecase}, {@discard}, {@allow_utime={'allow_utime', 0x3d, 0x4}}, {@errors_remount}, {@utf8}, {@allow_utime={'allow_utime', 0x3d, 0x6}}]}, 0x1, 0x153b, &(0x7f0000001f80)="$eJzs3AucTlXXAPC19t5nDImnSS7D3nsdnuSyTZLkkiSXJEmSJLeEpEleSUgMIUlDEpLLkMQQksvEpHG/3y8JSdIkSUhuyf5+E37qrb73/b73/fL+vln/3+/87DXnrH3WedZznuecg/m269BaTWpXb0RE8C/BC38kAUAsAAwEgLwAEABA+bjycYAB5JSY9K/thP17PZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/x1z/+Bn///x+Hv//9HMsuM/XJNmeu6AcT8sync/+yN+///VvDPbMT9z964/9lV7JUugP0H4PM/O8jxp2u4/9kb95+x7OxKP3++0gtE/sNegyM5LzTmrzp+xhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsL3DaX6YA4NL4StfFGGOMMcYYY4yxfx+f40pXwBhjjDHGGGOMsf97CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgPGsD90BAegEbwIDSGh6AJPAxN4RFoBs2hBbSEVv+r/OehJ7wAvaA3JEEf6AsvQj/oDwPgJRgIL8MgeAUGw6uQDENgKLwGw+B1GA5vwAgYCaPgTRgNb8EYGAvjYDykwASYCG/DJHgHJsO7MAWmQipMg+nwHsyAmTAL3ofZ8AHMgbkwD+ZDGnwIC2AhpMNHsAg+hgxYDEtgKSyD5bACVsIqWA1rYC2sg/WwATbCJtgMW2ArbIPtsAM+gZ3wKeyC3bAHPoO98Pmv8gGSfunnf5d/6u/yuyEgoECBChXGYAzGYizmwlyYG3NjHsyDEYxgHMZhPsyH+TE/FsSCGI/xWASLoEGDhIRFsShGMYrFsTiWwBJYCkuhQ4cJmIBl8SYsh+WwPJbHClgBK2IlrIRVsApWxapYDathdayONbAG1sJaeBfehX2wLtbFelgP62P9S4+nsBE2wsbYGJtgE2yKTbEZNsMW2AJbYStsja2xDbbBdtgO22N77IAdMBETsSN2xE7YCTtjZ+yCXbArdsVu2B27Zz6fA/AFfAF7Yw3RB/tiX+yHyTkG4Ev4Er6Mg/AVfAVfxWQcgkPxNXwNX8fheBJH4EgchaOwqngLx+BYJDEeUzAFJ+JEnISTMKvQd3EqpuI0nI7TcQbOxJn4Ps7GD/ADnItzcT6mYRouwIWYjum4CE9hBi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+gAsBPcTfuxmTci3txH+7D/bgfD+ABzMRMPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hs/NeNPym5OhlEFiWUiBExIlbEilwil8gtcos8Io+IiIiIE3Ein8gn8ov8oqAoKOJFvCgiiggjjCARxgCAiIqoKC6KixKihCglSgknnEgQCaKsKCvKiXKivLhFVBC3ioqikmjrqogqoqpo56qJO0R1UV3UEDVFLVFb1BZ1RB1RV9QV9UQ9UV/UFw3E/aKh6IMD8EGR1ZkmYgg2FUOxmWgu5MVPsNZiOLYRbUU78bgYiSOwg2jtEsVToqMYg53E38RYfEZ0EeOxq3hOdBPdRQ/xvOgp2rheoreYjH1EXzEV+4n+YoB4SczAmuJ9nJ2zlnhVJIshYqh4TczH18Vw8YYYIUaKUeJNMVq8JcaIsWKcGC9SxAQxUbwtJol3xGTxrpgipopUMU1MF++JGWKmmCXeF7PFB2KOmCvmifkiTXwoFoiFIl18JBaJj0WGWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLnaIT8RO8anYJXaLPeIzsVd8LvaJL8R+8aU4IL4SmeJrcVB8Iw6Jb8Vh8Z04Ir4XR8UxcVz8IE6IH8VJcUqcFmfEWfGTOCd+FueFFyBRCimlkoGMkTlkrMwpc8mrZG4ZXHx1r5Fx8lqZT14n88sCsqAsJONlYVlEammklSRDWVQWk1F5vSwub5AlZElZSpaWTpaRCfJGWVbeJMvJm2V5eYusIG+VFWUlWVlWkbfJqvJ2CZEL+6gha8pasra8SybB3bKuvEfWk/fK+vI+2UDeLxvKB2Qj+aBsLB+STeTDsql8RDaTzWUL2VK2ko/K1vIx2Ua2le3k47K9fEJ2kE/KRPmU7Cj9xbfIM7KLfFZ2lc/JbrK77CF/luell71kbwl9QPaVL8p+sr8cEAsA8mU5SL4iB8tXZbIcIofK1+Qw+bocLt+QI+RIOUq+KUfLt+QYOVaOk+NlipwgJ8q35ST5jpws35VT5FSZKqfJAXLgLzPNkvIf5r/9B/mDf9n7RrlJbpZb5Fa5TW6XO+QncqfcKXfJXXKP3CP3yr1yn9wn98v98oA8IDNlpjwoD8pD8pA8LA/LI/KIPCqPyTPyB3lC/ihPylPylDwjz8qz8tzF1wAUKqGkUipQMSqHilU5VS51lcqtrlZ5VF4VUdeoOHWtyqeuU/lVAVVQFVLxqrAqorQyyipSoSqqiqmouh4vvmFUKVVaOVVGJagb/yf5qri6QZVQJX+Tf6m+pD+pr5VqpVqr1qqNaqPaqXaqvWqvOqgOKlElqo6qo+qkOqnOqrPqorqorqqr6qa6qR6qh+qpeqpeqpdKUkmqr3pR9VP91QD1khqoXlaD1CA1WA1WySpZDVVD1TA1TA1Xw9UINUKNUqPUaDVajVFj1Dg1TqWoFDVRTVST1CQ1WU1WU9QUlapS1XQ1Xc1QM9QsNUvNVrPVHDVHzVPzVJpKUwvUApWu0tUitUhlqMVqsVqqlqrlarlaqVaq1Wq1WqvWqvVqvcpQm9QmtUVtUdvUNrVD7VA71U61S+1Se9QetVftVfvUPrVf7VcH1AGVqTLVQXVQHVKH1GF1WB1RR9RRdVQdV8fVCXVCnVQn1Wl1Wp1VZ9U5dU6dV+ezLvsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBdcF+QPCgQFg0JBfFA4KBLowAQ2EBebHg2uD4oHNwQlgpJBqaB04IIyQUJwY1A2uCkoF9wclA9uCSoEtwYVg0pB5aBKcFtQNbg9qBbcEVQP7gxqBDWDWkHt4K6gTnB3UDe4J6gX3BvUD+4LGgT3Bw2DB4JGwYNB4+ChoEnwcNA0eCRoFjQPWgQtg1b/4vxZp/zl+b0/WeAx10v31km6j+6rX9T9dH89QL+kB+qX9SD9ih6sX9XJeogeql/Tw/Trerh+Q4/QI/Uo/aYerd/SY/RYPU6P1yl6gp6o39aT9Dt6sn5XT9FTdaqepqfr9/QMPVPP0u/r2foDPUfP1fP0fJ2mP9QL9EKdrj/Si/THOkMv1kv0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/Qneqf+VO/Su/Ue/Zneqz/X+/QXer/+Uh/QX+lM/bU+qL/Rh/S3+rD+Th/R3+uj+pg+rn/QJ/SP+qQ+pU/rM/qs/kmf0z/r89pnXdxnfb0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSafyWfym/ymoClo4k28KWKKmCxkyBQ1RU3URE1xU9yUMCVMKVPKOONMgkkwZU1ZU86UM+VNeVPBVDAVTUVT2VQ2t5nbzO3mdnOHucPcae40NU1NU9vUNnVMHVPX1DX1TD1T39Q3DUwD09A0NI1MI9PYNDZNTBPT1DQ1zUwz08K0MK1MK9PatDZtTBvTzrQz7U1708F0MIkm0XQ0HU0n08l0Np1NF9PFdDVdTTfTzfQwPUxP09P0Mr1MkkkyfU1f08/0MwPMADPQDDSDzCAz2Aw2ySbZDDVDzTAzzAw3w80IM9KMyrpQNW+ZMWasGWfGmxSTYiaaiWaSmWQmm8lmipliUk2qmW6mmxlmhpllZpnZZraZY+aYeWaeSTNpZoFZYNJNullkFpkMk2GWmCVmmVlmVpgVZpVZZdaYNWYdrDMbzAazyWwyW8wWs81sMzvMDrPT7DS7zC6zx+wxe81es8/sM/vNfnPAHDCZJtMcNAfNIXPIHDaHzRFzxBw1R81xc9ycMCfMSXPSnDanzVlT4OL3pTexNqfNZa+yue3VNo/Na/8+LmgL2Xhb2Bax2ua3BX4TG2ttCVvSlrKlrbNlbIK98XdxRVvJVrZV7G22qr3dVvtdXMfebevae2w9e6+tbe/6TVzf3mcb2IdtQ0QA29w2ti1tE/uwbWofsc1sc9vCtrTt7RO2g33SJtqnbEf79O/iBXahXWVX2zV2rd1ld9vT9ow9ZL+1Z+1PtpftbQfal+0g+4odbF+1yXbI7+JR9k072r5lx9ixdpwd/7t4ip1qU+00O92+Z2fYmb+L0+yHdrZNt3PsXDvPzv8lzqop3X5kF9mPbYYNYIldapfZ5XaFXXmpVp/Xrrcb7Ea7035qt9itdpvdbndcuhC2u+0e+5ndaz+3B+03dr/90h6wh22m/fqXOOv4Dtvv7BH7vT1qj9nj9gd7wv6oLmVnHfsP9md73noLhAQkSVFAMZSDYikn5aKrKDddTXkoL0XoGoqjaykfXUf5qQAVpEIUT4WpCGkyZIkopKJUjKJ0PV0qrxSVJkdlKIFupLJ0E5Wjm6k83UIV6FaqSJWoMlWh26gq3U7V6A6qTndSDapJtag23UV16G6qS/dQPbqX6tN91IDup4b0ADWiB6kxPURN6GFqSo9QM2pOLagltaJHqTU9Rm2oLbWjx6k9PUEd6ElKpKeoIz1Nnehv1JmeoS70LHWl56gbdace9Dz1pBeoF/WmJOpDfelF6kf9aQC9RAPpZRpEr9BgepWSaQgNpddoGL1Ow+kNGkEjaRS9SaPpLRpDY2kcjacUmkAT6W2aRO/QZHqXptBUSqVpNJ3eoxk0k2bR+zSbPqA5NJfm0XxKow9pAS2kdPqIFtHHlEGLaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtAntJM+pV20m/bQZ7SXPqd99AXtpy/pAH1FmfQ1HaRv6BB9S4fpO9+bvqejdIyO0w90gn6kk3SKTtMZOks/0Tn6mc6TJwgxFKEMVRiEMWGOMDbMGeYKrwpzh1eHecK8YSS8JowLrw3zhdeF+cMCYcGwUBgfFg6LhDo0oQ0pDMOiYbEwGl4fFg9vCEuEJcNSYenQhWXChPDGsGx4U1guvDksH94SVghvDSuGlcKH760S3hZWDW8Pq4V3hNXDO8MaYc2wVlg7vCusE94d1g3vCeuF94blwvvCBuH9YcPwgbBR+GDYOHwobBI+HDYNHwmbhc3DFmHLsFX4aNg6fCxsE7YN24WPh+3DJ8IO4ZNhYvhU2DF8+pf19y388/VJYZ+wb/hi+GLo/T1yXnR+NC36YXRBdGE0PfpRdFH042hGdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH10Q3Rj1PvaOcChE0465QIX43K4WJfT5XJXudzuapfH5XURd42Lc9e6fO46l98VcAVdIRfvCrsiTjvjrCMXuqKumIu6611xd4Mr4Uq6Uq60c66MS3AtXSvXyrV2j7k2rq1r5x53j7sn3BPuSfeke8p1dE+7Tu5vrrN7xnVxz7pn3XOum+vuerjnXU83Ic+FczLJ9XV9XT/Xzw1wA9xAN9ANcoPcYDfYJbtkN9QNdcPcMDfcDXcj3Ag3yo1yo91oN8aNcePcOJfiUtxEN9FNcpPcZDfZTXFTXKpLddPddDfDzXBVZ17Yyxw3x81z81yaS3MLXNY1Y7pb5Ba5DJfhlrglbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdvm8FyZ1e90+t8/td/vdAfeVy3Rfu4PuG3fIfesOu+/cEfe9O+qOuePuB3fC/ehOulPutDvjzrqf3Dn3szvvvEuJTIhMjLwdmRR5JzI58m5kSmRqJDUyLTI98l5kRmRmZFbk/cjsyAeROZG5kXmR+ZG0yIeRBZGFkfTIR5FFkY8jGZHFkSWRpZFlkeUR7wtvCX1RX8xH/fW+uL/Bl/AlfSlf2jtfxif4G31Zf5Mv52/25f0tvoK/1Vf0lXxl/4hv5pv7Fr6lb+Uf9a39Y76Nb+vb+cd9e/+E7+Cf9In+Kd/RP+07+b/5zv4Z38U/67v653w339338M/7nv4F38v39km+j+/rX/T9fH8/wL/kB/qX/SD/ih/sX/XJfogf6l/zw/zrfrh/w4/wI/2omDf96Eu3yDDep/gJfqJ/20/y7/jJ/l0/xU/1qX6an+7f8zP8TD/Lv+9n+w/8HD/Xz/PzfZr/0C/wC326/8gv8h/7DL/40kNlv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/Df+J3+k/9Lr/b7/Gf+b3+c7/Pf+H3+y/9Af+Vz/Rf+4P+G3/If+sP++/8Ef+9P+qP+eP+B3/C/+hP+lP+tD/jz/qf/Dn/sz/P/2eNMcYYY+yfMuHyUPx2zYXH+X3+IEf8auO+AHD11kKZv16fdUW5Lv+FcX8R3z4CAE/17vrgpaVGjaSkpIvbZkgIis0FuPQ3QVli4HK8GNrBE5AIbaHsH9bfX3Q/S/9g/ugtALl+lRMLl+PL838BgEl/MP+jj49aUCE8HfffzD8XoESxyzk54XK8GNr98nylLZT7k/oLtP6T+vHi/Dm/TAFo86uc3HA5vlx/AjwGT0Pib7ZkjDHGGGOMMcYu6C8qd750/3npX3z+0f15vLqckwMux//o/pwxxhhjjDHGGGNX3jPdezz5aGJi287/80G1/1XWPz1oCv9XM/PgDwfeA1z6iQKAf3FCgKyB/CuPYvNfsq/ki6fO369adsYH8J/Ryn/H4Ap/MDHGGGOMMcb+7S5f9P/25+pKFcQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVDf8WvE7vSx8gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdaf8VAAD//3aq+3A=")
r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18, 0xffffffffffffffda, 0x0, {0x7}}, 0x18)
sendfile(r0, r1, 0x0, 0x1000000201005)

1.4824625s ago: executing program 3 (id=1018):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000400)={'#! ', './file1/../file0', [], 0xa, "b5a4be350e761cb133a663b4ab379afe4b31"}, 0x26)
write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf0e3a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b1794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746063d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c5169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9de9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc549000000000000000015a34abef947b5b9a950e780662de18873e55899c92db3ad00437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb00800000000000000ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c040000002b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e400", 0x1000}}, 0x1006)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3e06e00d96072081000000000000002000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a03c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x200000000]}})

1.444779262s ago: executing program 6 (id=1019):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='svc_unregister\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='svc_unregister\x00', r1, 0x0, 0x6}, 0x18)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

1.370367015s ago: executing program 0 (id=1020):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES8], 0x1, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
sync()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

1.106499219s ago: executing program 3 (id=1021):
r0 = io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0x800000, 0x0, 0x0, 0x1})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00"], 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003740)=""/4096, 0x1900}], 0x0, 0x11a}, 0x20)

962.561265ms ago: executing program 6 (id=1022):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'none\x00', 0x2, 0x88, 0xc000067}, 0x2c)

901.064774ms ago: executing program 5 (id=1024):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
close(r0)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)

770.536191ms ago: executing program 2 (id=1025):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x1d4}, 0x8840)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0xb4}}, 0x0)

596.924843ms ago: executing program 6 (id=1026):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000300)={0x0, 0x0, 0x0, r2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0xfffffffffffffffc, 0x0, 0x0, r2})

500.975398ms ago: executing program 2 (id=1027):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000004c0)='./file1\x00', 0x2004004, &(0x7f0000000500)=ANY=[@ANYRES64=0x0], 0x1, 0x5eb2, &(0x7f000000a280)="$eJzs3U9vHGcdB/Df/vH6T2kbVagKEQc3hdJSmv8JlH9NOXCAA0ioZxK5bhVIASUB0SoirnJAXICXAJdeOPQt8AL6GhAvgEg2px4og8Z+nmQ8XmcdEu/s+vl8JGfmN8+O95l8PZ5dz8w+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADED77/k7O9iLjym7TgWMTnYhDRj1iu69WoZy7nxw8j4nhsN8fzETFYjKjX3/7n2YgLEfHJMxGbW7fX6sXnDtiPi2du3fjsh9/7x+//dPf4z97+6Uft9h9//vzHf7gTcexHr3/82Z0ns+0AAABQiqqqql56m38ivb/vd90pAGAq8vG/SvJytVqtVj/R+o/92eqPutC6qRrvTrOIiI3mOvVrBqfjAWDObMSnXXeBDsm/aMOIeKrrTgAzrdd1BzgUm1u313op317zeLC6057/Trkr/43e/fs79ptO0r7GZFo/X3djEM/t05/lKfVhluT8++38r+y0j9LjDjv/adkv/9HOrU/FyfkP2vm37Mr/zxExt/n3x+Zfqpz/8FHy3xjM8f4vfwAAAAAAjr789/9jHZ//XXz8TTmQh53/XZ1SHwAAAAAAAADgSXvc8f/uM/4fAAAAzKz6vXrtL888WLbfZ7HVy9/qRTzdejxQmNXGhwMCAAAAAAAAAAAAANMxjFhJ1/UvRMTTKytVVdVfTe36UT3u+vOu9O2HknX9Sx4AAHZ88kzrXv5exFJEvJU+629hZWWlqpaWV6qVankxv54dLS5Vy433tXlaL1scHeAF8XBU1d9sqbFe06T3y5Pa29+vfq5RNThAx6ajw8ABICJ2jkabjkhHTFU9G12/ymE+2P+PHvs/B9H1zykAAABw+Kqqqnrp47xPpHP+/a47BQBMRT7+t88LqNVqtVqtPnp1UzXenWYRERvNderXDIbjB4A5sxGfdt0FOiT/og0j4njXnQBmWq/rDnAoNrdur/VSvr3m8WB1pz1fC7Ir/43e9np5/XHTSdrXmEzr5+tuDOK5ffrz/JT6MEty/v12/ld22vMQ/4ed/7Tsl3+9ncc66E/Xcv6Ddv4tRyf//tj8S5XzHz5S/gP5AwAAAADADMt//z/m/G/eZAAAAAAAAACYO5tbt9fyfa/5/P8Xxzyu15xz/+eRkfPvHTh/9/8eJTn/fjv/1gU5g8b8vTcf5P/vrdtrH9361xfydObzXxiM6ude6PUHw3TNT7XwTlyL67EeZ/Y8frir/eye9oVd7ecmtJ/f0z6q25dz+6lYi1/G9Xj7fvvihAujlia0VxPac/4D+3+Rcv7Dxled/0pq77WmtXsf9vfs983puOe5/Lf/vLR375q+uzG4v21N9fad7KA/2/8nT43i1zfXb5z67dVbt26cjTTZtfRcpMkTlvNfSF85/5df3GnPv/eb++u9D0ePnP+suBvDffN/sTFfb+8rU+5bF3L+o/SV889HoPH7/zznv//+/2oH/QEAAAAAAAAAAAAAAICHqapq+xbRyxFxKd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49e3VSN90aziIi/N9epXzP8btw3AwBm2X8j4p9dd4LOyL9g+fP+6umXuu4MMFU33//g51evX1+/cbPrngAAAAAAAAAA/688/udqY/zn7euAWuNG7xr/9c1YndvxP/ujwfZY52mDXoiHj/99Mh4+/vdwwvMtTGgfTWhfnNC+NKF97I0eDTn/F1LGOf8TacNKGv/15Q7607Wc/8k01nPO/yutxzXzr/46z/n3d+V/+tZ7vzp98/0PXrv23tV3199d/8XZM5cunL944fzFi6ffuXZ9/czOvx32+HDl/PPY164DLUvOP2cu/7Lk/L+cavmXJef/UqrlX5acf369J/+y5Pzzex/5lyXn/0qq5V+WnP9XUy3/suT8X021/MuS8/9aquVflpz/a6mWf1ly/qdSLf+y5PxPp1r+Zcn55zNc8i9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvO/kGr5lyXnfzHV8i9Lzv9SquVflpz/11Mt/7Lk/L+RavmXJef/eqrlX5ac/zdTLf+y5Py/lWr5lyXn/+1Uy78sOf/vpFr+Zcn5fzfV8i9Lzv+NVMu/LA8+/9+MGTNm8kzXv5kAAAAAAAAAAAAAgLZpXE7c9TYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvXuLkbO87wf+7sleGxL8D4QQ4gTbHGJgYXd9AocYTBLyp6QHSkLatKTGsdfGiU/1rjkJ1ZtCW6IgFam9oBdNkyiNIrUVqIrUVKIRUiO1d81VI26iVsqFL6ByUNIqVWCrd+Z5Hs/Mzs6s1x575n0+H2T/vDPvzDzzzjuz+130nQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAabfz4zJ8MFUVR/qn9ta4oLi//vabYXX45v+NSrxAAAAA4X2/X/v7bK9IJu5dxoYZt/uVD//bdhYWFheILb51+588WFtIZG4piZHVR1M6L/vUXP19o3CZ4thgfGm74erjLzY90OX+0y/ljXc5f1eX81V3OH+9y/qIdsMia+u9jald2Q+2f6+q7tLiqGKudd0ObSz07tHp4OP4up2aodpmFsQPFoeJwMVNMLbrMUO2/onh1Y3lb9xfxtoYbbmt9URRnfvrMvriGobCPbyiabqym8bF7895iw1s/fWbft+feeH+72XU3LFppUWzeVK7zuaI4++uqYqhYnfZJXOdwwzrXt1nnSNM6h2qXK//dus4zy1xnvN/jYZ0/7LDO9eG0J68vimK+WHKbVs8Ww8XalltN+3u8fkSU11E+lO8pRs/pONm4jOOkvMxPrm8+TlqPybj/N4Z9MrrEGhofjje/vGrRfl/pcVLe6344VsvrfrC80fHxxl+tNh2r5TbP3Lj0MdD2sWtzDKRjueEY2NTtGBheNVI7BobPrnlT0zEwvegyw8VQ7bZO39j5GJicO3J8cvapp287dGTvwZmDM0enp3Zs27p929bt2ycPHDo8M1X/+9x26QBZWwynY3BTeK2Jx+CHW7ZtPCQXvnHhngfjffI8KO/7Z24qF3T5cLHEMV5u89zm838epO/7Dc+D0YbnQdvX1DbPg9FlPA/Kbc5sXt73zNGGP+3W0KvXwnUNx8Cl/H5Y3uYjNy/9Wrg+rOv5W871++HIomMg3q2h8NwrT0k/743fGfbL4uPi2vKMy1YVJ2dnTtz+5N65uRPTRRgXxZUNj1Xr8bK24T4Vi46X4XM+Xnb/zS9vurbN6evCvhq/tfNjVW6zbaLzY1V7dW+/P5tO3VKEcYFd7P3Z7rtZuT9TluiwP8ttnrvt/H8WTLmk4fVvrNvr38jYaP31byTtjbGm17/FD81IbWVFcea25b3+jYU/F/v176o+ef0r99Ujt3c+Bsptnp8812NgtOPr3/VhDoX13BwSw3hD7n+ndv58/TBteCy7Hjejo2PhuBmNt9h83GxddJny2srb3jy1suNm8/XNj1XTzy0VPG7KffXnU52Pm3Kb16bP/7VjTfxnw2vHqm7HwNjIqnK9Y+kgqL/eLayJx8Dtxb7iWHG42J8uUz7K5W1NbFneMbAq/LnYrx3X9MkxUO6rl7Z0PgbKbX6w9cL+7LQ5nJK2afjZqfX3C0tl/mtHz15f62670Jm/XOcntnX+3VC5zRvbzjVndN5Pt4ZTLmuzn1qfP0sd0/uLi7OfrgnrPLy98++mym2u2rHM42l3URSvT79e+31X+P3u35/89+82/d633e+UX59+/YHJh350LusHAGDl3qn9Pb+q/rNmw/+xXs7//wcAAAAGQsz9w2Em8j8AAABURsz9I2Em8j8AAABURsz9o2EmmeT/x+7c+fLbp4r0boALQTw/7oYH765vFzve8+HrDQtnlad/7FtjL3/l1PJue7goil8+8IG22z92d1xX3fG4zo80n77INdct6/Yfffjsdo3vn3BmZ/364/1Z7mEQu8qvTm6pXe+Gp6Zr87UHitp8aP75Z+vXX/86bn96a337vwxvWrL7wFDT5TeH9dwQ5obwnjIP7j67H8oZL/fy+g/985WfPXt78XJDm95du5sv/UH9euN7RL14ZX37eL+XWv8/ffU7L5fbP3lj+/WfGm6//tPhen8S5i921bdv3OdfaVj/H4X1x9uLl7v9m99vu/5X3lff/pVwXHw9zNb13/unH3y73eMVb2f3XfXLxduf+u9ttcvF64vX37r+8VPTTfuj9fpfe6t+Pbse/9lI4/bx9Hg70aN3NR/fQ+HxbeqRF0XxnT8umvZz8dH65f6xZf3x+o7f1X79t7as8/jQdbXLn70/65ru19f+ekvb+xvXs/vv1jXdnxfvC/vvrckflNd7+qFwPIbz//eH9etrfS/TV+5rfr2J2399Xf15G69vsmX9L7asf/66ct91X//9b9XX/8o9q5vWv/uT4Xi6vz67rf/gX13RdPlvfLv+eJx4YuLosdmTh/Y37NXG5/Hq8TVrL7v8Xe++IryWtn6959jcYzMnNkxtmCqKDQP4loG9Xv83w/yv+pi/8LdQ96Of1Y+7Fz5V/7714Z/Xv34xnP5oeDzj98ev/cVY0/Ha+rjP31Of57v+W8I6lut9X/3P65a14enPv3ryH/7wjdafC+L9Of7e8dr9e2nj1bXzhl6rn9/6etXNf7y3+Xn949Gp2vxe2K8L4Z2ZN11dv73W64/vTfLCp+vP3/iTXLx80fJ+IutGmu/H+a7/x+HnmO9f0/z6F4+P751qeTfndcVQuYT58PpQzNfPj1vF/f3Cmavb3l58H55i/v3nsswlzT41O3n40NGTT07OzczOTc4+9fSeI8dOHp3bU3vv0j1f7Hb5s8/vtbXn9/6ZHduK2rP9WH302KVe//GH9+2/Y+qm/TMH9p48MPfw8ZkTB/fNzu6b2T97094DB2ae6Hb5Q/t3TW/ZufWOLRMHD+3fdefOnVt3Thw6eqxcRn1RXeyY+tLE0RN7aheZ3bVt5/T27dumJo4c2z+z646pqYmT3S5f+940UV768YkTM4f3zh06MjMxe+jpmV3TO3fs2NL13R+PHD8wu2HyxMmjkydnZ05M1u/LhrnayeX3vm6XJw+zx8LrXYuh8NP5527dkd4ft/StLy95VfVNmn88Ld4M7wUVv791+zrm/rEwk0zyPwAAAOQg5v7wxv9nz5D/AQAAoDJi7l8dZiL/AwAAQGXE3D8eZpJJ/tf/1//X/9f/1//X/+8l/X/9/070//X/B3n9+v/6/3TXb/3/mPvXFEWW+R8AAAByEHP/2jAT+R8AAAAqI+b+y8JM5H8AAACojJj7Lw8zySP/j529x/r/hf6//v+i/n/cVv+/0P/X/18h/X/9/070//X/B3n9fdj/X6P/T7/pt/5/zP3vCjPJI/8DAABAFmLuf3eYifwPAAAAlRFz/xVhJvI/AAAAVEbM/evCTDLJ/z7/X/9f/9/n/+v/6//3kv6//n8n+v/6/4O8/j7s//v8f/pOv/X/Y+7/f2EmmeR/AAAAyEHM/e8JM5H/AQAAoDJi7r8yzET+BwAAgMqIuf+qMJNM8r/+v/6//r/+v/6//n8v6f/r/3ei/6//P8jrv9D9/3is6v9TJf3W/4+5/71hJpnkfwAAAMhBzP1Xh5nI/wAAAFAZMfe/L8xE/gcAAIDKiLn/mjCTTPK//r/+v/6//r/+v/5/L+n/6/93ov+v/z/I6/f5//r/dNdv/f+Y+98fZpJJ/gcAAIAcxNx/bZiJ/A8AAACVEXP/B8JM5H8AAACojJj714eZZJL/9f/1//X/9f/1//X/e2mw+v/DS56j/1+n/99M/1//X/9f/5/O+q3/H3P/B8NMMsn/AAAAkIOY+z8UZiL/AwAAQGXE3H9dmIn8DwAAAJURc/+GMJNM8r/+v/6//r/+v/6//n8vDVb/f2n6/3X6/830//X/9f/1/+ms3/r/MfdvDDPJJP8DAABADmLu3xRmIv8DAABAZcTcf32YifwPAAAAlRFz/w1hJpnkf/1//X/9f/1//X/9/17S/69i//9/FvT/6/T/9f/1/7v3/1d1uyIqrd/6/zH33xhmkkn+BwAAgBzE3H9TmIn8DwAAAJURc/+Hw0zkfwAAAKiMmPs3h5lkkv/1//X/9f/1//X/9f97Sf+/iv1/n/8f6f/r/+v/+/x/Ouu3/n/M/TeHmWSS/wEAACAHMfffEmYi/wMAAEBlxNx/a5iJ/A8AAACVEXP/RJhJJvlf/1//X/9f/1//X/+/l6ra/0+vo/r/+v/6//r/+v/6/yyp3/r/MfffFmaSSf4HAACAHMTcf3uYifwPAAAAlRFz/2SYifwPAAAAlRFz/1SYSWv+H7+Yq7p49P/1//X/9f/1//X/e6mq/f9L/fn/a8LU/6/T/1+ZS92fH/T16//r/9Ndv/X/Y+6fDjPx//8BAACgMmLu3xJmIv8DAABAZcTcvzXMRP4HAACAyoi5f1uYSSb5X/9f/1//X/9f/1//v5f0/33+fyf6//r/g7x+/X/9f5oNtzmt3/r/MfdvDzPJJP8DAABADmLu3xFmIv8DAABAZcTcf0eYifwPAAAAlRFz/51hJpnkf/1//X/9f/1//X/9/17S/9f/70T/X/9/kNev/6//T3f91v+PuX9nmEkm+R8AAAByEHP/R8JM5H8AAACojJj77wozkf8BAABgoLT7HMIo5v6Phplkkv/1/6ve/19Yrf+v/6//33n9fdP/Dy/B+v/nRv9f/7/Q/1+xS92fH/T16//r/9Ndv/X/Y+7fFWaSSf4HAACAHMTcf3eYifwPAAAAlRFz/z1hJvI/AAAAVEbM/bvDTDLJ//r/Ve//+/x//f8B7f+PZ9j/9/n/K6L/r/9f6P+v2Er78+HHFv3/Pur/l8eQ/j/9qN/6/zH33xtmkkn+BwAAgBzE3P+xMBP5HwAAACoj5v6Ph5nI/wAAAFAZMfd/Iswkk/yv/6//r/+v/9+X/f8cP/9f/39F9P/1/wv9/xW71P35QV9/P/X/ff4//arf+v8x998XZpJJ/gcAAIAcxNz/yTAT+R8AAAAqI+b+/x9mIv8DAABAZcTcf3+YSSb5X/9f/1//X/8/4/7/mkL/v+f0/7v0/0+d3/r1/+v0/1fmUvfnB339+v/6/3TXb/3/mPt/Jcwkk/wPAAAAOYi5/4EwE/kfAAAAKiPm/k+Fmcj/AAAAUBkx9/9qmEkm+V///+L0/4fT9ev/6//n2v+/rB/7/zX6/72l/+/z/zvR/9f/H+T16//r/9Ndv/X/Y+7/tTCTTPI/AAAA5CDm/l8PM5H/AQAAoDJi7v+NMBP5HwAAACoj5v4Hw0wyyf/6/z7/X/9f/z/jz/+v0f/vLf1//f9O9P/1/wd5/fr/+v9012/9/5j7fzPMJJP8DwAAADmIuf+hMBP5HwAAACoj5v5Ph5nI/wAAAFAZMfd/Jswkk/yv/6//r/+v/6//r//fS/r/+v+d6P/r/w/y+vX/9f/prt/6/zH3Pxxmkkn+BwAAgBzE3P/ZMBP5HwAAACoj5v7fCjOR/wEAAKAyYu7/7TCTTPK//r/+v/6//r/+v/5/L+n/L+7/l69hl7L/v2o5G+r/L4v+v/6//r/+P531W/8/5v7PhZlkkv8BAAAgBzH3/06YifwPAAAAlRFz/++Gmcj/AAAAUBkx9z8SZpJJ/tf/1//X/z/3/n94uPT/W9aj/6//347+v8//70T/X/9/kNev/6//T3f91v+Puf/zYSaZ5H8AAADIQcz9vxdmIv8DAABAZcTcvyfMRP4HAACAyoi5/9Ewk0zyv/6//r/+v8//1//X/+8l/X/9/070//X/B3n9+v/6/3TXb/3/mPv3hplkkv8BAAAgBzH3fyHMRP4HAACAyoi5f1+YifwPAAAAlRFz//4wk0zyv/6//r/+v/6//r/+fy/p/+v/d6L/r/8/yOvX/9f/p7t+6//H3D8TZpJJ/gcAAIAcxNx/IMxE/gcAAIDKiLn/YJiJ/A8AAACVEXP/Y2EmmeR//X/9f/1//X/9f/3/XtL/1//vRP9f/3+Q16//r/9Pd/3W/4+5/1CYSSb5HwAAAHIQc/8Xw0zkfwAAAKiMmPu/FGYi/wMAAEBlxNx/OMwkk/yv/6//r/+v/6//r//fS/r/+v+d6P/r/w/y+vX/9f/prt/6/zH3HwkzyST/AwAAQA5i7j8aZiL/AwAAQGXE3H8szET+BwAAgMqIuf94mEkm+V//X/9f/1//X/9f/7+X9P/1/zvR/9f/H+T16//r/9Ndv/X/Y+7//TCTTPI/AAAA5CDm/hNhJvI/AAAAVEbM/bNhJvI/AAAAVEbM/XNhJpnkf/1//X/9f/1//X/9/17S/9f/70T/X/9/kNev/6//T3f91v+Puf9kmEkm+R8AAAByEHP/42Em8j8AAABURsz9T4SZyP8AAPB/7N13jl9nFcfhX2gJQoi1sAKWwBrYBT10CL333nvvvffee+8QCL0EKUiec04ie3zvzNjX8973PM8fHCGM/SqjKPoq+ugCTCN3//3jlib7X/+v/9f/D9P/H3V++n/9v/7/VPT/+v/DxP3/DRf9efr/sd6v/9f/s260/j93/wPilib7HwAAADrI3f/AuMX+BwAAgGnk7n9Q3GL/AwAAwDRy9z84bmmy//X/+n/9/zD9v+//589V/6//PwX9v/7/MHH/fzH9/1jv33H/f/eD/p9rZLT+P3f/Q+KWJvsfAAAAOsjd/9C4xf4HAACAaeTuvzFusf8BAABgGrn7Hxa3NNn/+n/9v/5f/6//1/9vSf+v/1+i/9f/7/n9O+7/L9D/cy2M1v/n7n943NJk/wMAAEAHufsfEbfY/wAAADCN3P2PjFvsfwAAAJhG7v5HxS1N9r/+X/+v/9f/6//1/1vS/+v/l+j/9f97fr/+X//PutH6/9z9j45bmux/AAAA6CB3/2PiFvsfAAAAppG7/7Fxi/0PAAAA08jd/7i4pcn+1//r//fS/99F/1/0//r/PdH/6/+X6P/1/3t+v/5f/8+6zfv/+9504Z60/8/df1Pc0mT/AwAAQAe5+x8ft9j/AAAAMI3c/U+IW+x/AAAAmEbu/ifGLU32v/5f/397/3/bdSP3/8e9X/+v/z/o/4e38P7rr8bvr//X/x/0/2d2+X7+ZH8l9P/6f/0/azbv/1d6/4v/e+7+J8UtTfY/AAAAdJC7/8lxi/0PAAAA08jd/5S4xf4HAACAaeTuf2rc0mT/6//1/3v5/v9x75+t/7/txqOf5x1/H/2//n/i/v+q0P/r/w/6/zM7735+7+9f6v/vc4L36//pYLT+P3f/0+KWJvsfAAAAOsjd//S4xf4HAACAaeTuf0bcYv8DAADANHL3PzNuabL/9f/6f/3/OP2/7//Hz1X/r/8/Bf2//v9w1v7/bvr/8+7n9/5+3//X/7NutP4/d/+z4pYm+x8AAAA6yN3/7LjF/gcAAIBp5O5/Ttxi/wMAAMA0cvc/N25psv/1//p//b/+/4r6/zvr//X/y/T/+v8lvv+v/9/z+/X/+n/Wjdb/5+5/XtzSZP8DAABAB7n7nx+32P8AAAAwjdz9L4hb7H8AAACYRu7+F8YtTfa//l//r//X//v+v/5/S/r/6fr/6/T/t9P/6//1//p/lo3W/+fuf1Hc0mT/AwAAQAe5+18ct9j/AAAAMI3c/S+JW+x/AAAAmEbu/pfGLU32v/5f/6//1//r//X/W9L/T9f/+/7/Hej/9f/6f/0/y0br/3P3vyxuabL/AQAAoIPc/S+PW+x/AAAAmEbu/lfELfY/AAAATCN3/yvjlib7X/+v/9f/6//1//r/Len/9f9L9P/H9/83XObP0/+P9X79v/6fdaP1/7n7XxW3NNn/AAAA0EHu/lfHLfY/AAAATCN3/2viFvsfAAAAppG7/7VxS5P9f7n+/5Z7HP3v+v+T0f8f/379v/5f/6//1//r/5fo/33/f8/v1//r/1l39v7/1ov+CXR1+v/c/a+LW5rsfwAAAOggd//r4xb7HwAAAKaRu/8NcYv9DwAAANPI3f/GuKXJ/vf9f/2//l//r//X/29J/6//X6L/1//v+f36f/0/687e/1/6f7nwn1fY/+fuf1Pc0mT/AwAAQAe5+98ct9j/AAAAMI3c/W+JW+x/AAAAmEbu/rfGLU32v/5f/3/u/f+d9P9J/x8/V/2//v8U9P/6/4P+/8zOu5/f+/v1//p/1o3W/+fuf1vc0mT/AwAAQAe5+98et9j/AAAAMI3c/e+IW+x/AAAAmEbu/nfGLU32v/5f/3/u/b/v/xf9f/xc9f/6/1PQ/+v/D/r/Mzvvfn7v79f/6/9ZN1r/n7v/XXFLk/0PAAAAHeTuf3fcYv8DAADANHL3vydusf8BAABgGrn73xu3NNn/+n/9v/5f/6//1/9vSf+v/1+i/9f/7/n9+n/9P+tG6/9z978vbmmy/wEAAKCD3P3vj1vsfwAAAJhG7v4PxC32PwAAAEwjd/8H45Ym+1//v/f+/343xwv0//p//b/+f0j6f/3/Ev2//n/P79f/6/9ZN1r/n7v/Q3FLk/0PAAAAHeTu/3DcYv8DAADANHL3fyRusf8BAABgGrn7Pxq3NNn/Pfr/u17yy+bp/33/X/+v/9f/j03/r/9fov/X/+/5/fp//T/rRuv/c/d/LG5psv8BAACgg9z9H49b7H8AAACYRu7+T8Qt9j8AAABMI3f/J+OWJvu/R/9/Kf3/kave/992L/2//r/o//X/B/2//n+F/l//v+f36//1/6wbrf/P3f+puKXJ/gcAAIAOcvd/Om6x/wEAAGAaufs/E7fY/wAAADCN3P2fjRvufc/ze9I1pf/X//v+v/5f/6//35L+X/+/RP+v/9/z+/X/+n/Wjdb/5+7/XNzi3/8DAADANHL3fz5usf8BAABgGrn7vxC32P8AAAAwjdz9X4xbmux//b/+X/+v/9f/6/+3pP/X/y/R/+v/9/x+/b/+n3Wj9f+5+78UtzTZ/wAAANBB7v4vxy32PwAAAEwjd/9X4hb7HwAAAKaRu/+rcUuT/a//1//r//X/+n/9/5b0//r/Jfp//f+e36//1/+zbrT+P3f/1+KWJvsfAAAAOsjd//W4xf4HAACAaeTu/0bcYv8DAADANHL3fzNuabL/9f/6f/2//l//r//fkv5f/79E/6//3/P79f/6f9aN1v/n7v9W3NJk/wMAAEAHufu/HbfY/wAAADCN3P3fiVvsfwAAAJhG7v7vxi1N9v/M/f/SL9P/H9H/6/8P+n/9/8b0//r/JWfu/+NvPP3/lTnvfn7v79f/6/9ZN1r/n7v/e3FLk/0PAAAAHeTu/37cYv8DAADANHL3/yBusf8BAABgGrn7fxi3NNn/M/f/S/T/R/T/+v+D/l//vzH9v/5/ie//6//3/H79v/6fdaP1/7n7fxS3NNn/AAAA0EHu/h/HLfY/AAAATCN3/0/iFvsfAAAAppG7/6dxS5P9r//X/+v/9f/6f/3/lvT/+v8l+n/9/57fr//X/7NutP4/d//P4pYm+x8AAAA6yN3/87jF/gcAAIBp5O7/Rdxi/wMAAMA0cvf/Mm5psv/1//p//b/+X/+v/9+S/l//v0T/r//f8/v1//p/1o3W/+fu/1Xc0mT/AwAAQAe5+38dt9j/AAAAMI3c/b+JW+x/AAAAmEbu/t/GLU32v/5f/6//1//r//X/W9L/6/+X6P/1/3t+v/5f/8+60fr/3P2/i1ua7H8AAADoIHf/7+MW+x8AAACmkbv/D3GL/Q8AAADTyN3/x7ilyf7X/+v/9f/6f/2//n9L+n/9/xL9v/5/z+/X/+v/WTda/5+7/+a4pcn+BwAAgA5y9/8pbrH/AQAAYBq5+/8ct9j/AAAAMI3c/bfELU32v/5f/z9l/3+9/l//r/8fhf5f/79E/6//3/P79f/6f9aN1v/n7v9L3NJk/wMAAEAHufv/GrfY/wAAADCN3P1/i1vsfwAAAJhG7v6/xy1N9r/+X/8/Zf/v+//6f/3/MPT/+v8l+n/9/57fr//X/7NutP4/d/8/4pYm+x8AAAA6yN3/z7jF/gcAAIBp5O7/V9xi/wMAAMA0cvf/O25psv/1/yfu/xebTP3/8e/X/+v/9f/6f/2//n+J/l//v+f36//1/6wbrf/P3f+fuKXJ/gcAAIAOcvf/N26x/wEAAGAauftvjVvsfwAAAJhG7v7/xS1N9r/+3/f/9f/6f/2//n9L+n/9/xL9v/5/z+/X/+v/WTda/5+7//8BAAD///cuN48=")
r0 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x140000}], 0x1, 0x7800, 0x0, 0x3)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
close(r0)

440.816499ms ago: executing program 5 (id=1028):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000100), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0)
r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
unshare(0x20000400)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0xc, r1, 0x0, 0x0, 0x4})

381.28829ms ago: executing program 0 (id=1029):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x4})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x80a0000, 0xb000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000200)={0x6000, 0xc0940621f232ea96})

380.280721ms ago: executing program 3 (id=1030):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f00000003c0)='%pI4   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x10, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

363.530431ms ago: executing program 6 (id=1031):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000005980)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r2, &(0x7f0000005a40)={0x0, 0x0, &(0x7f0000005a00)={&(0x7f00000059c0)={0x1c, r0, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x10)

197.898225ms ago: executing program 3 (id=1032):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@broadcast, @in=@private, 0x0, 0x5d, 0x0, 0x0, 0xa}, {0x0, 0x100000000000, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x2f, 0x2}, 0x0, 0x6e6bb0}, {{@in6=@dev={0xfe, 0x80, '\x00', 0xd}, 0x4d6, 0x3c}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x1000000}}, 0xe8)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0)

138.362944ms ago: executing program 6 (id=1033):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r1, &(0x7f0000000080)='./file0\x00', 0x8000, &(0x7f00000000c0)={0x1, 0x89, 0x0, {r0}}, 0x20)

113.187459ms ago: executing program 5 (id=1034):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x67)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x36, &(0x7f00000000c0)=[{0x7}, {0x3, 0x5, 0x2c, 0x4}, {0xfac3, 0x2, 0x4, 0x2}, {0x77cf, 0x7f, 0x1, 0x80000001}, {0x7, 0x11, 0xcf, 0x7}]})
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000040)=ANY=[], 0x6)

81.24317ms ago: executing program 3 (id=1035):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x0, 0x13, &(0x7f00000001c0)=@ringbuf={{}, {}, {}, [@map_fd, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="40010000100001000400"/20, @ANYRES32=r2, @ANYBLOB="0000000012400000f8001a80200002801c0001"], 0x140}}, 0x0)

0s ago: executing program 0 (id=1036):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xf9, 0xdb, 0xe2, 0x10, 0xb95, 0x2790, 0x639c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xcb, 0x0, 0x0, 0xff, 0x64, 0x63}}]}}]}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000003c0)='kfree\x00', r2}, 0x18)
syz_usb_control_io(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 OFF
[  161.612227][ T5884] dvb-usb: bulk message failed: -22 (2/0)
[  161.616839][ T7533] netlink: 83 bytes leftover after parsing attributes in process `syz.3.431'.
[  161.637049][ T5884] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  161.663183][ T5884] (NULL device *): no alternate interface
[  161.781989][ T5884] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  161.848985][ T5884] usb 7-1: USB disconnect, device number 2
[  161.983415][ T7541] loop5: detected capacity change from 0 to 128
[  162.031801][ T7541] EXT4-fs: Ignoring removed nobh option
[  162.108055][ T7541] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  162.191317][ T7541] ext4 filesystem being mounted at /52/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  162.269247][ T7548] loop2: detected capacity change from 0 to 4096
[  162.338561][ T7548] ntfs3(loop2): ino=1a, mi_enum_attr
[  162.343972][ T7548] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  162.421760][   T30] audit: type=1800 audit(1744093896.362:11): pid=7548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.444" name="file0" dev="loop2" ino=0 res=0 errno=0
[  162.481533][ T6444] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  162.510609][ T5881] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  162.703140][ T5881] usb 7-1: Using ep0 maxpacket: 8
[  162.720291][ T5881] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  162.735822][ T5881] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  162.782745][ T5881] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  162.799786][ T5881] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  162.813293][ T5881] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  162.854997][ T5881] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  162.886518][ T5881] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.969137][ T7564] loop5: detected capacity change from 0 to 1024
[  162.991954][ T7564] EXT4-fs: Ignoring removed nobh option
[  163.002782][ T7564] EXT4-fs: Ignoring removed bh option
[  163.051237][ T7564] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.145567][ T5881] usb 7-1: usb_control_msg returned -32
[  163.168005][ T5881] usbtmc 7-1:16.0: can't read capabilities
[  163.214850][ T7574] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  163.325139][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.591081][ T5881] usb 7-1: USB disconnect, device number 3
[  163.674287][ T7582] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  163.723427][ T7582] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  164.101400][ T5881] IPVS: starting estimator thread 0...
[  164.256491][ T7595] IPVS: using max 27 ests per chain, 64800 per kthread
[  165.061590][ T7617] loop2: detected capacity change from 0 to 256
[  165.138843][ T7617] exfat: Deprecated parameter 'utf8'
[  165.144266][ T7617] exfat: Deprecated parameter 'utf8'
[  165.196261][ T7617] exfat: Deprecated parameter 'namecase'
[  165.241988][ T7617] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  165.612314][ T7635] netlink: 24 bytes leftover after parsing attributes in process `syz.3.480'.
[  165.681528][ T7635] team0: entered promiscuous mode
[  165.710685][ T7635] team_slave_0: entered promiscuous mode
[  165.735987][ T7635] team_slave_1: entered promiscuous mode
[  165.750114][ T7635] batadv_slave_1: entered promiscuous mode
[  166.046590][   T30] audit: type=1326 audit(1744093899.982:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7650 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  166.106584][   T30] audit: type=1326 audit(1744093899.982:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7650 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  166.141996][ T7652] loop2: detected capacity change from 0 to 128
[  166.171746][   T30] audit: type=1326 audit(1744093900.012:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7650 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  166.233705][ T7652] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  166.236142][   T30] audit: type=1326 audit(1744093900.012:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7650 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  166.279861][ T7652] ext4 filesystem being mounted at /105/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  166.311823][    C0] vkms_vblank_simulate: vblank timer overrun
[  166.321036][   T30] audit: type=1326 audit(1744093900.012:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7650 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  166.345058][   T30] audit: type=1326 audit(1744093900.022:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7650 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  166.347001][ T7652] EXT4-fs warning (device loop2): verify_group_input:137: Cannot add at group 1835363691 (only 1 groups)
[  166.367191][    C0] vkms_vblank_simulate: vblank timer overrun
[  166.368081][   T30] audit: type=1326 audit(1744093900.022:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7650 comm="syz.0.487" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x0
[  166.499454][ T5838] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  166.916349][ T7645] loop3: detected capacity change from 0 to 32768
[  166.975338][ T7645] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  167.185966][ T7645] XFS (loop3): Ending clean mount
[  167.275996][ T5832] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  167.310892][ T7686] loop6: detected capacity change from 0 to 16
[  167.369528][ T7661] loop5: detected capacity change from 0 to 40427
[  167.404233][ T7661] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  167.413454][ T7686] erofs (device loop6): mounted with root inode @ nid 36.
[  167.421093][ T7661] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  167.566731][ T7661] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  167.612435][ T7694] loop2: detected capacity change from 0 to 128
[  168.198330][ T7661] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  168.205431][ T7661] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  168.332343][ T7661] syz.5.491: attempt to access beyond end of device
[  168.332343][ T7661] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  169.065698][ T7706] loop6: detected capacity change from 0 to 32768
[  169.158598][ T7704] loop3: detected capacity change from 0 to 40427
[  169.167079][ T7704] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3fffff
[  169.175706][ T7704] F2FS-fs (loop3): Image doesn't support compression
[  169.183612][ T7704] F2FS-fs (loop3): heap/no_heap options were deprecated
[  169.190951][ T7704] F2FS-fs (loop3): Image doesn't support compression
[  169.204738][ T7704] F2FS-fs (loop3): invalid crc value
[  169.280271][ T7706] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  169.324109][ T7704] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  169.333459][ T7706] bcachefs (loop6): initializing new filesystem
[  169.400216][ T7704] syz.3.505: attempt to access beyond end of device
[  169.400216][ T7704] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  169.436673][ T7706] bcachefs (loop6): going read-write
[  169.443361][ T7704] F2FS-fs (loop3): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x581/0x1f30
[  169.463299][ T7704] F2FS-fs (loop3): invalid blkaddr: 5638, type: 7, run fsck to fix.
[  169.471884][ T7704] syz.3.505: attempt to access beyond end of device
[  169.471884][ T7704] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  169.543896][ T7706] bcachefs (loop6): marking superblocks
[  169.549959][ T5832] syz-executor: attempt to access beyond end of device
[  169.549959][ T5832] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  169.612825][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: syz-executor Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) 
[  169.612856][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  169.612870][ T5832] Call Trace:
[  169.612879][ T5832]  <TASK>
[  169.612888][ T5832]  dump_stack_lvl+0x241/0x360
[  169.612929][ T5832]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.612963][ T5832]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  169.613001][ T5832]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  169.613036][ T5832]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  169.613068][ T5832]  f2fs_handle_critical_error+0x392/0x5a0
[  169.613103][ T5832]  f2fs_write_end_io+0x563/0x790
[  169.613140][ T5832]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  169.613172][ T5832]  ? bio_endio+0x7e4/0x890
[  169.613199][ T5832]  ? bio_endio+0x82a/0x890
[  169.613228][ T5832]  __submit_merged_bio+0x2a9/0x710
[  169.613248][ T5832]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  169.613292][ T5832]  f2fs_submit_merged_write_cond+0x29f/0x380
[  169.613343][ T5832]  f2fs_write_data_pages+0x2f99/0x38d0
[  169.613416][ T5832]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.613454][ T5832]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  169.613574][ T5832]  ? lockdep_hardirqs_on+0x9d/0x150
[  169.613593][ T5832]  ? __pfx_folios_put_refs+0x10/0x10
[  169.613618][ T5832]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  169.613656][ T5832]  ? __lock_acquire+0xad5/0xd80
[  169.613674][ T5832]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.613699][ T5832]  do_writepages+0x38c/0x640
[  169.613731][ T5832]  ? __lock_acquire+0xad5/0xd80
[  169.613757][ T5832]  ? __pfx_do_writepages+0x10/0x10
[  169.613774][ T5832]  ? do_raw_spin_lock+0x151/0x370
[  169.613817][ T5832]  ? do_raw_spin_unlock+0x13c/0x8b0
[  169.613851][ T5832]  filemap_fdatawrite+0x1f2/0x2a0
[  169.613876][ T5832]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  169.613895][ T5832]  ? mlock_drain_local+0x79/0x490
[  169.613965][ T5832]  ? do_raw_spin_unlock+0x13c/0x8b0
[  169.614005][ T5832]  f2fs_sync_dirty_inodes+0x34f/0x860
[  169.614068][ T5832]  f2fs_write_checkpoint+0x857/0x1da0
[  169.614117][ T5832]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  169.614202][ T5832]  ? kill_f2fs_super+0x290/0x6d0
[  169.614234][ T5832]  kill_f2fs_super+0x2b8/0x6d0
[  169.614270][ T5832]  ? __pfx_kill_f2fs_super+0x10/0x10
[  169.614303][ T5832]  ? shrinker_free+0x2ca/0x3d0
[  169.614332][ T5832]  deactivate_locked_super+0xc4/0x130
[  169.614362][ T5832]  cleanup_mnt+0x422/0x4c0
[  169.614388][ T5832]  ? lockdep_hardirqs_on+0x9d/0x150
[  169.614414][ T5832]  task_work_run+0x251/0x310
[  169.614443][ T5832]  ? __pfx_task_work_run+0x10/0x10
[  169.614481][ T5832]  ? syscall_exit_to_user_mode+0xa3/0x340
[  169.614504][ T5832]  syscall_exit_to_user_mode+0x13f/0x340
[  169.614542][ T5832]  do_syscall_64+0x100/0x230
[  169.614560][ T5832]  ? clear_bhb_loop+0x45/0xa0
[  169.614588][ T5832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.614621][ T5832] RIP: 0033:0x7f8428f8e497
[  169.614637][ T5832] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  169.614651][ T5832] RSP: 002b:00007ffd4e4330b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  169.614671][ T5832] RAX: 0000000000000000 RBX: 00007f842900e08c RCX: 00007f8428f8e497
[  169.614685][ T5832] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd4e433170
[  169.614699][ T5832] RBP: 00007ffd4e433170 R08: 0000000000000000 R09: 0000000000000000
[  169.614712][ T5832] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd4e434200
[  169.614735][ T5832] R13: 00007f842900e08c R14: 00000000000295ff R15: 00007ffd4e434240
[  169.614773][ T5832]  </TASK>
[  169.667045][ T5832] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  169.675594][ T7706] bcachefs (loop6): initializing freespace
[  170.046250][ T7706] bcachefs (loop6): done initializing freespace
[  170.087679][ T7706] bcachefs (loop6): reading snapshots table
[  170.131528][ T7706] bcachefs (loop6): reading snapshots done
[  170.316111][ T7706] bcachefs (loop6): done starting filesystem
[  170.831060][ T7270] bcachefs (loop6): shutting down
[  170.836154][ T7270] bcachefs (loop6): going read-only
[  170.864538][ T7270] bcachefs (loop6): finished waiting for writes to stop
[  170.913911][ T7270] bcachefs (loop6): flushing journal and stopping allocators, journal seq 5
[  171.076920][ T7270] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 5
[  171.091043][ T7270] bcachefs (loop6): clean shutdown complete, journal seq 6
[  171.160066][ T7270] bcachefs (loop6): marking filesystem clean
[  171.180195][ T7758] loop3: detected capacity change from 0 to 512
[  171.226139][ T7758] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.247090][ T7758] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.298244][ T7270] bcachefs (loop6): shutdown complete
[  171.440617][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.544808][ T7726] loop0: detected capacity change from 0 to 32768
[  171.572602][ T7767] loop3: detected capacity change from 0 to 128
[  171.591401][ T7767] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  171.620501][ T7726] XFS: ikeep mount option is deprecated.
[  171.658129][ T7726] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  171.808520][ T7780] syz_tun: entered allmulticast mode
[  171.838117][ T7780] pimreg: entered allmulticast mode
[  171.845036][ T7780] syz_tun: left allmulticast mode
[  171.851836][ T7779] pimreg: left allmulticast mode
[  171.862923][ T7726] XFS (loop0): Ending clean mount
[  171.889699][ T7726] XFS (loop0): Quotacheck needed: Please wait.
[  171.933295][ T7726] XFS (loop0): Quotacheck: Done.
[  171.994704][ T5828] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  172.005980][ T7782] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  172.174274][ T7785] loop3: detected capacity change from 0 to 2048
[  172.230341][ T7786] loop2: detected capacity change from 0 to 4096
[  172.255530][ T7785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.337872][ T7785] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.470784][ T7785] fs-verity: sha256 using implementation "sha256-avx2"
[  172.524737][ T5884] kernel read not supported for file /video37 (pid: 5884 comm: kworker/0:6)
[  172.565169][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.580611][ T7796] loop5: detected capacity change from 0 to 2048
[  172.631529][ T7796] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.705391][ T7796] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  172.771003][   T30] audit: type=1326 audit(1744093906.712:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7804 comm="syz.3.537" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8428f8d169 code=0x0
[  172.848468][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.031409][ T7814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.542'.
[  173.860558][ T7840] loop5: detected capacity change from 0 to 512
[  173.888878][ T7840] EXT4-fs: Ignoring removed oldalloc option
[  173.898650][ T7840] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  173.903472][ T7842] loop6: detected capacity change from 0 to 1024
[  173.934160][ T7846] netlink: 'syz.3.556': attribute type 1 has an invalid length.
[  173.943360][ T7846] netlink: 20 bytes leftover after parsing attributes in process `syz.3.556'.
[  173.948872][ T7842] EXT4-fs (loop6): stripe (8) is not aligned with cluster size (16), stripe is disabled
[  173.982500][ T7840] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  174.011767][ T7840] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.065163][ T7842] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.141566][ T7824] loop0: detected capacity change from 0 to 32768
[  174.156564][ T7824] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.546 (7824)
[  174.180583][ T7824] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  174.214774][ T7842] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  174.248677][ T7824] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  174.393895][ T7824] BTRFS info (device loop0): rebuilding free space tree
[  174.411591][ T7873] loop2: detected capacity change from 0 to 512
[  174.425768][ T7270] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.445995][ T7824] BTRFS info (device loop0): disabling free space tree
[  174.453349][ T7824] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  174.494387][ T7824] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  174.524550][ T7873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.609728][ T7873] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.648545][ T7877] loop6: detected capacity change from 0 to 512
[  174.664069][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  174.755684][   T30] audit: type=1800 audit(1744093908.692:20): pid=7873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.560" name="file1" dev="loop2" ino=15 res=0 errno=0
[  174.791377][ T7877] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.813581][   T30] audit: type=1800 audit(1744093908.692:21): pid=7873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.560" name="file2" dev="loop2" ino=16 res=0 errno=0
[  174.841539][ T7877] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.876997][ T5828] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  174.936151][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.949052][   T30] audit: type=1800 audit(1744093908.872:22): pid=7877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.561" name="file1" dev="loop6" ino=15 res=0 errno=0
[  175.026843][   T30] audit: type=1800 audit(1744093908.892:23): pid=7881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.561" name="file2" dev="loop6" ino=16 res=0 errno=0
[  175.153311][ T7270] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.227735][   T47] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  175.406853][   T47] usb 4-1: Using ep0 maxpacket: 32
[  175.423752][   T47] usb 4-1: config 0 has an invalid interface number: 235 but max is 0
[  175.452896][   T47] usb 4-1: config 0 has no interface number 0
[  175.477611][   T47] usb 4-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47
[  175.495591][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.519160][   T47] usb 4-1: Product: syz
[  175.523377][   T47] usb 4-1: Manufacturer: syz
[  175.533911][   T47] usb 4-1: SerialNumber: syz
[  175.554145][   T47] usb 4-1: config 0 descriptor??
[  175.792531][   T47] kaweth 4-1:0.235: Firmware present in device.
[  175.975572][   T47] kaweth 4-1:0.235: Statistics collection: 0
[  175.992006][   T47] kaweth 4-1:0.235: Multicast filter limit: 0
[  176.013287][   T47] kaweth 4-1:0.235: MTU: 0
[  176.023355][   T47] kaweth 4-1:0.235: Read MAC address 00:00:00:00:00:00
[  176.037262][ T7907] loop6: detected capacity change from 0 to 4096
[  176.108264][ T7914] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  176.177540][   T47] kaweth 4-1:0.235: probe with driver kaweth failed with error -5
[  176.206448][   T30] audit: type=1800 audit(1744093910.132:24): pid=7907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.574" name="file1" dev="loop6" ino=19 res=0 errno=0
[  176.225832][   T47] usb 4-1: USB disconnect, device number 5
[  176.260315][ T7916] loop5: detected capacity change from 0 to 2048
[  176.314873][ T7916] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  176.385127][ T7921] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  176.472979][ T7926] loop6: detected capacity change from 0 to 512
[  176.491006][ T7926] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  176.530453][ T7926] EXT4-fs (loop6): 1 truncate cleaned up
[  176.544703][ T7926] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.637754][ T7926] EXT4-fs error (device loop6): ext4_append:79: inode #2: comm syz.6.580: Logical block already allocated
[  176.696463][ T5884] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  176.812495][ T7270] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.862077][ T5884] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  176.873486][ T7937] netlink: 12 bytes leftover after parsing attributes in process `syz.3.583'.
[  176.894559][ T5884] usb 3-1: config 0 interface 0 has no altsetting 0
[  176.924011][ T5884] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  176.943603][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  176.962112][ T5884] usb 3-1: Product: syz
[  176.969289][ T5884] usb 3-1: Manufacturer: syz
[  176.983426][ T5884] usb 3-1: SerialNumber: syz
[  177.003091][ T5884] usb 3-1: config 0 descriptor??
[  177.049843][ T5884] usb 3-1: selecting invalid altsetting 0
[  177.132429][ T7921] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  177.156440][ T7921] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  177.181915][ T7921] Remounting filesystem read-only
[  177.206892][ T6444] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  177.241803][   T54] usb 3-1: USB disconnect, device number 6
[  177.341471][ T7951] loop0: detected capacity change from 0 to 256
[  177.383564][ T7951] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe1cea053, utbl_chksum : 0x7319d30d)
[  178.006002][ T7962] loop3: detected capacity change from 0 to 2048
[  178.023755][ T7945] loop6: detected capacity change from 0 to 40427
[  178.032848][ T7962] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  178.062004][ T7945] F2FS-fs (loop6): heap/no_heap options were deprecated
[  178.083451][ T7945] F2FS-fs (loop6): invalid crc value
[  178.095254][ T7969] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.301341][ T7975] syzkaller1: entered promiscuous mode
[  178.342254][ T7975] syzkaller1: entered allmulticast mode
[  178.343072][ T7945] F2FS-fs (loop6): Start checkpoint disabled!
[  178.383909][ T7945] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  178.470229][   T30] audit: type=1800 audit(1744093912.412:25): pid=7945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.588" name="file1" dev="loop6" ino=10 res=0 errno=0
[  178.503699][ T7945] syz.6.588: attempt to access beyond end of device
[  178.503699][ T7945] loop6: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  178.569494][ T7945] syz.6.588: attempt to access beyond end of device
[  178.569494][ T7945] loop6: rw=2049, sector=45224, nr_sectors = 128 limit=40427
[  178.621363][ T7945] syz.6.588: attempt to access beyond end of device
[  178.621363][ T7945] loop6: rw=2049, sector=45352, nr_sectors = 128 limit=40427
[  178.640317][ T7945] syz.6.588: attempt to access beyond end of device
[  178.640317][ T7945] loop6: rw=2049, sector=45480, nr_sectors = 128 limit=40427
[  178.677958][ T7945] syz.6.588: attempt to access beyond end of device
[  178.677958][ T7945] loop6: rw=2049, sector=45608, nr_sectors = 128 limit=40427
[  178.710182][ T7945] syz.6.588: attempt to access beyond end of device
[  178.710182][ T7945] loop6: rw=2049, sector=45736, nr_sectors = 128 limit=40427
[  178.772881][ T7945] syz.6.588: attempt to access beyond end of device
[  178.772881][ T7945] loop6: rw=2049, sector=45864, nr_sectors = 128 limit=40427
[  178.919364][ T4163] kworker/u8:7: attempt to access beyond end of device
[  178.919364][ T4163] loop6: rw=2049, sector=45992, nr_sectors = 8 limit=40427
[  178.949725][ T7969] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  178.958998][ T4163] CPU: 0 UID: 0 PID: 4163 Comm: kworker/u8:7 Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) 
[  178.959033][ T4163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  178.959049][ T4163] Workqueue: writeback wb_workfn (flush-7:6)
[  178.959086][ T4163] Call Trace:
[  178.959102][ T4163]  <TASK>
[  178.959112][ T4163]  dump_stack_lvl+0x241/0x360
[  178.959152][ T4163]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.959195][ T4163]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  178.959226][ T4163]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  178.959259][ T4163]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  178.959290][ T4163]  f2fs_handle_critical_error+0x392/0x5a0
[  178.959331][ T4163]  f2fs_write_end_io+0x563/0x790
[  178.959365][ T4163]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  178.959395][ T4163]  ? bio_endio+0x7e4/0x890
[  178.959422][ T4163]  ? bio_endio+0x82a/0x890
[  178.959449][ T4163]  __submit_merged_bio+0x2a9/0x710
[  178.959469][ T4163]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  178.959510][ T4163]  f2fs_submit_merged_write_cond+0x29f/0x380
[  178.959558][ T4163]  f2fs_write_data_pages+0x2f99/0x38d0
[  178.959634][ T4163]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  178.959676][ T4163]  ? __lock_acquire+0xad5/0xd80
[  178.959776][ T4163]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  178.959820][ T4163]  ? kvm_sched_clock_read+0x11/0x20
[  178.959861][ T4163]  ? sched_clock+0x4a/0x70
[  178.959889][ T4163]  ? sched_clock_cpu+0x77/0x4d0
[  178.959936][ T4163]  ? update_curr_se+0x8f/0x240
[  178.959957][ T4163]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  178.959985][ T4163]  do_writepages+0x38c/0x640
[  178.960017][ T4163]  ? __pfx_do_writepages+0x10/0x10
[  178.960037][ T4163]  ? __lock_acquire+0xad5/0xd80
[  178.960070][ T4163]  ? reacquire_held_locks+0x12a/0x1e0
[  178.960096][ T4163]  ? writeback_sb_inodes+0x43f/0x1360
[  178.960138][ T4163]  __writeback_single_inode+0x14f/0x10d0
[  178.960179][ T4163]  writeback_sb_inodes+0x822/0x1360
[  178.960258][ T4163]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  178.960345][ T4163]  ? rcu_is_watching+0x15/0xb0
[  178.960374][ T4163]  ? queue_io+0x310/0x4d0
[  178.960414][ T4163]  wb_writeback+0x415/0xb90
[  178.960449][ T4163]  ? queue_io+0x2e1/0x4d0
[  178.960476][ T4163]  ? __pfx_wb_writeback+0x10/0x10
[  178.960522][ T4163]  wb_workfn+0x412/0x10b0
[  178.960571][ T4163]  ? __pfx_wb_workfn+0x10/0x10
[  178.960593][ T4163]  ? register_lock_class+0x54/0x330
[  178.960629][ T4163]  ? __lock_acquire+0xad5/0xd80
[  178.960689][ T4163]  ? process_scheduled_works+0x9cb/0x18e0
[  178.960713][ T4163]  process_scheduled_works+0xac3/0x18e0
[  178.960778][ T4163]  ? __pfx_process_scheduled_works+0x10/0x10
[  178.960815][ T4163]  ? assign_work+0x367/0x3d0
[  178.960847][ T4163]  worker_thread+0x870/0xd50
[  178.960892][ T4163]  ? __kthread_parkme+0x1a8/0x200
[  178.960929][ T4163]  ? __pfx_worker_thread+0x10/0x10
[  178.960955][ T4163]  kthread+0x7b7/0x940
[  178.960986][ T4163]  ? __pfx_worker_thread+0x10/0x10
[  178.961013][ T4163]  ? __pfx_kthread+0x10/0x10
[  178.961039][ T4163]  ? __pfx_kthread+0x10/0x10
[  178.961065][ T4163]  ? __pfx_kthread+0x10/0x10
[  178.961094][ T4163]  ? __pfx_kthread+0x10/0x10
[  178.961121][ T4163]  ? _raw_spin_unlock_irq+0x23/0x50
[  178.961147][ T4163]  ? lockdep_hardirqs_on+0x9d/0x150
[  178.961167][ T4163]  ? __pfx_kthread+0x10/0x10
[  178.961197][ T4163]  ret_from_fork+0x4b/0x80
[  178.961219][ T4163]  ? __pfx_kthread+0x10/0x10
[  178.961248][ T4163]  ret_from_fork_asm+0x1a/0x30
[  178.961289][ T4163]  </TASK>
[  178.961305][ T4163] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  179.006451][ T7969] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  179.227886][ T7976] loop5: detected capacity change from 0 to 32768
[  179.233499][ T7969] Remounting filesystem read-only
[  179.322809][ T7987] loop0: detected capacity change from 0 to 128
[  179.336022][ T5832] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  179.375788][ T7976] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  179.576916][ T7976] XFS (loop5): Ending clean mount
[  179.693864][ T6444] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  179.955849][ T8012] loop5: detected capacity change from 0 to 128
[  179.964352][   T47] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  180.003678][ T8012] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  180.023499][ T8012] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  180.091651][ T6444] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  180.126500][   T47] usb 1-1: Using ep0 maxpacket: 32
[  180.133661][   T47] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  180.144103][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.155604][   T47] usb 1-1: config 0 descriptor??
[  180.168885][   T47] gspca_main: nw80x-2.14.0 probing 055f:d001
[  180.256614][ T8021] vlan1: entered promiscuous mode
[  180.263936][ T8020] vlan1: left promiscuous mode
[  180.380059][   T30] audit: type=1326 audit(1744093914.322:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8026 comm="syz.5.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f692378d169 code=0x7ffc0000
[  180.437608][   T30] audit: type=1326 audit(1744093914.322:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8026 comm="syz.5.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f692378d169 code=0x7ffc0000
[  180.461949][   T30] audit: type=1326 audit(1744093914.342:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8026 comm="syz.5.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f692378d169 code=0x7ffc0000
[  180.512243][   T30] audit: type=1326 audit(1744093914.342:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8026 comm="syz.5.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f692378d169 code=0x7ffc0000
[  180.617768][   T30] audit: type=1326 audit(1744093914.342:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8026 comm="syz.5.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f692378d169 code=0x7ffc0000
[  180.646587][   T30] audit: type=1326 audit(1744093914.342:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8026 comm="syz.5.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f692378d169 code=0x7ffc0000
[  180.699009][ T8037] loop2: detected capacity change from 0 to 256
[  180.742352][ T8037] FAT-fs (loop2): Directory bread(block 64) failed
[  180.749519][ T8037] FAT-fs (loop2): Directory bread(block 65) failed
[  180.756301][ T8037] FAT-fs (loop2): Directory bread(block 66) failed
[  180.764674][ T8037] FAT-fs (loop2): Directory bread(block 67) failed
[  180.771702][ T8037] FAT-fs (loop2): Directory bread(block 68) failed
[  180.783950][ T5908] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  180.792364][ T8037] FAT-fs (loop2): Directory bread(block 69) failed
[  180.799873][ T8037] FAT-fs (loop2): Directory bread(block 70) failed
[  180.806983][ T8037] FAT-fs (loop2): Directory bread(block 71) failed
[  180.813798][ T8037] FAT-fs (loop2): Directory bread(block 72) failed
[  180.822153][ T8037] FAT-fs (loop2): Directory bread(block 73) failed
[  180.961002][ T5908] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  180.977709][ T5908] usb 6-1: config 0 has no interface number 0
[  181.002370][ T5908] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.018956][ T5908] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.031450][ T8043] IPVS: Scheduler module ip_vs_ not found
[  181.041460][ T5908] usb 6-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  181.062035][ T5908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.120790][ T5908] usb 6-1: config 0 descriptor??
[  181.192845][   T47] gspca_nw80x: reg_w err -71
[  181.197925][   T47] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[  181.214533][   T47] usb 1-1: USB disconnect, device number 4
[  181.406530][ T5883] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  181.482449][ T8057] bond0: option arp_validate: invalid value (1954183539)
[  181.567389][ T5908] input: HID 04d9:a055 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/0003:04D9:A055.0004/input/input16
[  181.581086][ T5883] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.601582][ T5883] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  181.615387][ T5883] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  181.626335][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.645784][ T5883] usb 3-1: Product: syz
[  181.655765][ T5883] usb 3-1: Manufacturer: syz
[  181.660904][ T5883] usb 3-1: SerialNumber: syz
[  181.683095][ T5883] cdc_mbim 3-1:1.0: skipping garbage
[  181.728146][ T5908] holtek_kbd 0003:04D9:A055.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.5-1/input1
[  181.772575][ T5908] usb 6-1: USB disconnect, device number 5
[  181.782434][ T8062] netlink: 28 bytes leftover after parsing attributes in process `syz.3.635'.
[  181.811494][ T8062] netlink: 'syz.3.635': attribute type 7 has an invalid length.
[  181.825749][ T8062] netlink: 'syz.3.635': attribute type 8 has an invalid length.
[  181.837242][   T47] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  181.858230][ T8062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.635'.
[  181.887271][ T8050] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  182.006601][   T47] usb 7-1: Using ep0 maxpacket: 8
[  182.028051][   T47] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  182.039995][   T47] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  182.062136][   T47] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  182.078146][   T47] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  182.095276][   T47] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  182.095351][ T8067] loop0: detected capacity change from 0 to 2048
[  182.113492][   T47] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.130185][ T8067] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  182.153150][ T8070] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  182.349925][   T47] usb 7-1: GET_CAPABILITIES returned 0
[  182.392930][   T47] usbtmc 7-1:16.0: can't read capabilities
[  182.525042][ T8050] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  182.534453][ T5883] cdc_mbim 3-1:1.0: setting tx_max = 184
[  182.542707][ T5883] cdc_mbim 3-1:1.0: cdc-wdm1: USB WDM device
[  182.559249][   T47] usb 7-1: USB disconnect, device number 4
[  182.565170][ T5883] wwan wwan0: port wwan0mbim0 attached
[  182.620514][ T5883] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, fe:f7:1f:77:a4:6d
[  182.669570][ T8070] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  182.691730][ T8070] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4)
[  182.703331][ T8070] Remounting filesystem read-only
[  182.710982][ T5828] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
[  182.750373][ T5883] usb 3-1: USB disconnect, device number 7
[  182.761448][ T5883] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  182.840813][ T5883] wwan wwan0: port wwan0mbim0 disconnected
[  182.877105][ T8079] loop0: detected capacity change from 0 to 2048
[  182.893920][ T8079] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  183.247347][ T5884] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  183.311986][ T8097] loop6: detected capacity change from 0 to 2048
[  183.351914][ T8097] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  183.391863][ T8104] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  183.417587][ T5884] usb 4-1: Using ep0 maxpacket: 16
[  183.425139][ T5884] usb 4-1: config 0 has no interfaces?
[  183.436562][   T47] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  183.457698][ T5884] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  183.468816][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.480273][ T5884] usb 4-1: config 0 descriptor??
[  183.582970][ T8110] netlink: 8 bytes leftover after parsing attributes in process `syz.0.656'.
[  183.595336][ T8110] netlink: 8 bytes leftover after parsing attributes in process `syz.0.656'.
[  183.606798][   T47] usb 6-1: Using ep0 maxpacket: 8
[  183.628252][   T47] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  183.654134][   T47] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  183.673358][   T47] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  183.684864][   T47] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  183.700555][ T5881] usb 4-1: USB disconnect, device number 6
[  183.708012][   T47] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.718032][   T47] usb 6-1: Product: syz
[  183.722225][   T47] usb 6-1: Manufacturer: syz
[  183.732266][   T47] usb 6-1: SerialNumber: syz
[  183.949547][   T47] usb 6-1: 0:2 : does not exist
[  183.988212][   T47] usb 6-1: USB disconnect, device number 6
[  183.995775][ T8104] NILFS (loop6): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  184.012881][ T8104] NILFS error (device loop6): nilfs_bmap_propagate: broken bmap (inode number=4)
[  184.029578][ T8104] Remounting filesystem read-only
[  184.035300][ T7270] NILFS (loop6): disposed unprocessed dirty file(s) when stopping log writer
[  184.193071][ T8114] loop0: detected capacity change from 0 to 32768
[  184.202554][ T8114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.658 (8114)
[  184.273992][ T8114] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  184.315443][ T8114] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm
[  184.330050][ T8114] BTRFS info (device loop0): disk space caching is enabled
[  184.346690][ T8114] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  184.362409][ T8120] netlink: 24 bytes leftover after parsing attributes in process `syz.3.661'.
[  184.386496][ T8120] netlink: 140 bytes leftover after parsing attributes in process `syz.3.661'.
[  184.395975][ T8120] netlink: 24 bytes leftover after parsing attributes in process `syz.3.661'.
[  184.409176][ T8119] loop2: detected capacity change from 0 to 2048
[  184.425907][ T8119] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  184.604805][ T8114] BTRFS info (device loop0): rebuilding free space tree
[  184.660670][ T8114] BTRFS info (device loop0): disabling free space tree
[  184.691655][ T8114] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  184.731949][ T8114] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  184.785277][ T8116] loop6: detected capacity change from 0 to 40427
[  184.807962][ T8116] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[  184.816321][ T8116] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  184.828777][   T30] audit: type=1800 audit(1744093918.772:32): pid=8114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.658" name="file1" dev="loop0" ino=260 res=0 errno=0
[  184.832991][ T8116] F2FS-fs (loop6): build fault injection attr: rate: 17008, type: 0x3fffff
[  184.856543][ T5884] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  184.868870][ T8116] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x1f8
[  184.889953][ T8116] F2FS-fs (loop6): invalid crc value
[  184.980954][ T5828] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  185.030870][ T5884] usb 6-1: Using ep0 maxpacket: 8
[  185.041512][ T5884] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  185.058260][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  185.090184][ T8116] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  185.102926][ T5884] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  185.114635][ T8116] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  185.164708][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  185.188042][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  185.225942][ T5884] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  185.234567][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  185.268262][ T5884] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  185.291990][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  185.305674][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  185.344193][ T5884] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  185.372308][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  185.418791][ T5884] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  185.433075][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  185.445165][ T5884] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  185.461253][ T5884] usb 6-1: string descriptor 0 read error: -22
[  185.470221][ T5884] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  185.479992][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.569458][ T5884] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  185.613109][ T8163] ip6tnl1: entered promiscuous mode
[  185.622115][ T8163] ip6tnl1: entered allmulticast mode
[  185.632477][ T8163] team0: Device ip6tnl1 is of different type
[  185.689825][ T8164] vlan2: entered allmulticast mode
[  185.700283][ T8164] gretap0: entered allmulticast mode
[  185.772810][ T5906] usb 6-1: USB disconnect, device number 7
[  186.605447][ T8191] loop5: detected capacity change from 0 to 512
[  186.633490][ T8191] EXT4-fs: Ignoring removed i_version option
[  186.649061][ T8191] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  186.690504][ T8191] EXT4-fs (loop5): 1 truncate cleaned up
[  186.708219][ T8191] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.858449][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.265162][ T8214] loop5: detected capacity change from 0 to 1024
[  187.272440][ T8214] EXT4-fs: inline encryption not supported
[  187.280227][ T8214] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  187.303528][ T8214] EXT4-fs error (device loop5): ext4_map_blocks:708: inode #3: block 1: comm syz.5.690: lblock 1 mapped to illegal pblock 1 (length 1)
[  187.323046][ T8214] EXT4-fs (loop5): Remounting filesystem read-only
[  187.330123][ T8214] Quota error (device loop5): write_blk: dquota write failed
[  187.342150][ T8214] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  187.357037][ T8214] EXT4-fs (loop5): 1 orphan inode deleted
[  187.364016][ T8214] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.406200][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.036612][ T8172] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  188.037228][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  188.055169][ T8172] Bluetooth: hci0: Opcode 0x0406 failed: -110
[  188.913035][ T8172] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  188.932477][ T8172] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  188.938697][ T8172] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  188.945597][ T8172] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  188.955353][ T8172] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  188.961563][ T8172] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  188.970258][ T8172] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  188.983793][ T8172] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  188.990522][ T8172] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  188.999046][ T8172] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  189.010729][ T8172] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  189.016872][ T8172] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  189.024705][ T8172] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  189.286655][ T5906] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  189.294185][   T54] kernel read not supported for file /sequencer (pid: 54 comm: kworker/0:2)
[  189.448831][ T5906] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.486860][ T5906] usb 1-1: config 0 interface 0 has no altsetting 0
[  189.494494][ T5906] usb 1-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00
[  189.524782][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.559662][ T5906] usb 1-1: config 0 descriptor??
[  189.660622][ T8247] netlink: 'syz.3.704': attribute type 12 has an invalid length.
[  189.684212][ T8247] netlink: 'syz.3.704': attribute type 29 has an invalid length.
[  189.707684][ T8247] netlink: 148 bytes leftover after parsing attributes in process `syz.3.704'.
[  189.749398][ T8247] netlink: 'syz.3.704': attribute type 1 has an invalid length.
[  189.975258][ T5906] hid-alps 0003:044E:1215.0005: unknown main item tag 0x0
[  190.003253][ T5906] hid-alps 0003:044E:1215.0005: hidraw0: USB HID v0.04 Device [HID 044e:1215] on usb-dummy_hcd.0-1/input0
[  190.116684][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout
[  190.179695][   T54] usb 1-1: USB disconnect, device number 5
[  190.470137][ T8272] ptrace attach of ""[8273] was attempted by "./syz-executor exec"[8272]
[  190.588421][ T8277] loop3: detected capacity change from 0 to 64
[  190.596102][ T8277] bfs: Unknown parameter '���s7NZO񐾤�ֆBl#����p�8`��1�Ҥ˛l����T.�Ʌy��(�����K+'
[  191.005546][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  191.011995][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout
[  191.016451][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout
[  191.076546][ T5152] Bluetooth: hci4: command 0x0c1a tx timeout
[  191.159707][ T8300] loop6: detected capacity change from 0 to 256
[  191.203656][ T8302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.729'.
[  191.226575][ T8302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.729'.
[  191.398821][ T8305] loop3: detected capacity change from 0 to 128
[  191.523352][ T8307] random: crng reseeded on system resumption
[  191.709222][ T6525] kworker/u8:8: attempt to access beyond end of device
[  191.709222][ T6525] loop3: rw=1, sector=145, nr_sectors = 896 limit=128
[  191.754600][   T30] audit: type=1326 audit(1744093925.682:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb9fd929359 code=0x7ffc0000
[  191.826507][   T30] audit: type=1326 audit(1744093925.682:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fd98d169 code=0x7ffc0000
[  191.896771][   T30] audit: type=1326 audit(1744093925.682:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fd98d169 code=0x7ffc0000
[  191.955013][ T8288] loop0: detected capacity change from 0 to 32768
[  191.986527][   T30] audit: type=1326 audit(1744093925.682:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fd98d169 code=0x7ffc0000
[  192.020048][ T8314] loop3: detected capacity change from 0 to 8
[  192.068799][   T30] audit: type=1326 audit(1744093925.682:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb9fd929359 code=0x7ffc0000
[  192.190067][ T8288] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.198855][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  192.216691][   T30] audit: type=1326 audit(1744093925.682:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fd98d169 code=0x7ffc0000
[  192.246702][   T30] audit: type=1326 audit(1744093925.682:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fd98d169 code=0x7ffc0000
[  192.268786][    C1] vkms_vblank_simulate: vblank timer overrun
[  192.276993][   T30] audit: type=1326 audit(1744093925.682:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb9fd929359 code=0x7ffc0000
[  192.298988][    C1] vkms_vblank_simulate: vblank timer overrun
[  192.324888][   T30] audit: type=1326 audit(1744093925.682:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb9fd929359 code=0x7ffc0000
[  192.372264][   T30] audit: type=1326 audit(1744093925.682:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8309 comm="syz.2.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb9fd929359 code=0x7ffc0000
[  192.425986][ T8307] Restarting kernel threads ... done.
[  192.460044][ T8324] loop3: detected capacity change from 0 to 64
[  192.520458][ T8288] XFS (loop0): Ending clean mount
[  192.706104][ T5828] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.924227][ T8328] loop2: detected capacity change from 0 to 4096
[  193.056052][ T8332] loop5: detected capacity change from 0 to 16
[  193.076572][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  193.082704][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout
[  193.088958][   T56] Bluetooth: hci2: command 0x0c1a tx timeout
[  193.129401][ T8332] erofs (device loop5): mounted with root inode @ nid 36.
[  193.156535][ T5152] Bluetooth: hci4: command 0x0c1a tx timeout
[  193.251575][ T8332] erofs (device loop5): readahead error at folio 87 @ nid 36
[  193.286562][ T8332] erofs (device loop5): readahead error at folio 86 @ nid 36
[  193.295143][ T8332] erofs (device loop5): bogus lookback distance 363 @ lcn 82 of nid 36
[  193.327195][ T8332] erofs (device loop5): readahead error at folio 83 @ nid 36
[  193.327249][ T8332] erofs (device loop5): bogus lookback distance 363 @ lcn 82 of nid 36
[  193.327272][ T8332] erofs (device loop5): readahead error at folio 82 @ nid 36
[  193.328241][ T8332] erofs (device loop5): readahead error at folio 79 @ nid 36
[  193.328265][ T8332] erofs (device loop5): readahead error at folio 78 @ nid 36
[  193.328318][ T8332] erofs (device loop5): bogus lookback distance 1485 @ lcn 75 of nid 36
[  193.328340][ T8332] erofs (device loop5): readahead error at folio 76 @ nid 36
[  193.328359][ T8332] erofs (device loop5): bogus lookback distance 1485 @ lcn 75 of nid 36
[  193.328380][ T8332] erofs (device loop5): readahead error at folio 75 @ nid 36
[  193.329519][ T8332] erofs (device loop5): readahead error at folio 74 @ nid 36
[  193.329564][ T8332] erofs (device loop5): readahead error at folio 72 @ nid 36
[  193.329585][ T8332] erofs (device loop5): readahead error at folio 71 @ nid 36
[  193.329616][ T8332] erofs (device loop5): readahead error at folio 70 @ nid 36
[  193.355737][ T8332] erofs (device loop5): readahead error at folio 63 @ nid 36
[  193.357637][ T8332] erofs (device loop5): readahead error at folio 61 @ nid 36
[  193.357684][ T8332] erofs (device loop5): bogus lookback distance 1024 @ lcn 58 of nid 36
[  193.357707][ T8332] erofs (device loop5): readahead error at folio 59 @ nid 36
[  193.357727][ T8332] erofs (device loop5): bogus lookback distance 1024 @ lcn 58 of nid 36
[  193.357749][ T8332] erofs (device loop5): readahead error at folio 58 @ nid 36
[  193.357787][ T8332] erofs (device loop5): readahead error at folio 56 @ nid 36
[  193.357825][ T8332] erofs (device loop5): readahead error at folio 54 @ nid 36
[  193.357913][ T8332] erofs (device loop5): readahead error at folio 50 @ nid 36
[  193.357959][ T8332] erofs (device loop5): bogus lookback distance 1586 @ lcn 46 of nid 36
[  193.357981][ T8332] erofs (device loop5): readahead error at folio 47 @ nid 36
[  193.358000][ T8332] erofs (device loop5): bogus lookback distance 1586 @ lcn 46 of nid 36
[  193.358029][ T8332] erofs (device loop5): readahead error at folio 46 @ nid 36
[  193.358058][ T8332] erofs (device loop5): readahead error at folio 45 @ nid 36
[  193.358095][ T8332] erofs (device loop5): bogus lookback distance 1388 @ lcn 42 of nid 36
[  193.358115][ T8332] erofs (device loop5): readahead error at folio 43 @ nid 36
[  193.358134][ T8332] erofs (device loop5): bogus lookback distance 1388 @ lcn 42 of nid 36
[  193.358155][ T8332] erofs (device loop5): readahead error at folio 42 @ nid 36
[  193.358182][ T8332] erofs (device loop5): bogus lookback distance 774 @ lcn 40 of nid 36
[  193.358202][ T8332] erofs (device loop5): readahead error at folio 41 @ nid 36
[  193.358221][ T8332] erofs (device loop5): bogus lookback distance 774 @ lcn 40 of nid 36
[  193.358241][ T8332] erofs (device loop5): readahead error at folio 40 @ nid 36
[  193.358269][ T8332] erofs (device loop5): readahead error at folio 39 @ nid 36
[  193.358288][ T8332] erofs (device loop5): readahead error at folio 38 @ nid 36
[  193.358491][ T8332] erofs (device loop5): readahead error at folio 36 @ nid 36
[  193.358770][ T8332] erofs (device loop5): bogus lookback distance 1468 @ lcn 31 of nid 36
[  193.358791][ T8332] erofs (device loop5): readahead error at folio 31 @ nid 36
[  193.359064][ T8332] erofs (device loop5): readahead error at folio 26 @ nid 36
[  193.359134][ T8332] erofs (device loop5): readahead error at folio 24 @ nid 36
[  193.359460][ T8332] erofs (device loop5): readahead error at folio 19 @ nid 36
[  193.359841][ T8332] erofs (device loop5): readahead error at folio 13 @ nid 36
[  193.360244][ T8332] erofs (device loop5): readahead error at folio 8 @ nid 36
[  193.360388][ T8332] erofs (device loop5): readahead error at folio 6 @ nid 36
[  193.360430][ T8332] erofs (device loop5): readahead error at folio 4 @ nid 36
[  193.360739][ T8332] erofs (device loop5): invalid logical cluster 0 at nid 36
[  193.360757][ T8332] erofs (device loop5): readahead error at folio 0 @ nid 36
[  193.361204][ T8332] syz.5.739: attempt to access beyond end of device
[  193.361204][ T8332] loop5: rw=524288, sector=296, nr_sectors = 16 limit=16
[  193.361454][ T8332] syz.5.739: attempt to access beyond end of device
[  193.361454][ T8332] loop5: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  193.362383][ T8332] syz.5.739: attempt to access beyond end of device
[  193.362383][ T8332] loop5: rw=524288, sector=720, nr_sectors = 128 limit=16
[  193.362693][ T8332] syz.5.739: attempt to access beyond end of device
[  193.362693][ T8332] loop5: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  193.362859][ T8332] syz.5.739: attempt to access beyond end of device
[  193.362859][ T8332] loop5: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  193.404405][ T8328] ntfs3(loop2): failed to convert "0000" to iso8859-14
[  193.409175][ T8332] syz.5.739: attempt to access beyond end of device
[  193.409175][ T8332] loop5: rw=524288, sector=32, nr_sectors = 64 limit=16
[  193.409339][ T8332] syz.5.739: attempt to access beyond end of device
[  193.409339][ T8332] loop5: rw=524288, sector=8, nr_sectors = 24 limit=16
[  193.409557][ T8332] syz.5.739: attempt to access beyond end of device
[  193.409557][ T8332] loop5: rw=524288, sector=14425508768, nr_sectors = 8 limit=16
[  193.414439][ T8328] ntfs3(loop2): failed to convert name for inode 1e.
[  193.417257][ T8328] ntfs3(loop2): ino=1f, mi_enum_attr
[  193.417338][ T8328] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  193.421783][ T8328] ntfs3(loop2): ino=1f, mi_enum_attr
[  193.472873][ T8330] loop3: detected capacity change from 0 to 32768
[  193.475237][ T8330] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.738 (8330)
[  193.498939][ T8330] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  193.499019][ T8330] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  193.499052][ T8330] BTRFS info (device loop3): using free-space-tree
[  194.013490][ T5832] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  194.098194][ T8337] loop0: detected capacity change from 0 to 32768
[  194.099011][ T8337] XFS: attr2 mount option is deprecated.
[  194.099038][ T8337] XFS: ikeep mount option is deprecated.
[  194.099057][ T8337] XFS: noikeep mount option is deprecated.
[  194.197638][ T8337] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  194.203121][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.203217][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.237073][ T8334] loop6: detected capacity change from 0 to 32768
[  194.277729][ T8335] tty tty30: ldisc open failed (-12), clearing slot 29
[  194.433001][ T8334] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.740 (8334)
[  194.658914][ T8337] XFS (loop0): Ending clean mount
[  194.690940][ T8334] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  194.708170][ T8334] BTRFS info (device loop6): using crc32c (crc32c-x86_64) checksum algorithm
[  194.719233][ T8337] XFS (loop0): Quotacheck needed: Please wait.
[  194.728488][ T8334] BTRFS info (device loop6): disk space caching is enabled
[  194.736776][ T8334] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  194.783301][ T8337] XFS (loop0): Quotacheck: Done.
[  194.908081][ T8381] loop3: detected capacity change from 0 to 16
[  194.958496][ T8381] erofs (device loop3): mounted with root inode @ nid 36.
[  195.034708][ T8334] BTRFS info (device loop6): rebuilding free space tree
[  195.053679][ T8356] loop2: detected capacity change from 0 to 32768
[  195.074665][ T5828] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  195.102584][ T8356] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  195.164227][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout
[  195.171377][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  195.177646][   T56] Bluetooth: hci2: command 0x0c1a tx timeout
[  195.192120][ T8334] BTRFS info (device loop6): disabling free space tree
[  195.237931][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  195.255830][ T8398] loop3: detected capacity change from 0 to 2048
[  195.268697][ T8334] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  195.279016][ T8334] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  195.326808][ T8398] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  195.553700][ T8356] XFS (loop2): Ending clean mount
[  195.570025][ T8356] XFS (loop2): Quotacheck needed: Please wait.
[  195.593556][ T7270] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  195.717702][ T8356] XFS (loop2): Quotacheck: Done.
[  195.953125][ T5838] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  196.012363][ T8409] Zero length message leads to an empty skb
[  196.239357][ T8417] loop3: detected capacity change from 0 to 256
[  196.610003][ T8428] loop0: detected capacity change from 0 to 16
[  196.669264][ T8428] erofs (device loop0): mounted with root inode @ nid 36.
[  197.223411][ T8448] loop5: detected capacity change from 0 to 512
[  197.292630][ T8448] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  197.316968][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  197.337753][ T8448] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.496053][ T8454] loop0: detected capacity change from 0 to 256
[  197.548081][ T8454] FAT-fs (loop0): Directory bread(block 64) failed
[  197.560986][ T8454] FAT-fs (loop0): Directory bread(block 65) failed
[  197.578169][ T8454] FAT-fs (loop0): Directory bread(block 66) failed
[  197.592657][ T8454] FAT-fs (loop0): Directory bread(block 67) failed
[  197.615053][ T8454] FAT-fs (loop0): Directory bread(block 68) failed
[  197.639768][ T8454] FAT-fs (loop0): Directory bread(block 69) failed
[  197.643901][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  197.660371][ T8454] FAT-fs (loop0): Directory bread(block 70) failed
[  197.686624][ T8454] FAT-fs (loop0): Directory bread(block 71) failed
[  197.711591][ T8454] FAT-fs (loop0): Directory bread(block 72) failed
[  197.733889][ T8454] FAT-fs (loop0): Directory bread(block 73) failed
[  197.925252][ T8458] siw: device registration error -23
[  198.016455][ T5908] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  198.188144][ T5908] usb 7-1: Using ep0 maxpacket: 16
[  198.217455][ T5908] usb 7-1: config index 0 descriptor too short (expected 16456, got 72)
[  198.225860][ T5908] usb 7-1: config 0 has an invalid interface number: 125 but max is 1
[  198.261415][ T5908] usb 7-1: config 0 has an invalid interface number: 125 but max is 1
[  198.275465][ T8470] loop3: detected capacity change from 0 to 2048
[  198.282547][ T5908] usb 7-1: config 0 has an invalid interface number: 125 but max is 1
[  198.293919][ T5908] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  198.304272][ T5908] usb 7-1: config 0 has no interface number 0
[  198.311888][ T5908] usb 7-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  198.325322][ T5908] usb 7-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  198.342068][ T5908] usb 7-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  198.363690][ T5908] usb 7-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  198.379004][ T8470] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.414916][ T5908] usb 7-1: config 0 interface 125 has no altsetting 0
[  198.445197][ T5908] usb 7-1: config 0 interface 125 has no altsetting 2
[  198.447584][ T8482] loop0: detected capacity change from 0 to 1024
[  198.462076][ T8470] EXT4-fs (loop3): shut down requested (1)
[  198.478039][ T5908] usb 7-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  198.500760][ T5908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.527906][ T5908] usb 7-1: Product: syz
[  198.547743][ T5908] usb 7-1: Manufacturer: syz
[  198.570274][ T8482] hfsplus: cannot replace xattr
[  198.571837][ T5908] usb 7-1: SerialNumber: syz
[  198.591219][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.606008][ T5908] usb 7-1: config 0 descriptor??
[  198.622908][   T63] hfsplus: b-tree write err: -5, ino 4
[  198.632422][ T5908] usb 7-1: selecting invalid altsetting 2
[  198.748502][ T8486] loop0: detected capacity change from 0 to 256
[  198.885914][ T8474] loop2: detected capacity change from 0 to 40427
[  198.909505][ T8474] F2FS-fs (loop2): invalid crc value
[  199.059043][ T8495] loop0: detected capacity change from 0 to 512
[  199.114136][ T8474] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  199.130876][ T8495] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.146805][ T8495] ext4 filesystem being mounted at /166/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  199.229261][ T8495] EXT4-fs error (device loop0): ext4_do_update_inode:5182: inode #2: comm syz.0.787: corrupted inode contents
[  199.259655][ T8495] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #2: comm syz.0.787: mark_inode_dirty error
[  199.286599][ T5838] syz-executor: attempt to access beyond end of device
[  199.286599][ T5838] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  199.329085][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) 
[  199.329121][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  199.329135][ T5838] Call Trace:
[  199.329144][ T5838]  <TASK>
[  199.329152][ T5838]  dump_stack_lvl+0x241/0x360
[  199.329201][ T5838]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.329234][ T5838]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  199.329267][ T5838]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  199.329301][ T5838]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  199.329332][ T5838]  f2fs_handle_critical_error+0x392/0x5a0
[  199.329368][ T5838]  f2fs_write_end_io+0x563/0x790
[  199.329403][ T5838]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  199.329436][ T5838]  ? bio_endio+0x7e4/0x890
[  199.329462][ T5838]  ? bio_endio+0x82a/0x890
[  199.329490][ T5838]  __submit_merged_bio+0x2a9/0x710
[  199.329509][ T5838]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  199.329552][ T5838]  f2fs_submit_merged_write_cond+0x29f/0x380
[  199.329600][ T5838]  f2fs_write_data_pages+0x2f99/0x38d0
[  199.329688][ T5838]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.329731][ T5838]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  199.329851][ T5838]  ? __lock_acquire+0xad5/0xd80
[  199.329883][ T5838]  ? do_raw_spin_lock+0x151/0x370
[  199.329924][ T5838]  ? do_raw_spin_unlock+0x13c/0x8b0
[  199.329959][ T5838]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.329987][ T5838]  do_writepages+0x38c/0x640
[  199.330008][ T5838]  ? __lock_acquire+0xad5/0xd80
[  199.330036][ T5838]  ? __pfx_do_writepages+0x10/0x10
[  199.330055][ T5838]  ? do_raw_spin_lock+0x151/0x370
[  199.330102][ T5838]  ? do_raw_spin_unlock+0x13c/0x8b0
[  199.330143][ T5838]  filemap_fdatawrite+0x1f2/0x2a0
[  199.330173][ T5838]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  199.330194][ T5838]  ? mlock_drain_local+0x79/0x490
[  199.330276][ T5838]  ? do_raw_spin_unlock+0x13c/0x8b0
[  199.330318][ T5838]  f2fs_sync_dirty_inodes+0x34f/0x860
[  199.330366][ T5838]  f2fs_write_checkpoint+0x857/0x1da0
[  199.330420][ T5838]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  199.330509][ T5838]  ? kill_f2fs_super+0x290/0x6d0
[  199.330543][ T5838]  kill_f2fs_super+0x2b8/0x6d0
[  199.330578][ T5838]  ? __pfx_kill_f2fs_super+0x10/0x10
[  199.330717][ T5838]  ? shrinker_free+0x2ca/0x3d0
[  199.330753][ T5838]  deactivate_locked_super+0xc4/0x130
[  199.330797][ T5838]  cleanup_mnt+0x422/0x4c0
[  199.330822][ T5838]  ? lockdep_hardirqs_on+0x9d/0x150
[  199.330988][ T5838]  task_work_run+0x251/0x310
[  199.331022][ T5838]  ? __pfx_task_work_run+0x10/0x10
[  199.331050][ T5838]  ? syscall_exit_to_user_mode+0xa3/0x340
[  199.331076][ T5838]  syscall_exit_to_user_mode+0x13f/0x340
[  199.331103][ T5838]  do_syscall_64+0x100/0x230
[  199.331124][ T5838]  ? clear_bhb_loop+0x45/0xa0
[  199.331150][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.331169][ T5838] RIP: 0033:0x7fb9fd98e497
[  199.331196][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  199.331214][ T5838] RSP: 002b:00007ffeb3862f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  199.331237][ T5838] RAX: 0000000000000000 RBX: 00007fb9fda0e08c RCX: 00007fb9fd98e497
[  199.331252][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb3863020
[  199.331266][ T5838] RBP: 00007ffeb3863020 R08: 0000000000000000 R09: 0000000000000000
[  199.331279][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb38640b0
[  199.331293][ T5838] R13: 00007fb9fda0e08c R14: 0000000000030a30 R15: 00007ffeb38640f0
[  199.331330][ T5838]  </TASK>
[  199.332172][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  199.362251][ T8495] EXT4-fs error (device loop0): ext4_do_update_inode:5182: inode #2: comm syz.0.787: corrupted inode contents
[  199.732158][ T8495] EXT4-fs error (device loop0): __ext4_ext_dirty:207: inode #2: comm syz.0.787: mark_inode_dirty error
[  199.793319][ T5908] usb 7-1: USB disconnect, device number 5
[  199.832791][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.158523][ T8514] loop2: detected capacity change from 0 to 256
[  200.206196][ T8514] FAT-fs (loop2): Directory bread(block 64) failed
[  200.233593][ T8514] FAT-fs (loop2): Directory bread(block 65) failed
[  200.259244][ T8514] FAT-fs (loop2): Directory bread(block 66) failed
[  200.276089][ T8514] FAT-fs (loop2): Directory bread(block 67) failed
[  200.344233][ T8514] FAT-fs (loop2): Directory bread(block 68) failed
[  200.397023][ T8514] FAT-fs (loop2): Directory bread(block 69) failed
[  200.437143][ T8514] FAT-fs (loop2): Directory bread(block 70) failed
[  200.445094][ T8514] FAT-fs (loop2): Directory bread(block 71) failed
[  200.490751][ T8514] FAT-fs (loop2): Directory bread(block 72) failed
[  200.505998][ T8519] input: syz0 as /devices/virtual/input/input17
[  200.515455][ T8514] FAT-fs (loop2): Directory bread(block 73) failed
[  200.571086][ T8514] syz.2.790: attempt to access beyond end of device
[  200.571086][ T8514] loop2: rw=524288, sector=1192, nr_sectors = 4 limit=256
[  200.631916][ T8514] syz.2.790: attempt to access beyond end of device
[  200.631916][ T8514] loop2: rw=0, sector=1192, nr_sectors = 4 limit=256
[  200.668130][   T30] kauditd_printk_skb: 81 callbacks suppressed
[  200.668148][   T30] audit: type=1800 audit(1744093934.612:124): pid=8514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.790" name="file1" dev="loop2" ino=150 res=0 errno=0
[  201.006222][ T8531] loop2: detected capacity change from 0 to 16
[  201.145674][ T8531] erofs (device loop2): mounted with root inode @ nid 36.
[  201.203606][ T8531] syz.2.798: attempt to access beyond end of device
[  201.203606][ T8531] loop2: rw=0, sector=103079215104, nr_sectors = 8 limit=16
[  201.224487][ T8536] loop3: detected capacity change from 0 to 1024
[  201.241243][ T8536] EXT4-fs: Ignoring removed orlov option
[  201.246575][ T8531] erofs (device loop2): failed to readdir of logical block 0 of nid 36
[  201.272544][ T8537] netlink: 256 bytes leftover after parsing attributes in process `syz.5.797'.
[  201.301592][ T8536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.532364][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.715169][ T8551] loop3: detected capacity change from 0 to 8
[  201.781185][ T8551] SQUASHFS error: xz decompression failed, data probably corrupt
[  201.846633][ T8551] SQUASHFS error: Failed to read block 0x108: -5
[  201.853205][ T8551] SQUASHFS error: Unable to read metadata cache entry [106]
[  201.860877][ T8551] SQUASHFS error: Unable to read inode 0x11f
[  202.135428][ T8561] loop6: detected capacity change from 0 to 512
[  202.204424][ T8561] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.225247][ T8561] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  202.419749][ T7270] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.639850][ T8580] mmap: syz.6.812 (8580) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  203.015838][ T8592] loop2: detected capacity change from 0 to 8
[  203.044093][ T8592] SQUASHFS error: xz decompression failed, data probably corrupt
[  203.054396][ T8592] SQUASHFS error: Failed to read block 0x108: -5
[  203.062063][ T8592] SQUASHFS error: Unable to read metadata cache entry [106]
[  203.073034][ T8592] SQUASHFS error: Unable to read inode 0x11f
[  203.196620][ T5884] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  203.366705][ T5884] usb 6-1: Using ep0 maxpacket: 16
[  203.380576][ T8585] loop0: detected capacity change from 0 to 32768
[  203.388539][ T5884] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  203.405192][ T8585] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.817 (8585)
[  203.416465][ T5884] usb 6-1: config 0 has no interface number 0
[  203.435181][ T5884] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  203.458881][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.473131][ T8585] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  203.479508][ T5884] usb 6-1: Product: syz
[  203.493933][ T5884] usb 6-1: Manufacturer: syz
[  203.500108][ T5884] usb 6-1: SerialNumber: syz
[  203.516641][ T8585] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm
[  203.520727][ T5884] usb 6-1: config 0 descriptor??
[  203.525448][ T8585] BTRFS info (device loop0): disk space caching is enabled
[  203.525470][ T8585] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  203.542460][ T5884] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  203.680948][ T8619] loop6: detected capacity change from 0 to 8
[  203.689942][ T8585] BTRFS info (device loop0): rebuilding free space tree
[  203.723889][ T8585] BTRFS info (device loop0): disabling free space tree
[  203.747910][ T8585] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  203.768695][ T8619] SQUASHFS error: Failed to read block 0x2d7: -5
[  203.783759][ T8585] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  203.805078][ T8619] SQUASHFS error: Unable to read metadata cache entry [2d5]
[  204.061528][ T5828] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  204.195214][ T8601] loop2: detected capacity change from 0 to 40427
[  204.205424][ T8601] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3fffff
[  204.283980][ T8601] F2FS-fs (loop2): Image doesn't support compression
[  204.293797][ T8601] F2FS-fs (loop2): heap/no_heap options were deprecated
[  204.316925][ T8601] F2FS-fs (loop2): Image doesn't support compression
[  204.326155][ T8601] F2FS-fs (loop2): invalid crc value
[  204.340926][ T8629] loop3: detected capacity change from 0 to 1024
[  204.387458][ T8629] EXT4-fs: Ignoring removed orlov option
[  204.393186][ T8629] EXT4-fs: Ignoring removed nomblk_io_submit option
[  204.454517][ T8629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.569303][ T5884] gspca_spca1528: reg_w err -71
[  204.574320][ T5884] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71
[  204.613215][ T5884] usb 6-1: USB disconnect, device number 8
[  204.661962][ T8601] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  204.724168][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.738984][ T8601] syz.2.823: attempt to access beyond end of device
[  204.738984][ T8601] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  204.776172][ T8601] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x581/0x1f30
[  204.791677][ T8601] F2FS-fs (loop2): invalid blkaddr: 5638, type: 7, run fsck to fix.
[  204.805898][ T8601] syz.2.823: attempt to access beyond end of device
[  204.805898][ T8601] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  204.855793][ T5838] syz-executor: attempt to access beyond end of device
[  204.855793][ T5838] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  204.870566][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) 
[  204.870593][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  204.870605][ T5838] Call Trace:
[  204.870613][ T5838]  <TASK>
[  204.870621][ T5838]  dump_stack_lvl+0x241/0x360
[  204.870659][ T5838]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.870688][ T5838]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  204.870737][ T5838]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  204.870769][ T5838]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  204.870800][ T5838]  f2fs_handle_critical_error+0x392/0x5a0
[  204.870833][ T5838]  f2fs_write_end_io+0x563/0x790
[  204.870867][ T5838]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  204.870898][ T5838]  ? bio_endio+0x7e4/0x890
[  204.870924][ T5838]  ? bio_endio+0x82a/0x890
[  204.870951][ T5838]  __submit_merged_bio+0x2a9/0x710
[  204.870970][ T5838]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  204.871012][ T5838]  f2fs_submit_merged_write_cond+0x29f/0x380
[  204.871061][ T5838]  f2fs_write_data_pages+0x2f99/0x38d0
[  204.871083][ T5838]  ? __lock_acquire+0xad5/0xd80
[  204.871150][ T5838]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  204.871205][ T5838]  ? 0xffffffffa00038c0
[  204.871303][ T5838]  ? lockdep_hardirqs_on+0x9d/0x150
[  204.871325][ T5838]  ? __pfx_folios_put_refs+0x10/0x10
[  204.871354][ T5838]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  204.871399][ T5838]  ? __lock_acquire+0xad5/0xd80
[  204.871418][ T5838]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  204.871447][ T5838]  do_writepages+0x38c/0x640
[  204.871469][ T5838]  ? __lock_acquire+0xad5/0xd80
[  204.871498][ T5838]  ? __pfx_do_writepages+0x10/0x10
[  204.871518][ T5838]  ? do_raw_spin_lock+0x151/0x370
[  204.871565][ T5838]  ? do_raw_spin_unlock+0x13c/0x8b0
[  204.871607][ T5838]  filemap_fdatawrite+0x1f2/0x2a0
[  204.871637][ T5838]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  204.871658][ T5838]  ? mlock_drain_local+0x79/0x490
[  204.871741][ T5838]  ? do_raw_spin_unlock+0x13c/0x8b0
[  204.871782][ T5838]  f2fs_sync_dirty_inodes+0x34f/0x860
[  204.871835][ T5838]  f2fs_write_checkpoint+0x857/0x1da0
[  204.871889][ T5838]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  204.871978][ T5838]  ? kill_f2fs_super+0x290/0x6d0
[  204.872011][ T5838]  kill_f2fs_super+0x2b8/0x6d0
[  204.872046][ T5838]  ? __pfx_kill_f2fs_super+0x10/0x10
[  204.872083][ T5838]  ? shrinker_free+0x2ca/0x3d0
[  204.872116][ T5838]  deactivate_locked_super+0xc4/0x130
[  204.872146][ T5838]  cleanup_mnt+0x422/0x4c0
[  204.872190][ T5838]  ? lockdep_hardirqs_on+0x9d/0x150
[  204.872215][ T5838]  task_work_run+0x251/0x310
[  204.872244][ T5838]  ? __pfx_task_work_run+0x10/0x10
[  204.872271][ T5838]  ? syscall_exit_to_user_mode+0xa3/0x340
[  204.872295][ T5838]  syscall_exit_to_user_mode+0x13f/0x340
[  204.872322][ T5838]  do_syscall_64+0x100/0x230
[  204.872344][ T5838]  ? clear_bhb_loop+0x45/0xa0
[  204.872370][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.872390][ T5838] RIP: 0033:0x7fb9fd98e497
[  204.872407][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  204.872425][ T5838] RSP: 002b:00007ffeb3862f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  204.872447][ T5838] RAX: 0000000000000000 RBX: 00007fb9fda0e08c RCX: 00007fb9fd98e497
[  204.872461][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb3863020
[  204.872473][ T5838] RBP: 00007ffeb3863020 R08: 0000000000000000 R09: 0000000000000000
[  204.872486][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb38640b0
[  204.872518][ T5838] R13: 00007fb9fda0e08c R14: 0000000000032005 R15: 00007ffeb38640f0
[  204.872557][ T5838]  </TASK>
[  204.872567][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  205.101326][ T8645] loop0: detected capacity change from 0 to 4096
[  205.236583][ T5906] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  205.416517][ T5906] usb 4-1: Using ep0 maxpacket: 32
[  205.423692][ T5906] usb 4-1: config 0 interface 0 altsetting 156 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  205.446846][ T5906] usb 4-1: config 0 interface 0 altsetting 156 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.476679][ T5906] usb 4-1: config 0 interface 0 has no altsetting 0
[  205.483481][ T5906] usb 4-1: New USB device found, idVendor=05ac, idProduct=0225, bcdDevice= 0.00
[  205.509422][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.537679][ T5906] usb 4-1: config 0 descriptor??
[  205.634055][ T8652] netlink: 4 bytes leftover after parsing attributes in process `syz.5.839'.
[  205.768792][ T8655] loop2: detected capacity change from 0 to 512
[  205.802469][ T8655] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.815781][ T8655] ext4 filesystem being mounted at /178/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  205.845911][ T8655] EXT4-fs error (device loop2): ext4_do_update_inode:5182: inode #2: comm syz.2.834: corrupted inode contents
[  205.863647][ T8655] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz.2.834: mark_inode_dirty error
[  205.886234][ T8655] EXT4-fs error (device loop2): ext4_do_update_inode:5182: inode #2: comm syz.2.834: corrupted inode contents
[  205.906976][ T8655] EXT4-fs error (device loop2): __ext4_ext_dirty:207: inode #2: comm syz.2.834: mark_inode_dirty error
[  205.963423][ T5906] apple 0003:05AC:0225.0006: hidraw0: USB HID v0.00 Device [HID 05ac:0225] on usb-dummy_hcd.3-1/input0
[  205.995519][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.188387][ T5908] usb 4-1: USB disconnect, device number 7
[  206.194349][   T30] audit: type=1326 audit(1744093940.132:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.216502][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.253678][   T30] audit: type=1326 audit(1744093940.132:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.311695][   T30] audit: type=1326 audit(1744093940.132:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.333796][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.396576][   T30] audit: type=1326 audit(1744093940.132:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.482619][   T30] audit: type=1326 audit(1744093940.132:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.541443][   T30] audit: type=1326 audit(1744093940.132:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.563603][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.606509][   T30] audit: type=1326 audit(1744093940.132:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.646493][   T30] audit: type=1326 audit(1744093940.132:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.727638][   T30] audit: type=1326 audit(1744093940.132:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8666 comm="syz.6.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a1f8d169 code=0x7ffc0000
[  206.749825][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.784393][ T8664] loop5: detected capacity change from 0 to 32768
[  206.831068][ T8664] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.840 (8664)
[  206.868517][ T8664] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  206.896632][ T8664] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm
[  206.926699][ T8664] BTRFS info (device loop5): disk space caching is enabled
[  206.946162][ T8664] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  207.075510][ T8696] netlink: 4 bytes leftover after parsing attributes in process `syz.3.854'.
[  207.084929][ T8669] loop0: detected capacity change from 0 to 40427
[  207.110923][ T8669] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3fffff
[  207.155252][ T8669] F2FS-fs (loop0): Image doesn't support compression
[  207.173429][ T8669] F2FS-fs (loop0): heap/no_heap options were deprecated
[  207.185503][ T8664] BTRFS info (device loop5): rebuilding free space tree
[  207.187368][ T8669] F2FS-fs (loop0): Image doesn't support compression
[  207.221319][ T8664] BTRFS info (device loop5): disabling free space tree
[  207.228911][ T8664] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  207.243127][ T8669] F2FS-fs (loop0): invalid crc value
[  207.251502][ T8664] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  207.319668][ T8706] loop6: detected capacity change from 0 to 256
[  207.397767][ T8706] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  207.441803][ T8669] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  207.496208][ T8714] loop2: detected capacity change from 0 to 512
[  207.547538][ T6444] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  207.566965][ T8669] syz.0.846: attempt to access beyond end of device
[  207.566965][ T8669] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  207.601660][ T8714] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.622088][ T8669] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x581/0x1f30
[  207.657896][ T8714] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  207.677641][ T8669] F2FS-fs (loop0): invalid blkaddr: 5638, type: 7, run fsck to fix.
[  207.707636][ T8669] syz.0.846: attempt to access beyond end of device
[  207.707636][ T8669] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  207.753180][   T30] audit: type=1800 audit(1744093941.692:134): pid=8714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.858" name="file1" dev="loop2" ino=15 res=0 errno=0
[  207.795891][ T8722] syzkaller1: entered promiscuous mode
[  207.824198][ T8722] syzkaller1: entered allmulticast mode
[  207.873722][ T5828] syz-executor: attempt to access beyond end of device
[  207.873722][ T5828] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  207.899701][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) 
[  207.899732][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  207.899746][ T5828] Call Trace:
[  207.899755][ T5828]  <TASK>
[  207.899764][ T5828]  dump_stack_lvl+0x241/0x360
[  207.899806][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.899839][ T5828]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  207.899872][ T5828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  207.899906][ T5828]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  207.899939][ T5828]  f2fs_handle_critical_error+0x392/0x5a0
[  207.899974][ T5828]  f2fs_write_end_io+0x563/0x790
[  207.900025][ T5828]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  207.900058][ T5828]  ? bio_endio+0x7e4/0x890
[  207.900092][ T5828]  ? bio_endio+0x82a/0x890
[  207.900120][ T5828]  __submit_merged_bio+0x2a9/0x710
[  207.900140][ T5828]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  207.900189][ T5828]  f2fs_submit_merged_write_cond+0x29f/0x380
[  207.900240][ T5828]  f2fs_write_data_pages+0x2f99/0x38d0
[  207.900327][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  207.900392][ T5828]  ? do_raw_spin_lock+0x151/0x370
[  207.900507][ T5828]  ? lockdep_hardirqs_on+0x9d/0x150
[  207.900532][ T5828]  ? __pfx_folios_put_refs+0x10/0x10
[  207.900561][ T5828]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  207.900608][ T5828]  ? __lock_acquire+0xad5/0xd80
[  207.900630][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  207.900659][ T5828]  do_writepages+0x38c/0x640
[  207.900681][ T5828]  ? __lock_acquire+0xad5/0xd80
[  207.900711][ T5828]  ? __pfx_do_writepages+0x10/0x10
[  207.900731][ T5828]  ? do_raw_spin_lock+0x151/0x370
[  207.900780][ T5828]  ? do_raw_spin_unlock+0x13c/0x8b0
[  207.900823][ T5828]  filemap_fdatawrite+0x1f2/0x2a0
[  207.900855][ T5828]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  207.900878][ T5828]  ? mlock_drain_local+0x79/0x490
[  207.900973][ T5828]  ? do_raw_spin_unlock+0x13c/0x8b0
[  207.901019][ T5828]  f2fs_sync_dirty_inodes+0x34f/0x860
[  207.901062][ T5828]  f2fs_write_checkpoint+0x857/0x1da0
[  207.901106][ T5828]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  207.901178][ T5828]  ? kill_f2fs_super+0x290/0x6d0
[  207.901205][ T5828]  kill_f2fs_super+0x2b8/0x6d0
[  207.901233][ T5828]  ? __pfx_kill_f2fs_super+0x10/0x10
[  207.901265][ T5828]  ? shrinker_free+0x2ca/0x3d0
[  207.901291][ T5828]  deactivate_locked_super+0xc4/0x130
[  207.901314][ T5828]  cleanup_mnt+0x422/0x4c0
[  207.901334][ T5828]  ? lockdep_hardirqs_on+0x9d/0x150
[  207.901355][ T5828]  task_work_run+0x251/0x310
[  207.901378][ T5828]  ? __pfx_task_work_run+0x10/0x10
[  207.901399][ T5828]  ? syscall_exit_to_user_mode+0xa3/0x340
[  207.901419][ T5828]  syscall_exit_to_user_mode+0x13f/0x340
[  207.901439][ T5828]  do_syscall_64+0x100/0x230
[  207.901457][ T5828]  ? clear_bhb_loop+0x45/0xa0
[  207.901478][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.901493][ T5828] RIP: 0033:0x7f2e9a78e497
[  207.901508][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  207.901522][ T5828] RSP: 002b:00007ffc83d315c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  207.901539][ T5828] RAX: 0000000000000000 RBX: 00007f2e9a80e08c RCX: 00007f2e9a78e497
[  207.901550][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc83d31680
[  207.901560][ T5828] RBP: 00007ffc83d31680 R08: 0000000000000000 R09: 0000000000000000
[  207.901571][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc83d32710
[  207.901582][ T5828] R13: 00007f2e9a80e08c R14: 0000000000032b8f R15: 00007ffc83d32750
[  207.901614][ T5828]  </TASK>
[  207.902641][ T5828] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  208.128701][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.833170][ T8734] loop3: detected capacity change from 0 to 4096
[  208.965994][ T8726] loop5: detected capacity change from 0 to 32768
[  208.990340][ T8726] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.859 (8726)
[  209.046206][ T8726] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  209.073416][ T8726] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  209.099494][ T8726] BTRFS info (device loop5): using free-space-tree
[  209.184526][ T8728] loop2: detected capacity change from 0 to 40427
[  209.192737][ T8728] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  209.200650][ T8728] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  209.253653][ T8728] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  209.485504][ T6444] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  209.511341][ T8761] loop0: detected capacity change from 0 to 2048
[  209.530635][ T8728] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  209.541877][ T8728] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  209.594475][ T8761] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  209.806518][ T8728] syz.2.863: attempt to access beyond end of device
[  209.806518][ T8728] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  210.259640][ T8773] loop5: detected capacity change from 0 to 1024
[  210.280008][ T8773] EXT4-fs: Ignoring removed orlov option
[  210.296565][ T8773] EXT4-fs: Ignoring removed nomblk_io_submit option
[  210.324121][ T8773] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.583799][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.784952][ T8780] geneve0: entered allmulticast mode
[  210.835888][ T8767] loop0: detected capacity change from 0 to 32768
[  210.859770][ T8765] loop3: detected capacity change from 0 to 32768
[  210.880451][ T8765] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.870 (8765)
[  210.929171][ T8767] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  210.965448][ T8765] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  210.985198][ T8765] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  211.016531][ T8765] BTRFS info (device loop3): disk space caching is enabled
[  211.023807][ T8765] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  211.032761][ T8767] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  211.182707][ T8765] BTRFS info (device loop3): rebuilding free space tree
[  211.263064][ T8811] loop6: detected capacity change from 0 to 4096
[  211.300314][ T8765] BTRFS info (device loop3): disabling free space tree
[  211.307965][ T8765] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  211.323130][ T8765] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  211.460008][ T8815] loop5: detected capacity change from 0 to 8
[  211.467036][ T8811] ntfs3(loop6): failed to convert "0000" to iso8859-14
[  211.536753][ T5828] ocfs2: Unmounting device (7,0) on (node local)
[  211.610966][ T5832] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  211.767614][ T8819] loop5: detected capacity change from 0 to 1024
[  211.798328][ T8819] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled
[  211.852964][ T8819] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.030579][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.683134][ T8818] loop6: detected capacity change from 0 to 32768
[  212.712179][ T8836] loop3: detected capacity change from 0 to 4096
[  212.748415][ T8818] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  212.777108][ T8844] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  212.863412][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  212.863452][   T30] audit: type=1800 audit(1744093946.792:136): pid=8836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.892" name="file1" dev="loop3" ino=19 res=0 errno=0
[  212.952498][ T8823] loop0: detected capacity change from 0 to 40427
[  212.958196][ T8834] loop5: detected capacity change from 0 to 32768
[  212.969763][ T8834] XFS: attr2 mount option is deprecated.
[  212.980472][ T8823] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  212.989305][ T8834] XFS: ikeep mount option is deprecated.
[  212.998698][ T8823] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  213.003260][ T8834] XFS: noikeep mount option is deprecated.
[  213.049280][ T8834] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  213.078675][ T8818] XFS (loop6): Ending clean mount
[  213.112850][ T8818] XFS (loop6): Quotacheck needed: Please wait.
[  213.143988][ T8823] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  213.214047][ T8834] XFS (loop5): Ending clean mount
[  213.250304][ T8834] XFS (loop5): Quotacheck needed: Please wait.
[  213.273019][ T8818] XFS (loop6): Quotacheck: Done.
[  213.312271][ T8838] loop2: detected capacity change from 0 to 32768
[  213.326559][ T8838] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.891 (8838)
[  213.342988][ T8834] XFS (loop5): Quotacheck: Done.
[  213.379533][ T8838] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  213.401937][ T8823] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  213.412367][ T8838] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm
[  213.425273][ T6444] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  213.436470][ T8823] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  213.440669][   T30] audit: type=1800 audit(1744093947.382:137): pid=8818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.885" name="file1" dev="loop6" ino=9286 res=0 errno=0
[  213.447235][ T8838] BTRFS info (device loop2): using free-space-tree
[  213.509038][ T8863] vlan2: entered allmulticast mode
[  213.514298][ T8863] gretap0: entered allmulticast mode
[  213.579769][ T7270] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  213.636323][ T8823] syz.0.884: attempt to access beyond end of device
[  213.636323][ T8823] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  214.007639][ T5838] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  214.293923][ T8889] loop6: detected capacity change from 0 to 128
[  214.433468][ T8889] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  214.507585][ T8889] ext4 filesystem being mounted at /79/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  214.658734][ T7270] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  214.795959][ T8895] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  214.980200][ T8881] loop5: detected capacity change from 0 to 32768
[  215.042683][ T8881] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  215.064247][ T8881] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  215.091639][ T8902] vlan1: entered promiscuous mode
[  215.147325][ T8901] vlan1: left promiscuous mode
[  215.512509][ T6444] ocfs2: Unmounting device (7,5) on (node local)
[  215.528640][ T8893] loop2: detected capacity change from 0 to 32768
[  215.550783][ T8893] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.895 (8893)
[  215.583610][ T8893] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  215.602740][ T8893] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm
[  215.612924][ T8893] BTRFS info (device loop2): disk space caching is enabled
[  215.627855][ T8893] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  215.801703][ T8893] BTRFS info (device loop2): rebuilding free space tree
[  215.861044][ T8893] BTRFS info (device loop2): disabling free space tree
[  215.883978][ T8928] vlan2: entered allmulticast mode
[  215.894555][ T8893] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  215.926948][ T8893] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  215.957589][ T8928] gretap0: entered allmulticast mode
[  216.177881][ T8932] loop3: detected capacity change from 0 to 1024
[  216.217411][ T8932] EXT4-fs: inline encryption not supported
[  216.243359][ T8939] loop5: detected capacity change from 0 to 512
[  216.259952][ T8932] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  216.271477][ T5838] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  216.284943][ T8939] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  216.334264][ T8932] EXT4-fs error (device loop3): ext4_map_blocks:708: inode #3: block 1: comm syz.3.909: lblock 1 mapped to illegal pblock 1 (length 1)
[  216.365929][ T8932] EXT4-fs (loop3): Remounting filesystem read-only
[  216.376613][ T8939] EXT4-fs (loop5): 1 truncate cleaned up
[  216.380802][ T8932] Quota error (device loop3): write_blk: dquota write failed
[  216.386864][ T8939] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.448610][ T8932] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  216.458565][ T8939] EXT4-fs error (device loop5): ext4_append:79: inode #2: comm syz.5.911: Logical block already allocated
[  216.473910][ T8932] EXT4-fs (loop3): 1 orphan inode deleted
[  216.481799][ T8932] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.614792][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.659694][ T8949] geneve0: entered allmulticast mode
[  216.661671][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.948709][ T8963] loop2: detected capacity change from 0 to 8
[  217.218826][ T8969] netlink: 12 bytes leftover after parsing attributes in process `syz.2.922'.
[  217.234608][ T8971] loop6: detected capacity change from 0 to 1024
[  217.249052][ T8971] EXT4-fs: Ignoring removed orlov option
[  217.254952][ T8971] EXT4-fs: Ignoring removed nomblk_io_submit option
[  217.276957][ T5884] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  217.322580][ T8971] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.446422][ T5884] usb 1-1: Using ep0 maxpacket: 16
[  217.454205][ T5884] usb 1-1: config index 0 descriptor too short (expected 16456, got 72)
[  217.473698][ T5884] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  217.498316][ T5884] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  217.507235][   T54] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  217.523883][ T7270] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.535382][ T5884] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  217.549902][ T5884] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  217.559778][ T5884] usb 1-1: config 0 has no interface number 0
[  217.566036][ T5884] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  217.583813][ T5884] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  217.594244][ T5884] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  217.607417][ T5884] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  217.621283][ T5884] usb 1-1: config 0 interface 125 has no altsetting 0
[  217.659480][ T5884] usb 1-1: config 0 interface 125 has no altsetting 2
[  217.679916][ T5884] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  217.696626][   T54] usb 4-1: Using ep0 maxpacket: 16
[  217.703896][   T54] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  217.712789][   T54] usb 4-1: config 0 has no interface number 0
[  217.727056][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.746161][ T5884] usb 1-1: Product: syz
[  217.752801][   T54] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  217.766407][ T5884] usb 1-1: Manufacturer: syz
[  217.771153][ T5884] usb 1-1: SerialNumber: syz
[  217.775979][   T54] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.797445][ T5884] usb 1-1: config 0 descriptor??
[  217.802621][   T54] usb 4-1: Product: syz
[  217.807902][   T54] usb 4-1: Manufacturer: syz
[  217.813438][   T54] usb 4-1: SerialNumber: syz
[  217.820564][ T5884] usb 1-1: selecting invalid altsetting 2
[  217.831802][   T54] usb 4-1: config 0 descriptor??
[  217.853581][   T54] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  218.063527][ T8967] loop5: detected capacity change from 0 to 40427
[  218.090455][ T8967] F2FS-fs (loop5): invalid crc value
[  218.212082][ T8967] F2FS-fs (loop5): Start checkpoint disabled!
[  218.223110][ T8967] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  218.489310][ T8984] loop2: detected capacity change from 0 to 4096
[  218.718911][ T8988] syzkaller1: entered promiscuous mode
[  218.729888][ T8988] syzkaller1: entered allmulticast mode
[  218.865203][ T5884] usb 1-1: USB disconnect, device number 6
[  218.872021][   T54] gspca_spca1528: reg_w err -71
[  218.877413][   T54] spca1528 4-1:0.1: probe with driver spca1528 failed with error -71
[  218.905231][   T54] usb 4-1: USB disconnect, device number 8
[  219.752806][ T9020] syzkaller1: entered promiscuous mode
[  219.783818][ T9020] syzkaller1: entered allmulticast mode
[  219.844536][ T9022] loop2: detected capacity change from 0 to 1024
[  219.854303][ T9022] EXT4-fs: Ignoring removed orlov option
[  219.860348][ T9022] EXT4-fs: Ignoring removed nomblk_io_submit option
[  219.919821][ T9022] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.076235][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.301227][ T9035] loop2: detected capacity change from 0 to 512
[  220.370968][ T9035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.400371][ T9035] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  220.561465][ T9035] EXT4-fs error (device loop2): ext4_get_first_dir_block:3538: inode #12: comm syz.2.947: directory missing '.'
[  220.588905][ T9035] EXT4-fs (loop2): Remounting filesystem read-only
[  220.699598][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.906497][ T5833] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  221.089054][ T9062] loop3: detected capacity change from 0 to 256
[  221.096431][ T5833] usb 6-1: Using ep0 maxpacket: 16
[  221.110131][ T5833] usb 6-1: config index 0 descriptor too short (expected 16456, got 72)
[  221.122618][ T5833] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  221.141273][ T5833] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  221.149482][ T9062] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  221.164616][ T5833] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  221.173169][ T5833] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  221.216416][ T5833] usb 6-1: config 0 has no interface number 0
[  221.222664][ T5833] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  221.262302][ T5833] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  221.276422][ T5833] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  221.298384][ T5833] usb 6-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  221.346495][ T5833] usb 6-1: config 0 interface 125 has no altsetting 0
[  221.359787][ T5833] usb 6-1: config 0 interface 125 has no altsetting 2
[  221.373186][ T5833] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  221.382665][ T5833] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.393029][ T5833] usb 6-1: Product: syz
[  221.397344][ T5833] usb 6-1: Manufacturer: syz
[  221.402038][ T5833] usb 6-1: SerialNumber: syz
[  221.410437][ T5833] usb 6-1: config 0 descriptor??
[  221.429189][ T5833] usb 6-1: selecting invalid altsetting 2
[  221.714277][   T30] audit: type=1326 audit(1744093955.652:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  221.795632][   T30] audit: type=1326 audit(1744093955.652:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  221.852753][   T30] audit: type=1326 audit(1744093955.652:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  221.874876][    C0] vkms_vblank_simulate: vblank timer overrun
[  221.895350][   T30] audit: type=1326 audit(1744093955.652:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  221.924855][   T30] audit: type=1326 audit(1744093955.652:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  221.949103][   T30] audit: type=1326 audit(1744093955.652:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  221.971181][    C0] vkms_vblank_simulate: vblank timer overrun
[  221.977726][   T30] audit: type=1326 audit(1744093955.652:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  222.010869][   T30] audit: type=1326 audit(1744093955.652:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9080 comm="syz.0.966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e9a78d169 code=0x7ffc0000
[  222.086602][   T54] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  222.130945][ T9072] loop2: detected capacity change from 0 to 32768
[  222.138614][ T9072] XFS: ikeep mount option is deprecated.
[  222.161720][ T9072] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  222.191980][ T9079] loop6: detected capacity change from 0 to 32768
[  222.201118][ T9079] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.965 (9079)
[  222.246575][ T9079] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  222.248871][   T54] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  222.269123][ T9079] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  222.284398][   T54] usb 1-1: config 0 interface 0 has no altsetting 0
[  222.293945][   T54] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  222.297475][ T9079] BTRFS info (device loop6): using free-space-tree
[  222.309757][   T54] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  222.318443][   T54] usb 1-1: Product: syz
[  222.322718][   T54] usb 1-1: Manufacturer: syz
[  222.332234][   T54] usb 1-1: SerialNumber: syz
[  222.352860][   T54] usb 1-1: config 0 descriptor??
[  222.369409][ T9072] XFS (loop2): Ending clean mount
[  222.379251][   T54] usb 1-1: selecting invalid altsetting 0
[  222.388576][ T9072] XFS (loop2): Quotacheck needed: Please wait.
[  222.457592][   T54] usb 6-1: USB disconnect, device number 9
[  222.479014][ T9072] XFS (loop2): Quotacheck: Done.
[  222.617546][ T5838] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  222.638333][ T5881] usb 1-1: USB disconnect, device number 7
[  222.675322][ T7270] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  222.814549][ T9094] loop3: detected capacity change from 0 to 32768
[  222.847387][ T9094] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.969 (9094)
[  222.890420][ T9094] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  222.916521][ T9094] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  223.073072][ T9094] BTRFS info (device loop3): rebuilding free space tree
[  223.102269][ T9094] BTRFS info (device loop3): disabling free space tree
[  223.113525][ T9094] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  223.128133][ T9094] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  223.256731][ T5908] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  223.313589][ T5832] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  223.399722][ T9136] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  223.457310][ T5908] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  223.481174][ T5908] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  223.527434][ T5908] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  223.545366][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.554234][ T5908] usb 3-1: Product: syz
[  223.558881][ T5908] usb 3-1: Manufacturer: syz
[  223.563507][ T5908] usb 3-1: SerialNumber: syz
[  223.609547][ T5908] usb 3-1: config 0 descriptor??
[  223.616907][ T9121] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  223.648086][ T9121] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  223.771826][ T9146] loop3: detected capacity change from 0 to 128
[  223.871799][ T9121] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  223.901667][ T9121] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  223.928611][ T9151] loop0: detected capacity change from 0 to 512
[  223.988343][ T9151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.046646][ T9151] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.113702][ T9151] EXT4-fs error (device loop0): ext4_get_first_dir_block:3538: inode #12: comm syz.0.980: directory missing '.'
[  224.128598][ T9151] EXT4-fs (loop0): Remounting filesystem read-only
[  224.163908][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.296517][ T5884] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  224.315307][ T5908] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  224.446444][ T5884] usb 4-1: Using ep0 maxpacket: 16
[  224.455826][ T5884] usb 4-1: config index 0 descriptor too short (expected 16456, got 72)
[  224.483039][ T5884] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  224.505056][ T5884] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  224.513846][ T5884] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  224.522652][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  224.531970][ T5884] usb 4-1: config 0 has no interface number 0
[  224.539180][ T5884] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  224.550743][ T5884] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  224.589480][ T5884] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  224.616758][ T5884] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  224.640683][ T5884] usb 4-1: config 0 interface 125 has no altsetting 0
[  224.659354][ T5884] usb 4-1: config 0 interface 125 has no altsetting 2
[  224.672162][ T5884] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  224.697338][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.719348][ T5908] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  224.719708][ T5884] usb 4-1: Product: syz
[  224.736897][ T5884] usb 4-1: Manufacturer: syz
[  224.750202][ T5884] usb 4-1: SerialNumber: syz
[  224.759074][ T5884] usb 4-1: config 0 descriptor??
[  224.769809][ T5884] usb 4-1: selecting invalid altsetting 2
[  224.786972][ T5908] usb 3-1: USB disconnect, device number 8
[  224.808685][ T9164] IPVS: Scheduler module ip_vs_ not found
[  225.360364][ T9186] bond0: option arp_validate: invalid value (1954183539)
[  225.481950][ T9176] loop5: detected capacity change from 0 to 32768
[  225.502488][ T9176] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.986 (9176)
[  225.535992][ T9176] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  225.548106][ T9176] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  225.693522][ T9176] BTRFS info (device loop5): rebuilding free space tree
[  225.752850][ T9176] BTRFS info (device loop5): disabling free space tree
[  225.763532][ T9212] loop2: detected capacity change from 0 to 128
[  225.776925][ T9176] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  225.816548][ T9176] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  225.852114][ T5881] usb 4-1: USB disconnect, device number 9
[  226.070605][ T6444] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  226.097357][ T9208] loop0: detected capacity change from 0 to 32768
[  226.113397][ T9208] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  226.193764][ T9208] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  226.420099][ T5828] ocfs2: Unmounting device (7,0) on (node local)
[  226.534245][ T9214] loop6: detected capacity change from 0 to 32768
[  226.604961][ T9214] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  226.714333][ T9229] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1005'.
[  226.895598][ T7270] ocfs2: Unmounting device (7,6) on (node local)
[  226.955262][ T9235] loop3: detected capacity change from 0 to 2048
[  227.014514][ T9242] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  227.092193][ T9242] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  227.127501][ T9242] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  227.168954][ T9242] Remounting filesystem read-only
[  227.274987][ T5832] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  227.635916][ T9266] loop5: detected capacity change from 0 to 256
[  227.670356][ T9268] loop8: detected capacity change from 0 to 7
[  227.688066][ T9266] exfat: Deprecated parameter 'namecase'
[  227.693833][ T9266] exfat: Deprecated parameter 'utf8'
[  227.708574][ T9268] Dev loop8: unable to read RDB block 7
[  227.714751][ T9268]  loop8: unable to read partition table
[  227.747414][ T9268] loop8: partition table beyond EOD, truncated
[  227.753710][ T9266] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  227.766531][ T9268] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  227.792760][ T9272] loop0: detected capacity change from 0 to 128
[  227.851031][ T9266] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d)
[  227.912228][   T13] kworker/u8:1: attempt to access beyond end of device
[  227.912228][   T13] loop0: rw=1, sector=145, nr_sectors = 16 limit=128
[  227.945655][   T13] kworker/u8:1: attempt to access beyond end of device
[  227.945655][   T13] loop0: rw=1, sector=169, nr_sectors = 8 limit=128
[  228.008109][   T13] kworker/u8:1: attempt to access beyond end of device
[  228.008109][   T13] loop0: rw=1, sector=185, nr_sectors = 8 limit=128
[  228.029814][   T13] kworker/u8:1: attempt to access beyond end of device
[  228.029814][   T13] loop0: rw=1, sector=201, nr_sectors = 8 limit=128
[  228.086006][   T13] kworker/u8:1: attempt to access beyond end of device
[  228.086006][   T13] loop0: rw=1, sector=217, nr_sectors = 8 limit=128
[  228.191832][   T53] kworker/u8:3: attempt to access beyond end of device
[  228.191832][   T53] loop0: rw=2049, sector=233, nr_sectors = 8 limit=128
[  228.229258][   T53] kworker/u8:3: attempt to access beyond end of device
[  228.229258][   T53] loop0: rw=2049, sector=249, nr_sectors = 8 limit=128
[  228.264554][   T53] kworker/u8:3: attempt to access beyond end of device
[  228.264554][   T53] loop0: rw=2049, sector=265, nr_sectors = 8 limit=128
[  228.301998][ T5833] IPVS: starting estimator thread 0...
[  228.349659][   T53] kworker/u8:3: attempt to access beyond end of device
[  228.349659][   T53] loop0: rw=2049, sector=281, nr_sectors = 8 limit=128
[  228.414449][   T53] kworker/u8:3: attempt to access beyond end of device
[  228.414449][   T53] loop0: rw=2049, sector=297, nr_sectors = 8 limit=128
[  228.416822][ T9280] IPVS: using max 27 ests per chain, 64800 per kthread
[  228.674560][ T9292] loop5: detected capacity change from 0 to 512
[  228.735513][ T9292] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.764191][ T9292] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  228.941740][ T6444] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.057927][ T9307] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1035'.
[  229.089995][ T9307] 
[  229.092378][ T9307] =====================================
[  229.097949][ T9307] WARNING: bad unlock balance detected!
[  229.103510][ T9307] 6.15.0-rc1-next-20250408-syzkaller #0 Not tainted
[  229.110126][ T9307] -------------------------------------
[  229.115661][ T9307] syz.3.1035/9307 is trying to release lock (&dev_instance_lock_key) at:
[  229.124088][ T9307] [<ffffffff89f63d76>] do_setlink+0xc26/0x43a0
[  229.130275][ T9307] but there are no more locks to release!
[  229.135988][ T9307] 
[  229.135988][ T9307] other info that might help us debug this:
[  229.144041][ T9307] 1 lock held by syz.3.1035/9307:
[  229.149064][ T9307]  #0: ffffffff90100308 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xd68/0x1fe0
[  229.158138][ T9307] 
[  229.158138][ T9307] stack backtrace:
[  229.164027][ T9307] CPU: 1 UID: 0 PID: 9307 Comm: syz.3.1035 Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) 
[  229.164048][ T9307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  229.164060][ T9307] Call Trace:
[  229.164066][ T9307]  <TASK>
[  229.164074][ T9307]  dump_stack_lvl+0x241/0x360
[  229.164102][ T9307]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.164127][ T9307]  ? __pfx__printk+0x10/0x10
[  229.164151][ T9307]  ? print_lock+0x171/0x1a0
[  229.164173][ T9307]  ? do_setlink+0xc26/0x43a0
[  229.164191][ T9307]  print_unlock_imbalance_bug+0x185/0x1a0
[  229.164234][ T9307]  lock_release+0x1ed/0x3e0
[  229.164252][ T9307]  ? do_setlink+0xc26/0x43a0
[  229.164269][ T9307]  ? do_setlink+0xc26/0x43a0
[  229.164287][ T9307]  __mutex_unlock_slowpath+0xee/0x800
[  229.164306][ T9307]  ? validate_linkmsg+0x70e/0xa40
[  229.164331][ T9307]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  229.164350][ T9307]  ? __pfx_validate_linkmsg+0x10/0x10
[  229.164372][ T9307]  ? lockdep_hardirqs_on+0x9d/0x150
[  229.164391][ T9307]  do_setlink+0xc26/0x43a0
[  229.164412][ T9307]  ? _printk+0xd5/0x120
[  229.164443][ T9307]  ? __pfx_do_setlink+0x10/0x10
[  229.164462][ T9307]  ? __lock_acquire+0xad5/0xd80
[  229.164484][ T9307]  ? __pfx___mutex_trylock_common+0x10/0x10
[  229.164509][ T9307]  ? rcu_is_watching+0x15/0xb0
[  229.164531][ T9307]  ? trace_contention_end+0x3c/0x120
[  229.164553][ T9307]  ? __mutex_lock+0x380/0x10c0
[  229.164572][ T9307]  ? __pfx_aa_get_newest_label+0x10/0x10
[  229.164594][ T9307]  ? rcu_is_watching+0x15/0xb0
[  229.164615][ T9307]  ? rtnl_newlink+0xd68/0x1fe0
[  229.164631][ T9307]  ? __pfx___mutex_lock+0x10/0x10
[  229.164651][ T9307]  ? ns_capable+0x8a/0xf0
[  229.164669][ T9307]  ? rtnl_link_get_net_capable+0x168/0x340
[  229.164690][ T9307]  rtnl_newlink+0x17e2/0x1fe0
[  229.164706][ T9307]  ? stack_depot_save_flags+0x44/0x940
[  229.164727][ T9307]  ? __pfx_rtnl_newlink+0x10/0x10
[  229.164742][ T9307]  ? __netlink_deliver_tap+0x561/0x7f0
[  229.164759][ T9307]  ? netlink_deliver_tap+0x19d/0x1b0
[  229.164774][ T9307]  ? netlink_unicast+0x7c6/0x9a0
[  229.164797][ T9307]  ? netlink_sendmsg+0x8c3/0xcd0
[  229.164812][ T9307]  ? __sock_sendmsg+0x221/0x270
[  229.164835][ T9307]  ? ____sys_sendmsg+0x523/0x860
[  229.164855][ T9307]  ? __sys_sendmsg+0x271/0x360
[  229.164873][ T9307]  ? do_syscall_64+0xf3/0x230
[  229.164889][ T9307]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.164919][ T9307]  ? kasan_quarantine_put+0xdc/0x230
[  229.164940][ T9307]  ? lockdep_hardirqs_on+0x9d/0x150
[  229.164957][ T9307]  ? nlmon_xmit+0xaf/0x100
[  229.164976][ T9307]  ? __local_bh_enable_ip+0x168/0x200
[  229.164992][ T9307]  ? lockdep_hardirqs_on+0x9d/0x150
[  229.165011][ T9307]  ? aa_get_newest_label+0x101/0x6f0
[  229.165033][ T9307]  ? __lock_acquire+0xad5/0xd80
[  229.165058][ T9307]  ? __pfx_rtnl_newlink+0x10/0x10
[  229.165075][ T9307]  rtnetlink_rcv_msg+0x80f/0xd70
[  229.165089][ T9307]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  229.165108][ T9307]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  229.165127][ T9307]  ? ref_tracker_free+0x63e/0x7e0
[  229.165147][ T9307]  netlink_rcv_skb+0x208/0x480
[  229.165163][ T9307]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  229.165180][ T9307]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  229.165203][ T9307]  ? netlink_deliver_tap+0x2e/0x1b0
[  229.165220][ T9307]  ? netlink_deliver_tap+0x2e/0x1b0
[  229.165237][ T9307]  netlink_unicast+0x7f8/0x9a0
[  229.165264][ T9307]  ? __pfx_netlink_unicast+0x10/0x10
[  229.165289][ T9307]  ? skb_put+0x114/0x1f0
[  229.165309][ T9307]  netlink_sendmsg+0x8c3/0xcd0
[  229.165331][ T9307]  ? __pfx_netlink_sendmsg+0x10/0x10
[  229.165349][ T9307]  ? aa_sock_msg_perm+0xf3/0x1d0
[  229.165372][ T9307]  ? __pfx_netlink_sendmsg+0x10/0x10
[  229.165388][ T9307]  __sock_sendmsg+0x221/0x270
[  229.165414][ T9307]  ____sys_sendmsg+0x523/0x860
[  229.165444][ T9307]  ? __pfx_____sys_sendmsg+0x10/0x10
[  229.165463][ T9307]  ? __fget_files+0x2a/0x420
[  229.165483][ T9307]  ? __fget_files+0x2a/0x420
[  229.165504][ T9307]  __sys_sendmsg+0x271/0x360
[  229.165526][ T9307]  ? __pfx___sys_sendmsg+0x10/0x10
[  229.165551][ T9307]  ? __lock_acquire+0xad5/0xd80
[  229.165583][ T9307]  ? do_syscall_64+0xb6/0x230
[  229.165601][ T9307]  do_syscall_64+0xf3/0x230
[  229.165617][ T9307]  ? clear_bhb_loop+0x45/0xa0
[  229.165635][ T9307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.165652][ T9307] RIP: 0033:0x7f8428f8d169
[  229.165668][ T9307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.165684][ T9307] RSP: 002b:00007f8429eab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  229.165703][ T9307] RAX: ffffffffffffffda RBX: 00007f84291a5fa0 RCX: 00007f8428f8d169
[  229.165716][ T9307] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  229.165728][ T9307] RBP: 00007f842900e2a0 R08: 0000000000000000 R09: 0000000000000000
[  229.165739][ T9307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  229.165750][ T9307] R13: 0000000000000000 R14: 00007f84291a5fa0 R15: 00007ffd4e433e28
[  229.165769][ T9307]  </TASK>
[  229.710830][ T9290] loop2: detected capacity change from 0 to 32768
[  229.727541][   T30] audit: type=1800 audit(1744093963.662:146): pid=9290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1027" name="file1" dev="loop2" ino=4 res=0 errno=0
[  229.956508][ T5833] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  230.126591][ T5833] usb 1-1: Using ep0 maxpacket: 16
[  230.134646][ T5833] usb 1-1: config 1 has an invalid interface number: 203 but max is 0
[  230.143769][ T5833] usb 1-1: config 1 has no interface number 0
[  230.151944][ T5833] usb 1-1: New USB device found, idVendor=0b95, idProduct=2790, bcdDevice=63.9c
[  230.161058][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.169157][ T5833] usb 1-1: Product: syz
[  230.173468][ T5833] usb 1-1: Manufacturer: syz
[  230.178154][ T5833] usb 1-1: SerialNumber: syz
[  230.390779][ T5833] aqc111 1-1:1.203: probe with driver aqc111 failed with error -22
[  230.593416][   T47] usb 1-1: USB disconnect, device number 8