PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0)

01:46:43 executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc41, 0x0)

01:46:43 executing program 4:
creat(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000002440)='./file0\x00', &(0x7f0000002480), 0x0, 0x0, 0x1)

01:46:43 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x0, 0x3, 0x4}, 0x48)

01:46:43 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:43 executing program 5:
select(0x40, &(0x7f0000001000), 0x0, &(0x7f0000001080)={0x81}, 0x0)

[  408.402999][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  408.456966][ T6665]     140548097556480-140548097601535: 0000000000000000
[  408.465040][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  408.474145][ T6665]     140548097605632-140548097736703: ffff88806b3de380
01:46:43 executing program 4:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0xad, 0xef, 0x64, 0x8, 0x1a72, 0x1002, 0xd273, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xe9, 0xea, 0x7e, 0x0, [], [{{0x9, 0x5, 0x2, 0x0, 0x40, 0x1, 0x0, 0x80}}]}}]}}]}}, 0x0)

01:46:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0)

[  408.519580][ T6665]     140548097736704-140735437164543: 0000000000000000
01:46:43 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000000)={'erspan0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @private=0xa010100, @empty}}}})

01:46:43 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f40)={0x1ec, r1, 0x1, 0x0, 0x0, {0x1, 0x0, 0x4}, [@WGDEVICE_A_PEERS={0x1c4, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x190, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast2}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xfff, @ipv4={'\x00', '\xff\xff', @loopback}, 0x1}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "4841716f6948dea02c54d08b2a2bb16cde99e4b8731c544bf9b7b97948d6b474"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "1539ea10f102613ed9610a7d8a35e9c717258643c907acb0007b2c3063f5a248"}, @WGPEER_A_ALLOWEDIPS={0xd4, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x1ec}}, 0x0)

[  408.636088][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  408.644117][ T7166] binder: 7156:7166 ioctl c0306201 20001480 returned -14
[  408.650271][ T7167] loop0: detected capacity change from 0 to 256
01:46:43 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:43 executing program 2:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0xad, 0xef, 0x64, 0x8, 0x1a72, 0x1002, 0xd273, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xe9, 0xea, 0x7e, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x40}}]}}]}}]}}, 0x0)

[  408.710630][ T6665]     140735437299712-140735437316095: 0000000000000000
[  408.776446][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  408.780695][ T7167] FAT-fs (loop0): Directory bread(block 64) failed
[  408.783436][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  408.783470][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  408.783498][ T6665] Pass: 9294321 Run:9294425
[  408.783514][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  408.818801][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  408.820452][ T7167] FAT-fs (loop0): Directory bread(block 65) failed
[  408.828860][ T6665] Call Trace:
[  408.828871][ T6665]  <TASK>
[  408.828883][ T6665]  dump_stack_lvl+0xd1/0x138
[  408.828928][ T6665]  mt_find.cold+0x8b/0x90
[  408.828969][ T6665]  ? mas_find+0x1d0/0x1d0
[  408.829026][ T6665]  find_vma+0x10c/0x1b0
[  408.829057][ T6665]  ? can_vma_merge_before+0x390/0x390
[  408.862378][ T7167] FAT-fs (loop0): Directory bread(block 66) failed
[  408.864509][ T6665]  ? walk_page_test+0x78/0x180
[  408.864559][ T6665]  walk_page_range+0x2b1/0x4a0
[  408.872057][ T5176] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  408.875805][ T6665]  ? __walk_page_range+0x780/0x780
[  408.875866][ T6665]  mlock_fixup+0x650/0x810
[  408.875920][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  408.875967][ T6665]  ? mlock_fixup+0x810/0x810
[  408.876030][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  408.876077][ T6665]  do_mlock+0x25a/0x6d0
[  408.876124][ T6665]  ? folio_evictable+0x270/0x270
[  408.905935][ T7167] FAT-fs (loop0): Directory bread(block 67) failed
[  408.907620][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  408.907668][ T6665]  __x64_sys_mlock+0x59/0x80
[  408.907698][ T6665]  do_syscall_64+0x39/0xb0
[  408.907741][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  408.907776][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  408.907800][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  408.907827][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  408.907856][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  408.907877][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  408.907895][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  408.907914][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  408.918974][ T7167] FAT-fs (loop0): Directory bread(block 68) failed
[  408.922844][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  408.922889][ T6665]  </TASK>
[  409.045720][ T7177] binder: BINDER_SET_CONTEXT_MGR already set
[  409.061896][ T7177] binder: 7172:7177 ioctl 4018620d 20000000 returned -16
[  409.083155][ T7177] binder: 7172:7177 ioctl c0306201 20001480 returned -14
[  409.096490][ T6665] index not increased! 20ffb000 <= 20ffb000
[  409.102436][ T6665] BUG at mt_find:6473 (1)
[  409.109727][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  409.118910][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  409.165783][ T7167] FAT-fs (loop0): Directory bread(block 69) failed
[  409.172845][ T7167] FAT-fs (loop0): Directory bread(block 70) failed
[  409.186060][ T7167] FAT-fs (loop0): Directory bread(block 71) failed
[  409.194736][ T7167] FAT-fs (loop0): Directory bread(block 72) failed
[  409.212301][ T7167] FAT-fs (loop0): Directory bread(block 73) failed
[  409.226623][ T6870] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  409.277536][ T5176] usb 5-1: Using ep0 maxpacket: 8
[  409.445836][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  409.511597][ T6665]     0-536866815: 0000000000000000
[  409.526825][ T6870] usb 3-1: Using ep0 maxpacket: 8
[  409.534206][ T6665]     536866816-536870911: ffff888022f0e0e0
[  409.546917][ T6665]     536870912-553627647: ffff888022f0e1c0
[  409.556144][ T6665]     553627648-553635839: 0000000000000000
[  409.572264][ T6665]     553635840-553627647: ffff8880272dc9a0
[  409.581034][ T6665]     553627648-553644031: ffff8880272dc8c0
[  409.597192][ T5176] usb 5-1: New USB device found, idVendor=1a72, idProduct=1002, bcdDevice=d2.73
[  409.606270][ T5176] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.614964][ T6665]     553644032-553648127: ffff88807e16c7e0
[  409.631706][ T6665]     553648128-553652223: ffff888022f0e2a0
[  409.637803][ T6665]     553652224-116813594623: 0000000000000000
[  409.643219][ T7171] loop3: detected capacity change from 0 to 32768
[  409.643975][ T6665]     116813594624-116817788927: ffff888022f0e380
[  409.644007][ T6665]     116817788928-93825002663935: 0000000000000000
[  409.644034][ T6665]     93825002663936-93825002803199: 
[  409.664016][ T6870] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  409.679928][ T6665] ffff888022f0e460
[  409.679945][ T6665]     93825002803200-140548063096831: 0000000000000000
[  409.679972][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  409.680000][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 
[  409.696794][ T5176] usb 5-1: Product: syz
[  409.699769][ T6665] ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  409.740982][ T5176] usb 5-1: Manufacturer: syz
[  409.761995][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  409.762029][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  409.762058][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  409.762087][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  409.762112][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  409.762140][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  409.762168][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  409.762196][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  409.762225][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  409.762252][ T6665]     140548085284864-140548085288959: 0000000000000000
[  409.762279][ T6665]     140548085288960-140548085653503: 
[  409.787883][ T5176] usb 5-1: SerialNumber: syz
[  409.823638][ T6665] ffff888022f0ee00
[  409.844570][ T5176] usb 5-1: config 0 descriptor??
[  409.849989][ T6665]     140548085653504-140548085690367: 
[  409.865104][ T7171] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  409.871078][ T6665] ffff888022f0eee0
[  409.881013][ T7171] BTRFS info (device loop3): force clearing of disk cache
[  409.888341][ T5176] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  409.891538][ T7171] BTRFS info (device loop3): setting nodatasum
[  409.906473][ T6665]     140548085690368-140548085710847: 0000000000000000
[  409.907127][ T7171] BTRFS info (device loop3): allowing degraded mounts
[  409.916786][ T6870] usb 3-1: New USB device found, idVendor=1a72, idProduct=1002, bcdDevice=d2.73
[  409.920897][ T7171] BTRFS info (device loop3): enabling disk space caching
[  409.932436][ T6665]     140548085710848-140548097556479: 
[  409.936963][ T7171] BTRFS info (device loop3): disk space caching is enabled
[  409.945120][ T5176] ftdi_sio ttyUSB0: unknown device type: 0xd273
[  409.952012][ T6665] ffff88806b3de000
[  409.958790][ T6870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.961993][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  409.980388][ T6870] usb 3-1: Product: syz
[  410.019434][ T6665]     140548097556480-140548097601535: 0000000000000000
[  410.019471][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  410.019499][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  410.019527][ T6665]     140548097736704-140735437164543: 0000000000000000
[  410.019554][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  410.019583][ T6665]     140735437299712-140735437316095: 0000000000000000
[  410.019608][ T6665]     140735437316096-140735437332479: 
[  410.041468][ T6870] usb 3-1: Manufacturer: syz
[  410.050451][ T6665] ffff88806b3de1c0
[  410.053248][ T6870] usb 3-1: SerialNumber: syz
[  410.071338][ T6665]     140735437332480-140735437340671: 
[  410.098342][ T6870] usb 3-1: config 0 descriptor??
[  410.108355][ T6665] ffff88806b3de2a0
[  410.115312][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  410.124211][ T6665] Pass: 9307756 Run:9307861
[  410.128835][ T5174] usb 5-1: USB disconnect, device number 2
[  410.128994][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  410.144476][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  410.147030][ T5174] ftdi_sio 5-1:0.0: device disconnected
[  410.154533][ T6665] Call Trace:
[  410.154547][ T6665]  <TASK>
[  410.154559][ T6665]  dump_stack_lvl+0xd1/0x138
[  410.165421][ T6870] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  410.166309][ T6665]  mt_find.cold+0x8b/0x90
[  410.180807][ T6870] ftdi_sio ttyUSB0: unknown device type: 0xd273
[  410.182652][ T6665]  ? mas_find+0x1d0/0x1d0
[  410.182707][ T6665]  find_vma+0x10c/0x1b0
[  410.197466][ T6665]  ? can_vma_merge_before+0x390/0x390
[  410.202885][ T6665]  ? walk_page_test+0x78/0x180
[  410.204266][ T7171] BTRFS info (device loop3): enabling ssd optimizations
[  410.207677][ T6665]  walk_page_range+0x2b1/0x4a0
[  410.207723][ T6665]  ? __walk_page_range+0x780/0x780
[  410.207785][ T6665]  mlock_fixup+0x650/0x810
[  410.216494][ T7171] BTRFS info (device loop3): auto enabling async discard
[  410.219453][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  410.241263][ T6665]  ? mlock_fixup+0x810/0x810
[  410.245936][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  410.251887][ T6665]  do_mlock+0x25a/0x6d0
[  410.252845][ T7171] BTRFS info (device loop3): clearing free space tree
[  410.256078][ T6665]  ? folio_evictable+0x270/0x270
[  410.267829][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  410.273778][ T6665]  __x64_sys_mlock+0x59/0x80
[  410.278402][ T6665]  do_syscall_64+0x39/0xb0
[  410.282871][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  410.283935][ T7171] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  410.288778][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  410.288804][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  410.288833][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  410.288863][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  410.288883][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  410.288902][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  410.288922][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  410.288938][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  410.312037][ T7171] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  410.322561][ T6665]  </TASK>
[  410.325946][ T6665] index not increased! 20ffb000 <= 20ffb000
[  410.374029][ T6870] usb 3-1: USB disconnect, device number 2
[  410.397296][ T7171] BTRFS info (device loop3): checking UUID tree
[  410.408702][ T6665] BUG at mt_find:6473 (1)
[  410.413196][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  410.414617][ T6870] ftdi_sio 3-1:0.0: device disconnected
[  410.424391][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
01:46:45 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0)

01:46:45 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f40)={0x1ec, r1, 0x1, 0x0, 0x0, {0x1, 0x0, 0x4}, [@WGDEVICE_A_PEERS={0x1c4, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x190, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast2}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xfff, @ipv4={'\x00', '\xff\xff', @loopback}, 0x1}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "4841716f6948dea02c54d08b2a2bb16cde99e4b8731c544bf9b7b97948d6b474"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "1539ea10f102613ed9610a7d8a35e9c717258643c907acb0007b2c3063f5a248"}, @WGPEER_A_ALLOWEDIPS={0xd4, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x1ec}}, 0x0)

01:46:45 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x9408, 0x0)

[  410.470340][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  410.561873][ T7198] loop0: detected capacity change from 0 to 256
[  410.576514][ T7199] binder: 7196:7199 ioctl c0306201 20001480 returned -14
[  410.583939][ T6665]     0-536866815: 0000000000000000
01:46:45 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:45 executing program 4:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0xad, 0xef, 0x64, 0x8, 0x1a72, 0x1002, 0xd273, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xe9, 0xea, 0x7e, 0x0, [], [{{0x9, 0x5, 0x2, 0x0, 0x40, 0x1, 0x0, 0x80}}]}}]}}]}}, 0x0)

[  410.613982][ T6665]     536866816-536870911: ffff888022f0e0e0
[  410.649067][ T6665]     536870912-553627647: ffff888022f0e1c0
01:46:45 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x9, 0x4, 0x7ff}, 0x48)

[  410.724273][ T7198] FAT-fs (loop0): Directory bread(block 64) failed
[  410.751810][ T7198] FAT-fs (loop0): Directory bread(block 65) failed
[  410.765582][ T6665]     553627648-553635839: 0000000000000000
[  410.777310][ T7205] binder: 7204:7205 unknown command 0
[  410.788159][ T7198] FAT-fs (loop0): Directory bread(block 66) failed
[  410.800643][ T7205] binder: 7204:7205 ioctl c0306201 20001480 returned -22
[  410.812442][ T7198] FAT-fs (loop0): Directory bread(block 67) failed
[  410.821096][ T6665]     553635840-553627647: ffff8880272dc9a0
01:46:45 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[  410.858978][ T7198] FAT-fs (loop0): Directory bread(block 68) failed
[  410.875922][ T6665]     553627648-553644031: ffff8880272dc8c0
[  410.886207][ T7198] FAT-fs (loop0): Directory bread(block 69) failed
01:46:45 executing program 2:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x2, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[  410.913461][ T6665]     553644032-553648127: ffff88807e16c7e0
[  410.919463][ T7198] FAT-fs (loop0): Directory bread(block 70) failed
[  410.948373][ T7198] FAT-fs (loop0): Directory bread(block 71) failed
[  410.960658][ T6665]     553648128-553652223: ffff888022f0e2a0
[  410.974488][ T7198] FAT-fs (loop0): Directory bread(block 72) failed
01:46:45 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x7, 0x0, 0x0, 0x0, 0x420}, 0x48)

[  411.008233][ T6665]     553652224-116813594623: 0000000000000000
[  411.019296][ T7198] FAT-fs (loop0): Directory bread(block 73) failed
[  411.040699][ T7215] binder: 7213:7215 unknown command 0
[  411.048298][ T6665]     116813594624-116817788927: ffff888022f0e380
[  411.056607][ T5311] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  411.059552][ T7215] binder: 7213:7215 ioctl c0306201 20001480 returned -22
01:46:45 executing program 2:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x2, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

01:46:46 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x9, 0x4, 0x7ff}, 0x48)

[  411.114813][ T6665]     116817788928-93825002663935: 0000000000000000
[  411.154726][ T6665]     93825002663936-93825002803199: ffff888022f0e460
01:46:46 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[  411.219592][ T6665]     93825002803200-140548063096831: 0000000000000000
[  411.282591][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  411.296471][ T5311] usb 5-1: Using ep0 maxpacket: 8
01:46:46 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0)

01:46:46 executing program 2:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000480)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000007c0)="d792d55b9faaa2911ef4cff7e1ab154e92ec6086d7c1865a"}, 0x48)

[  411.346101][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 
[  411.347619][ T7223] binder: 7221:7223 unknown command 0
[  411.348637][ T6665] ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  411.475239][ T7223] binder: 7221:7223 ioctl c0306201 20001480 returned -22
[  411.600723][ T7230] loop0: detected capacity change from 0 to 256
[  411.636682][ T5311] usb 5-1: New USB device found, idVendor=1a72, idProduct=1002, bcdDevice=d2.73
[  411.645779][ T5311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.650446][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  411.676178][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  411.687179][ T5311] usb 5-1: Product: syz
[  411.691383][ T5311] usb 5-1: Manufacturer: syz
[  411.700781][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  411.707597][ T7230] FAT-fs (loop0): Directory bread(block 64) failed
[  411.708329][ T6665]     140548075683840-140548077780991: 
[  411.714250][ T7230] FAT-fs (loop0): Directory bread(block 65) failed
[  411.714341][ T7230] FAT-fs (loop0): Directory bread(block 66) failed
[  411.720459][ T6665] ffff888022f0e8c0
[  411.752175][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  411.752611][ T5311] usb 5-1: SerialNumber: syz
[  411.769614][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  411.780528][ T5311] usb 5-1: config 0 descriptor??
[  411.795774][ T7230] FAT-fs (loop0): Directory bread(block 67) failed
[  411.804997][ T7230] FAT-fs (loop0): Directory bread(block 68) failed
[  411.814489][ T7230] FAT-fs (loop0): Directory bread(block 69) failed
[  411.821319][ T7230] FAT-fs (loop0): Directory bread(block 70) failed
[  411.831117][ T5311] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  411.838749][ T7230] FAT-fs (loop0): Directory bread(block 71) failed
[  411.842788][ T6665]     140548084072448-140548084219903: 
[  411.851371][ T5311] ftdi_sio ttyUSB0: unknown device type: 0xd273
[  411.865270][ T6665] ffff888022f0eb60
[  411.870196][ T7230] FAT-fs (loop0): Directory bread(block 72) failed
[  411.881659][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  411.882983][ T7230] FAT-fs (loop0): Directory bread(block 73) failed
[  411.912522][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  411.946543][ T6665]     140548085284864-140548085288959: 0000000000000000
[  411.966456][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  411.973458][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  411.983600][ T6665]     140548085690368-140548085710847: 0000000000000000
[  411.992695][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  412.000028][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  412.053694][ T7208] loop3: detected capacity change from 0 to 32768
[  412.070635][ T7208] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  412.081152][ T7208] BTRFS info (device loop3): force clearing of disk cache
[  412.088474][ T7208] BTRFS info (device loop3): setting nodatasum
[  412.094943][ T7208] BTRFS info (device loop3): allowing degraded mounts
[  412.104997][ T5311] usb 5-1: USB disconnect, device number 3
[  412.129216][ T7208] BTRFS info (device loop3): enabling disk space caching
[  412.129719][ T5311] ftdi_sio 5-1:0.0: device disconnected
[  412.151796][ T6665]     140548097556480-140548097601535: 0000000000000000
[  412.166207][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  412.173842][ T7208] BTRFS info (device loop3): disk space caching is enabled
[  412.185407][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  412.196793][ T6665]     140548097736704-140735437164543: 0000000000000000
[  412.203856][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  412.214104][ T6665]     140735437299712-140735437316095: 0000000000000000
[  412.221762][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  412.231004][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  412.232089][ T7208] BTRFS info (device loop3): enabling ssd optimizations
[  412.238126][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  412.238159][ T6665] Pass: 9339734 Run:9339840
[  412.238174][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  412.238205][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  412.238222][ T6665] Call Trace:
[  412.238230][ T6665]  <TASK>
[  412.238241][ T6665]  dump_stack_lvl+0xd1/0x138
[  412.238287][ T6665]  mt_find.cold+0x8b/0x90
[  412.238329][ T6665]  ? mas_find+0x1d0/0x1d0
[  412.256479][ T7208] BTRFS info (device loop3): auto enabling async discard
[  412.257104][ T6665]  find_vma+0x10c/0x1b0
[  412.268787][ T7208] BTRFS info (device loop3): clearing free space tree
[  412.276898][ T6665]  ? can_vma_merge_before+0x390/0x390
[  412.276940][ T6665]  ? walk_page_test+0x78/0x180
[  412.280357][ T7208] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  412.283155][ T6665]  walk_page_range+0x2b1/0x4a0
[  412.283201][ T6665]  ? __walk_page_range+0x780/0x780
[  412.343976][ T6665]  mlock_fixup+0x650/0x810
[  412.348443][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  412.353686][ T6665]  ? mlock_fixup+0x810/0x810
[  412.358322][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  412.364247][ T6665]  do_mlock+0x25a/0x6d0
[  412.368437][ T6665]  ? folio_evictable+0x270/0x270
[  412.373422][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  412.379346][ T6665]  __x64_sys_mlock+0x59/0x80
[  412.383956][ T6665]  do_syscall_64+0x39/0xb0
[  412.388412][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  412.394340][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  412.398771][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  412.418394][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  412.426825][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  412.434809][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  412.442791][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  412.450770][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  412.458752][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  412.466752][ T6665]  </TASK>
[  412.475062][ T6665] index not increased! 20ffb000 <= 20ffb000
[  412.483369][ T6665] BUG at mt_find:6473 (1)
[  412.486432][ T7208] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  412.488026][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  412.506710][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  412.514764][ T7208] BTRFS info (device loop3): checking UUID tree
[  412.550464][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  412.616945][ T6665]     0-536866815: 0000000000000000
01:46:47 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:47 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)

[  412.630360][ T6665]     536866816-536870911: ffff888022f0e0e0
[  412.647821][ T6665]     536870912-553627647: ffff888022f0e1c0
[  412.681054][ T7250] binder: 7248:7250 unknown command 0
[  412.714744][ T6665]     553627648-553635839: 0000000000000000
[  412.716718][ T7250] binder: 7248:7250 ioctl c0306201 20001480 returned -22
[  412.782134][ T6665]     553635840-553627647: ffff8880272dc9a0
[  412.806498][ T6665]     553627648-553644031: ffff8880272dc8c0
[  412.812506][ T6665]     553644032-553648127: ffff88807e16c7e0
[  412.819690][ T6665]     553648128-553652223: ffff888022f0e2a0
[  412.825641][ T6665]     553652224-116813594623: 0000000000000000
01:46:47 executing program 4:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x6, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
sendmmsg$inet(r0, &(0x7f0000004580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

01:46:47 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xffff, 0x101, 0x300, 0x0, 0x1}, 0x48)

01:46:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0)

01:46:47 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x9408, 0x0)

01:46:47 executing program 2:
socket$nl_audit(0x10, 0x3, 0x9)
openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
pkey_mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff)

[  412.846455][ T6665]     116813594624-116817788927: ffff888022f0e380
[  412.871742][ T7257] loop0: detected capacity change from 0 to 256
01:46:47 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:47 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
pipe2$watch_queue(0x0, 0x80)

[  412.896379][ T6665]     116817788928-93825002663935: 0000000000000000
[  412.903074][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  412.997866][ T7257] FAT-fs (loop0): Directory bread(block 64) failed
[  413.004465][ T7257] FAT-fs (loop0): Directory bread(block 65) failed
[  413.021012][ T7265] binder: 7263:7265 unknown command 0
[  413.048655][ T6665]     93825002803200-140548063096831: 0000000000000000
[  413.062634][ T7265] binder: 7263:7265 ioctl c0306201 20001480 returned -22
[  413.070159][ T7257] FAT-fs (loop0): Directory bread(block 66) failed
[  413.070205][ T7257] FAT-fs (loop0): Directory bread(block 67) failed
[  413.070288][ T7257] FAT-fs (loop0): Directory bread(block 68) failed
[  413.070327][ T7257] FAT-fs (loop0): Directory bread(block 69) failed
01:46:47 executing program 4:
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = open$dir(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000001e40)=@v1={0x0, @aes128, 0x0, @desc1})
chdir(&(0x7f0000000000)='./file0\x00')
add_key$fscrypt_v1(&(0x7f0000000240), &(0x7f0000000180)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6685d4982a83b71b906769e737201ac6cfa7804454156569cbf3a5be811debc957b5831b89b59d743e748c7c", 0x35}, 0x48, 0xffffffffffffffff)
r1 = open(&(0x7f0000000300)='./file0\x00', 0x2c0c2, 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd", 0x107)
sendfile(r1, r2, 0x0, 0x11f06)

01:46:47 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x0, 0x0, 0x0, 0x0, 0x6, 0x1, 0x10000}, 0x48)

[  413.070408][ T7257] FAT-fs (loop0): Directory bread(block 70) failed
[  413.070445][ T7257] FAT-fs (loop0): Directory bread(block 71) failed
[  413.070531][ T7257] FAT-fs (loop0): Directory bread(block 72) failed
[  413.070568][ T7257] FAT-fs (loop0): Directory bread(block 73) failed
01:46:48 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter, 0x48)

[  413.095091][ T6665]     140548063096832-140548063100927: 
[  413.209475][ T7270] syz-executor.4 (pid 7270) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  413.243670][ T6665] ffff888022f0e540
01:46:48 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:48 executing program 2:
clock_gettime(0x0, &(0x7f0000000180)={<r0=>0x0})
futex_waitv(&(0x7f0000000140)=[{0x0, 0x0, 0x82}], 0x1, 0x0, &(0x7f0000000240)={r0}, 0x1)

01:46:48 executing program 0:
open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0)

[  413.276645][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  413.422875][ T7278] binder: 7277:7278 unknown command 0
[  413.468954][ T7278] binder: 7277:7278 ioctl c0306201 20001480 returned -22
[  413.617756][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  413.646526][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  413.691004][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  413.724398][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  413.752751][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  413.810537][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  413.851774][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  413.876067][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  413.906828][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  413.939458][ T6665]     140548085284864-140548085288959: 0000000000000000
[  413.962256][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  413.996646][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  414.008688][ T7259] loop3: detected capacity change from 0 to 32768
[  414.022206][ T6665]     140548085690368-140548085710847: 0000000000000000
[  414.039175][ T7274] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  414.059298][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  414.060585][ T7274] fscrypt (sda1): Missing crypto API support for AES-128-CBC-ESSIV (API name: "essiv(cbc(aes),sha256)")
[  414.066665][ T7259] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  414.111623][ T7259] BTRFS info (device loop3): force clearing of disk cache
01:46:49 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000001180)={0xa, 0x4e20}, 0x1c)
connect$inet6(r0, &(0x7f00000010c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
getsockopt$bt_hci(r0, 0x84, 0x76, &(0x7f0000002280)=""/4077, &(0x7f0000000100)=0xfed)

01:46:49 executing program 2:
msgsnd(0x0, &(0x7f0000000280)=ANY=[@ANYRES8], 0x0, 0x0)

[  414.133533][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  414.143545][ T7259] BTRFS info (device loop3): setting nodatasum
[  414.237400][ T7259] BTRFS info (device loop3): allowing degraded mounts
[  414.256406][ T7259] BTRFS info (device loop3): enabling disk space caching
[  414.263492][ T7259] BTRFS info (device loop3): disk space caching is enabled
[  414.308218][ T6665]     140548097556480-140548097601535: 0000000000000000
[  414.340494][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  414.355561][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  414.364560][ T6665]     140548097736704-140735437164543: 0000000000000000
[  414.382627][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  414.394386][ T6665]     140735437299712-140735437316095: 0000000000000000
[  414.419788][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  414.435490][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  414.444430][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  414.465259][ T6665] Pass: 9447178 Run:9447285
[  414.470214][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  414.480063][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  414.490146][ T6665] Call Trace:
[  414.493457][ T6665]  <TASK>
[  414.494030][ T7259] BTRFS info (device loop3): enabling ssd optimizations
[  414.496390][ T6665]  dump_stack_lvl+0xd1/0x138
[  414.496443][ T6665]  mt_find.cold+0x8b/0x90
[  414.496486][ T6665]  ? mas_find+0x1d0/0x1d0
[  414.496539][ T6665]  find_vma+0x10c/0x1b0
[  414.496570][ T6665]  ? can_vma_merge_before+0x390/0x390
[  414.496607][ T6665]  ? walk_page_test+0x78/0x180
[  414.496647][ T6665]  walk_page_range+0x2b1/0x4a0
[  414.525807][ T7259] BTRFS info (device loop3): auto enabling async discard
[  414.526295][ T6665]  ? __walk_page_range+0x780/0x780
[  414.548014][ T6665]  mlock_fixup+0x650/0x810
[  414.552500][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  414.554604][ T7259] BTRFS info (device loop3): clearing free space tree
[  414.557730][ T6665]  ? mlock_fixup+0x810/0x810
[  414.557790][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  414.557837][ T6665]  do_mlock+0x25a/0x6d0
[  414.557886][ T6665]  ? folio_evictable+0x270/0x270
[  414.557942][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  414.557985][ T6665]  __x64_sys_mlock+0x59/0x80
[  414.558013][ T6665]  do_syscall_64+0x39/0xb0
[  414.558056][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  414.558091][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  414.609517][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  414.629150][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  414.637585][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  414.645568][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  414.653554][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  414.661538][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  414.669517][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  414.677523][ T6665]  </TASK>
[  414.685173][ T7259] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  414.695504][ T6665] index not increased! 20ffb000 <= 20ffb000
[  414.701643][ T7259] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  414.716039][ T6665] BUG at mt_find:6473 (1)
[  414.717729][ T7259] BTRFS info (device loop3): checking UUID tree
[  414.722020][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  414.741380][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
01:46:49 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x9408, 0x0)

01:46:49 executing program 0:
open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0)

01:46:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x40, r2, 0x1f, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x24, 0x33, @action={@with_ht={{{}, {}, @broadcast, @device_a, @random="2f110eb97d77"}}, @sa_query_req}}]}, 0x40}}, 0x0)

01:46:49 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:49 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x28}}, 0x0)

01:46:49 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0)

[  414.779772][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  414.834205][ T6665]     0-536866815: 0000000000000000
[  414.861396][ T6665]     536866816-536870911: ffff888022f0e0e0
01:46:49 executing program 0:
open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0)

01:46:49 executing program 4:
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x101000, 0x100)

[  414.890372][ T6665]     536870912-553627647: ffff888022f0e1c0
[  414.919347][ T7324] binder: 7320:7324 unknown command 25349
01:46:49 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b80)={<r0=>0xffffffffffffffff})
getpeername(r0, 0x0, 0x0)

[  414.989193][ T6665]     553627648-553635839: 0000000000000000
[  414.998185][ T7324] binder: 7320:7324 ioctl c0306201 20001480 returned -22
01:46:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(0x0, 0x1990c0, 0x0)

01:46:49 executing program 2:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x41c0, 0x2c)

01:46:49 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e24, @remote}, 0x10)

[  415.033464][ T6665]     553635840-553627647: ffff8880272dc9a0
[  415.094748][ T6665]     553627648-553644031: ffff8880272dc8c0
[  415.135814][   T27] audit: type=1800 audit(1673401609.938:36): pid=7341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1153 res=0 errno=0
[  415.139430][ T7340] loop0: detected capacity change from 0 to 256
[  415.174883][ T6665]     553644032-553648127: ffff88807e16c7e0
[  415.206866][ T6665]     553648128-553652223: ffff888022f0e2a0
[  415.216274][ T7176] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  415.230807][ T6665]     553652224-116813594623: 0000000000000000
[  415.289249][ T7340] FAT-fs (loop0): Directory bread(block 64) failed
[  415.306506][ T6665]     116813594624-116817788927: ffff888022f0e380
[  415.309093][ T7340] FAT-fs (loop0): Directory bread(block 65) failed
[  415.312960][ T6665]     116817788928-93825002663935: 0000000000000000
[  415.312992][ T6665]     93825002663936-93825002803199: 
[  415.351076][ T7340] FAT-fs (loop0): Directory bread(block 66) failed
[  415.358168][ T6665] ffff888022f0e460
[  415.402800][ T7340] FAT-fs (loop0): Directory bread(block 67) failed
[  415.404005][ T6665]     93825002803200-140548063096831: 0000000000000000
[  415.410990][ T7340] FAT-fs (loop0): Directory bread(block 68) failed
[  415.419419][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  415.434926][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  415.476455][ T7340] FAT-fs (loop0): Directory bread(block 69) failed
[  415.500266][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  415.515791][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  415.535243][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  415.537869][ T7340] FAT-fs (loop0): Directory bread(block 70) failed
[  415.548785][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  415.548817][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  415.548844][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  415.548872][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  415.548900][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  415.548927][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  415.548953][ T6665]     140548085284864-140548085288959: 0000000000000000
[  415.548980][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  415.549008][ T6665]     140548085653504-140548085690367: 
[  415.564037][ T7340] FAT-fs (loop0): Directory bread(block 71) failed
[  415.618771][ T6665] ffff888022f0eee0
[  415.622522][ T6665]     140548085690368-140548085710847: 0000000000000000
[  415.639328][ T7340] FAT-fs (loop0): Directory bread(block 72) failed
[  415.645894][ T7340] FAT-fs (loop0): Directory bread(block 73) failed
[  415.647846][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  415.667254][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  415.726184][ T6665]     140548097556480-140548097601535: 0000000000000000
[  415.769017][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  415.777335][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  415.784522][ T6665]     140548097736704-140735437164543: 0000000000000000
[  415.793587][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  415.825898][ T6665]     140735437299712-140735437316095: 0000000000000000
[  415.846477][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  415.853779][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  415.874798][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  415.883905][ T6665] Pass: 9475556 Run:9475664
[  415.896413][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  415.906257][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  415.916332][ T6665] Call Trace:
[  415.919627][ T6665]  <TASK>
[  415.922577][ T6665]  dump_stack_lvl+0xd1/0x138
[  415.927214][ T6665]  mt_find.cold+0x8b/0x90
[  415.930660][ T7337] loop3: detected capacity change from 0 to 32768
[  415.931569][ T6665]  ? mas_find+0x1d0/0x1d0
[  415.931619][ T6665]  find_vma+0x10c/0x1b0
[  415.946498][ T6665]  ? can_vma_merge_before+0x390/0x390
[  415.951910][ T6665]  ? walk_page_test+0x78/0x180
[  415.956709][ T6665]  walk_page_range+0x2b1/0x4a0
[  415.961518][ T6665]  ? __walk_page_range+0x780/0x780
[  415.966681][ T6665]  mlock_fixup+0x650/0x810
[  415.971138][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  415.976373][ T6665]  ? mlock_fixup+0x810/0x810
[  415.981006][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  415.986932][ T6665]  do_mlock+0x25a/0x6d0
[  415.991124][ T6665]  ? folio_evictable+0x270/0x270
[  415.996102][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  416.002026][ T6665]  __x64_sys_mlock+0x59/0x80
[  416.006639][ T6665]  do_syscall_64+0x39/0xb0
[  416.011091][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  416.017012][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  416.021442][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  416.041071][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  416.049504][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  416.057493][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  416.065476][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  416.073460][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  416.081475][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  416.089486][ T6665]  </TASK>
[  416.104624][ T7337] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  416.113805][ T6665] index not increased! 20ffb000 <= 20ffb000
[  416.115619][ T7337] BTRFS info (device loop3): force clearing of disk cache
[  416.126427][ T6665] BUG at mt_find:6473 (1)
[  416.127467][ T7337] BTRFS info (device loop3): setting nodatasum
[  416.133755][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  416.137766][ T7337] BTRFS info (device loop3): allowing degraded mounts
[  416.155261][ T7337] BTRFS info (device loop3): enabling disk space caching
[  416.156444][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  416.166587][ T7337] BTRFS info (device loop3): disk space caching is enabled
[  416.211028][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  416.263428][ T6665]     0-536866815: 0000000000000000
[  416.270523][ T6665]     536866816-536870911: ffff888022f0e0e0
[  416.276632][ T6665]     536870912-553627647: ffff888022f0e1c0
[  416.282575][ T6665]     553627648-553635839: 0000000000000000
[  416.288850][ T6665]     553635840-553627647: ffff8880272dc9a0
[  416.297861][ T6665]     553627648-553644031: ffff8880272dc8c0
[  416.298929][ T7337] BTRFS info (device loop3): enabling ssd optimizations
[  416.303780][ T6665]     553644032-553648127: ffff88807e16c7e0
[  416.303811][ T6665]     553648128-553652223: 
[  416.311417][ T7337] BTRFS info (device loop3): auto enabling async discard
[  416.323480][ T6665] ffff888022f0e2a0
[  416.337994][ T7337] BTRFS info (device loop3): clearing free space tree
[  416.343759][ T6665]     553652224-116813594623: 0000000000000000
[  416.344884][ T7337] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  416.354409][ T6665]     116813594624-116817788927: ffff888022f0e380
[  416.369158][ T6665]     116817788928-93825002663935: 0000000000000000
[  416.370806][ T7337] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  416.375764][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  416.396277][ T6665]     93825002803200-140548063096831: 0000000000000000
[  416.403347][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  416.405661][ T7337] BTRFS info (device loop3): checking UUID tree
[  416.417068][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  416.474442][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  416.481687][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  416.488770][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  416.495744][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  416.502777][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  416.509823][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  416.516841][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
01:46:51 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x208e24b)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0)

01:46:51 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:51 executing program 2:
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
openat(r1, &(0x7f0000000080)='./file0\x00', 0x4000, 0x34)

01:46:51 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0)

01:46:51 executing program 4:
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fchownat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0, 0x0)

01:46:51 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(0x0, 0x1990c0, 0x0)

[  416.523808][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  416.531630][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  416.541793][ T6665]     140548085284864-140548085288959: 0000000000000000
[  416.548840][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  416.561608][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  416.595098][ T7366] loop0: detected capacity change from 0 to 256
[  416.611748][   T27] audit: type=1800 audit(1673401611.418:37): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1179 res=0 errno=0
[  416.657188][ T7367] binder: 7362:7367 unknown command 25349
[  416.663068][ T6665]     140548085690368-140548085710847: 0000000000000000
[  416.674794][ T7367] binder: 7362:7367 ioctl c0306201 20001480 returned -22
01:46:51 executing program 4:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}, 0x0, 0x0, 0x0)

01:46:51 executing program 2:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}}, 0x0, 0x0, 0x0)

[  416.699893][ T6665]     140548085710848-140548097556479: ffff88806b3de000
01:46:51 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[  416.767525][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  416.805615][ T7366] FAT-fs (loop0): Directory bread(block 64) failed
[  416.856877][ T7366] FAT-fs (loop0): Directory bread(block 65) failed
01:46:51 executing program 4:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}, 0x0, 0x0, 0x0)

[  416.881691][ T7366] FAT-fs (loop0): Directory bread(block 66) failed
[  416.903873][ T7380] binder: 7379:7380 unknown command 25349
[  416.904662][ T7366] FAT-fs (loop0): Directory bread(block 67) failed
01:46:51 executing program 2:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}}, 0x0, 0x0, 0x0)

[  416.938803][ T7380] binder: 7379:7380 ioctl c0306201 20001480 returned -22
01:46:51 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[  416.985068][ T7366] FAT-fs (loop0): Directory bread(block 68) failed
[  417.026497][ T7366] FAT-fs (loop0): Directory bread(block 69) failed
[  417.056871][ T7366] FAT-fs (loop0): Directory bread(block 70) failed
[  417.064567][ T7366] FAT-fs (loop0): Directory bread(block 71) failed
[  417.086062][ T6665]     140548097556480-140548097601535: 0000000000000000
[  417.123518][ T7388] binder: 7387:7388 unknown command 287493
[  417.127038][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  417.157456][ T7388] binder: 7387:7388 ioctl c0306201 20001480 returned -22
[  417.170670][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  417.179544][ T7366] FAT-fs (loop0): Directory bread(block 72) failed
[  417.186112][ T7366] FAT-fs (loop0): Directory bread(block 73) failed
[  417.206577][ T6665]     140548097736704-140735437164543: 0000000000000000
[  417.213570][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  417.251055][ T6665]     140735437299712-140735437316095: 0000000000000000
[  417.293571][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  417.316582][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  417.323631][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  417.356668][ T6665] Pass: 9505083 Run:9505192
[  417.361217][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  417.371056][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  417.381141][ T6665] Call Trace:
[  417.384444][ T6665]  <TASK>
[  417.387405][ T6665]  dump_stack_lvl+0xd1/0x138
[  417.392050][ T6665]  mt_find.cold+0x8b/0x90
[  417.396441][ T6665]  ? mas_find+0x1d0/0x1d0
[  417.400826][ T6665]  find_vma+0x10c/0x1b0
[  417.405022][ T6665]  ? can_vma_merge_before+0x390/0x390
[  417.410440][ T6665]  ? walk_page_test+0x78/0x180
[  417.415250][ T6665]  walk_page_range+0x2b1/0x4a0
[  417.420062][ T6665]  ? __walk_page_range+0x780/0x780
[  417.425239][ T6665]  mlock_fixup+0x650/0x810
[  417.429713][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  417.434967][ T6665]  ? mlock_fixup+0x810/0x810
[  417.439620][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  417.445559][ T6665]  do_mlock+0x25a/0x6d0
[  417.449766][ T6665]  ? folio_evictable+0x270/0x270
[  417.454758][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  417.460697][ T6665]  __x64_sys_mlock+0x59/0x80
[  417.465314][ T6665]  do_syscall_64+0x39/0xb0
[  417.469775][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  417.475695][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  417.480124][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  417.499754][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  417.508192][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  417.516181][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  417.524167][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  417.532153][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  417.540143][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  417.548165][ T6665]  </TASK>
[  417.618172][ T6665] index not increased! 20ffb000 <= 20ffb000
[  417.624215][ T6665] BUG at mt_find:6473 (1)
[  417.634627][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  417.643558][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  417.695130][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  417.755518][ T6665]     0-536866815: 0000000000000000
[  417.761325][ T6665]     536866816-536870911: ffff888022f0e0e0
[  417.776733][ T6665]     536870912-553627647: ffff888022f0e1c0
[  417.786185][ T6665]     553627648-553635839: 0000000000000000
[  417.797885][ T7378] loop3: detected capacity change from 0 to 32768
[  417.802666][ T6665]     553635840-553627647: ffff8880272dc9a0
[  417.811697][ T6665]     553627648-553644031: ffff8880272dc8c0
[  417.818330][ T7378] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  417.819187][ T6665]     553644032-553648127: ffff88807e16c7e0
[  417.834291][ T6665]     553648128-553652223: ffff888022f0e2a0
[  417.835336][ T7378] BTRFS info (device loop3): force clearing of disk cache
[  417.840745][ T6665]     553652224-116813594623: 0000000000000000
[  417.853816][ T6665]     116813594624-116817788927: ffff888022f0e380
[  417.856280][ T7378] BTRFS info (device loop3): setting nodatasum
[  417.860804][ T6665]     116817788928-93825002663935: 0000000000000000
[  417.873431][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  417.875303][ T7378] BTRFS info (device loop3): allowing degraded mounts
[  417.880703][ T6665]     93825002803200-140548063096831: 0000000000000000
[  417.889421][ T7378] BTRFS info (device loop3): enabling disk space caching
[  417.895167][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  417.913695][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  417.969974][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  417.976385][ T7378] BTRFS info (device loop3): disk space caching is enabled
[  417.978379][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  417.992388][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  418.000622][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  418.008685][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  418.019905][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  418.027330][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  418.028233][ T7378] BTRFS info (device loop3): enabling ssd optimizations
[  418.034375][ T6665]     140548084219904-140548084948991: 
[  418.041460][ T7378] BTRFS info (device loop3): auto enabling async discard
[  418.048879][ T6665] ffff888022f0ec40
[  418.054917][ T7378] BTRFS info (device loop3): clearing free space tree
[  418.064556][ T6665]     140548084948992-140548085284863: 
[  418.064745][ T7378] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  418.064780][ T7378] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  418.073439][ T6665] ffff888022f0ed20
[  418.096281][ T6665]     140548085284864-140548085288959: 0000000000000000
[  418.103486][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  418.111950][ T7378] BTRFS info (device loop3): checking UUID tree
[  418.118712][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  418.125705][ T6665]     140548085690368-140548085710847: 0000000000000000
[  418.134665][ T6665]     140548085710848-140548097556479: ffff88806b3de000
01:46:53 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x208e24b)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0)

01:46:53 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='loginuid\x00')
read$sequencer(r0, 0x0, 0x0)

01:46:53 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='io\x00')
read$FUSE(r0, &(0x7f00000003c0)={0x2020}, 0x2020)

01:46:53 executing program 2:
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/uevent_helper', 0x0, 0x0)

01:46:53 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(0x0, 0x1990c0, 0x0)

[  418.142562][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  418.194092][ T6665]     140548097556480-140548097601535: 0000000000000000
01:46:53 executing program 4:
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/dev_mcast\x00')
read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_LSEEK(r0, &(0x7f00000020c0)={0x18, 0x2f, r2}, 0x18)

[  418.239005][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  418.263068][ T7414] loop0: detected capacity change from 0 to 256
[  418.275918][ T7416] binder: 7409:7416 unknown command 287493
01:46:53 executing program 2:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001940)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000180)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000018c0), 0x10}, 0x80)

[  418.286451][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  418.296792][ T7416] binder: 7409:7416 ioctl c0306201 20001480 returned -22
[  418.322362][ T6665]     140548097736704-140735437164543: 0000000000000000
01:46:53 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:53 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='io\x00')
read$FUSE(r0, &(0x7f00000003c0)={0x2020}, 0x2020)

[  418.360860][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  418.390214][ T7414] FAT-fs (loop0): Directory bread(block 64) failed
01:46:53 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x20}}, 0x0)

01:46:53 executing program 2:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000008c0)={0x4c, 0x13, 0xae09}, 0x4c}}, 0x0)

[  418.458754][ T7414] FAT-fs (loop0): Directory bread(block 65) failed
[  418.476589][ T6665]     140735437299712-140735437316095: 0000000000000000
[  418.497347][ T7414] FAT-fs (loop0): Directory bread(block 66) failed
[  418.510141][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  418.546585][ T7414] FAT-fs (loop0): Directory bread(block 67) failed
[  418.555514][ T7426] binder: 7422:7426 unknown command 287493
[  418.564070][ T7414] FAT-fs (loop0): Directory bread(block 68) failed
[  418.565603][ T6665]     140735437332480-140735437340671: 
[  418.584399][ T7414] FAT-fs (loop0): Directory bread(block 69) failed
[  418.605528][ T7426] binder: 7422:7426 ioctl c0306201 20001480 returned -22
[  418.621912][ T6665] ffff88806b3de2a0
[  418.641759][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  418.657246][ T7414] FAT-fs (loop0): Directory bread(block 70) failed
[  418.691647][ T7414] FAT-fs (loop0): Directory bread(block 71) failed
[  418.706575][ T6665] Pass: 9532154 Run:9532264
[  418.707919][ T7414] FAT-fs (loop0): Directory bread(block 72) failed
[  418.711105][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  418.711137][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  418.737516][ T6665] Call Trace:
[  418.740821][ T6665]  <TASK>
[  418.743773][ T6665]  dump_stack_lvl+0xd1/0x138
[  418.748416][ T6665]  mt_find.cold+0x8b/0x90
[  418.750976][ T7414] FAT-fs (loop0): Directory bread(block 73) failed
[  418.752777][ T6665]  ? mas_find+0x1d0/0x1d0
[  418.752843][ T6665]  find_vma+0x10c/0x1b0
[  418.767825][ T6665]  ? can_vma_merge_before+0x390/0x390
[  418.773243][ T6665]  ? walk_page_test+0x78/0x180
[  418.778058][ T6665]  walk_page_range+0x2b1/0x4a0
[  418.782877][ T6665]  ? __walk_page_range+0x780/0x780
[  418.788055][ T6665]  mlock_fixup+0x650/0x810
[  418.792530][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  418.797794][ T6665]  ? mlock_fixup+0x810/0x810
[  418.802451][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  418.808400][ T6665]  do_mlock+0x25a/0x6d0
[  418.812612][ T6665]  ? folio_evictable+0x270/0x270
[  418.817621][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  418.823572][ T6665]  __x64_sys_mlock+0x59/0x80
[  418.828198][ T6665]  do_syscall_64+0x39/0xb0
[  418.832667][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  418.838598][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  418.843043][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  418.862683][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  418.871135][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  418.879137][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  418.887139][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  418.895141][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  418.903135][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  418.911161][ T6665]  </TASK>
[  418.933683][ T6665] index not increased! 20ffb000 <= 20ffb000
[  418.944595][ T6665] BUG at mt_find:6473 (1)
[  418.957714][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  418.966260][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  419.084885][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  419.136678][ T6665]     0-536866815: 0000000000000000
[  419.142082][ T6665]     536866816-536870911: ffff888022f0e0e0
[  419.148057][ T6665]     536870912-553627647: ffff888022f0e1c0
[  419.154258][ T6665]     553627648-553635839: 0000000000000000
[  419.162480][ T6665]     553635840-553627647: ffff8880272dc9a0
[  419.168519][ T6665]     553627648-553644031: ffff8880272dc8c0
[  419.174592][ T6665]     553644032-553648127: ffff88807e16c7e0
[  419.180575][ T6665]     553648128-553652223: ffff888022f0e2a0
[  419.186722][ T6665]     553652224-116813594623: 0000000000000000
[  419.192921][ T6665]     116813594624-116817788927: ffff888022f0e380
[  419.201041][ T6665]     116817788928-93825002663935: 0000000000000000
[  419.210150][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  419.222799][ T6665]     93825002803200-140548063096831: 0000000000000000
[  419.234207][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  419.251412][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  419.274019][ T7425] loop3: detected capacity change from 0 to 32768
[  419.319003][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  419.326154][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  419.331699][ T7425] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  419.333709][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  419.349700][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  419.352097][ T7425] BTRFS info (device loop3): force clearing of disk cache
[  419.357086][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  419.371378][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  419.378703][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  419.385775][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  419.392865][ T7425] BTRFS info (device loop3): setting nodatasum
[  419.393314][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  419.399288][ T7425] BTRFS info (device loop3): allowing degraded mounts
[  419.406250][ T6665]     140548085284864-140548085288959: 0000000000000000
[  419.422314][ T7425] BTRFS info (device loop3): enabling disk space caching
[  419.422382][ T6665]     140548085288960-140548085653503: 
[  419.431100][ T7425] BTRFS info (device loop3): disk space caching is enabled
[  419.441005][ T6665] ffff888022f0ee00
[  419.448634][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  419.455705][ T6665]     140548085690368-140548085710847: 0000000000000000
[  419.463372][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  419.469914][ T7425] BTRFS info (device loop3): enabling ssd optimizations
[  419.470769][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  419.486168][ T7425] BTRFS info (device loop3): auto enabling async discard
[  419.529088][ T6665]     140548097556480-140548097601535: 0000000000000000
[  419.545294][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  419.552646][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  419.553980][ T7425] BTRFS info (device loop3): clearing free space tree
[  419.560010][ T6665]     140548097736704-140735437164543: 0000000000000000
[  419.573705][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  419.580588][ T7425] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  419.581144][ T6665]     140735437299712-140735437316095: 0000000000000000
[  419.597772][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  419.599578][ T7425] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  419.604807][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  419.623621][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  419.631381][ T6665] Pass: 9534566 Run:9534677
[  419.632857][ T7425] BTRFS info (device loop3): checking UUID tree
[  419.635971][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  419.651914][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  419.661961][ T6665] Call Trace:
[  419.665230][ T6665]  <TASK>
[  419.668154][ T6665]  dump_stack_lvl+0xd1/0x138
[  419.672744][ T6665]  mt_find.cold+0x8b/0x90
[  419.677075][ T6665]  ? mas_find+0x1d0/0x1d0
[  419.681407][ T6665]  find_vma+0x10c/0x1b0
[  419.685559][ T6665]  ? can_vma_merge_before+0x390/0x390
[  419.690941][ T6665]  ? walk_page_test+0x78/0x180
[  419.695740][ T6665]  walk_page_range+0x2b1/0x4a0
[  419.700535][ T6665]  ? __walk_page_range+0x780/0x780
[  419.705691][ T6665]  mlock_fixup+0x650/0x810
[  419.710150][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  419.715384][ T6665]  ? mlock_fixup+0x810/0x810
[  419.720020][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  419.725963][ T6665]  do_mlock+0x25a/0x6d0
[  419.730163][ T6665]  ? folio_evictable+0x270/0x270
[  419.735147][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  419.741076][ T6665]  __x64_sys_mlock+0x59/0x80
[  419.745690][ T6665]  do_syscall_64+0x39/0xb0
[  419.750139][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  419.756057][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  419.760491][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  419.780113][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  419.788552][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  419.796542][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  419.804528][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  419.812513][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  419.820501][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  419.828516][ T6665]  </TASK>
[  419.837209][ T6665] index not increased! 20ffb000 <= 20ffb000
[  419.843173][ T6665] BUG at mt_find:6473 (1)
[  419.847605][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  419.859525][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
01:46:54 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x208e24b)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0)

01:46:54 executing program 4:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, 0x0, r0)

01:46:54 executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, &(0x7f0000001140)=@framed={{}, [@call]}, &(0x7f0000001180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

01:46:54 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x14, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

01:46:54 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(0xffffffffffffffff)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:54 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g")
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

[  419.896838][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  419.950310][ T6665]     0-536866815: 0000000000000000
01:46:54 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={0x0}}, 0x5)

01:46:54 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x18, 0x3, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_FILTER={0x4}]}, 0x18}}, 0x0)

[  419.990047][ T7455] loop0: detected capacity change from 0 to 256
[  420.056074][ T6665]     536866816-536870911: ffff888022f0e0e0
[  420.059235][ T7461] binder: BINDER_SET_CONTEXT_MGR already set
01:46:54 executing program 5:
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x12}]}}, &(0x7f0000000100)=""/177, 0x2a, 0xb1, 0x1}, 0x20)

[  420.122305][ T6665]     536870912-553627647: ffff888022f0e1c0
[  420.146807][ T7461] binder: 7456:7461 ioctl 4018620d 20000000 returned -16
[  420.167138][ T7455] FAT-fs (loop0): Directory bread(block 64) failed
[  420.186528][ T7455] FAT-fs (loop0): Directory bread(block 65) failed
[  420.208029][ T7455] FAT-fs (loop0): Directory bread(block 66) failed
01:46:55 executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x1d, 0x3, &(0x7f0000000240)=@framed, &(0x7f00000000c0)='GPL\x00', 0x2, 0x90, &(0x7f0000000100)=""/144, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[  420.231850][ T7455] FAT-fs (loop0): Directory bread(block 67) failed
[  420.258152][ T6665]     553627648-553635839: 0000000000000000
[  420.280098][ T7455] FAT-fs (loop0): Directory bread(block 68) failed
[  420.304612][ T6665]     553635840-553627647: ffff8880272dc9a0
[  420.318781][ T7455] FAT-fs (loop0): Directory bread(block 69) failed
01:46:55 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(0xffffffffffffffff)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:55 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000400)=0x909fdfc, 0x4)

[  420.350081][ T7455] FAT-fs (loop0): Directory bread(block 70) failed
[  420.358061][ T6665]     553627648-553644031: ffff8880272dc8c0
[  420.379114][ T7455] FAT-fs (loop0): Directory bread(block 71) failed
[  420.393898][ T6665]     553644032-553648127: ffff88807e16c7e0
[  420.427485][ T7455] FAT-fs (loop0): Directory bread(block 72) failed
[  420.448340][ T6665]     553648128-553652223: ffff888022f0e2a0
[  420.466524][ T7455] FAT-fs (loop0): Directory bread(block 73) failed
[  420.485035][ T6665]     553652224-116813594623: 0000000000000000
[  420.532558][ T7478] binder: BINDER_SET_CONTEXT_MGR already set
[  420.578270][ T6665]     116813594624-116817788927: ffff888022f0e380
[  420.579683][ T7478] binder: 7476:7478 ioctl 4018620d 20000000 returned -16
[  420.584724][ T6665]     116817788928-93825002663935: 0000000000000000
[  420.584756][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  420.584784][ T6665]     93825002803200-140548063096831: 0000000000000000
[  420.750092][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  420.798466][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  420.892049][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  420.900894][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  420.920251][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  420.928463][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  420.935532][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  420.943098][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  420.950417][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  420.959594][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  420.969203][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  420.976275][ T6665]     140548085284864-140548085288959: 0000000000000000
[  420.984805][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  420.992147][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  420.999709][ T6665]     140548085690368-140548085710847: 0000000000000000
[  421.007005][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  421.014078][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  421.065934][ T6665]     140548097556480-140548097601535: 0000000000000000
[  421.073367][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  421.082904][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  421.091608][ T6665]     140548097736704-140735437164543: 0000000000000000
[  421.098956][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  421.106026][ T6665]     140735437299712-140735437316095: 0000000000000000
[  421.113472][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  421.121708][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  421.129127][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  421.136993][ T6665] Pass: 9563089 Run:9563201
[  421.141608][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  421.151444][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  421.155057][ T7473] loop3: detected capacity change from 0 to 32768
[  421.161499][ T6665] Call Trace:
[  421.161511][ T6665]  <TASK>
[  421.161521][ T6665]  dump_stack_lvl+0xd1/0x138
[  421.161565][ T6665]  mt_find.cold+0x8b/0x90
[  421.161605][ T6665]  ? mas_find+0x1d0/0x1d0
[  421.161655][ T6665]  find_vma+0x10c/0x1b0
[  421.161686][ T6665]  ? can_vma_merge_before+0x390/0x390
[  421.161723][ T6665]  ? walk_page_test+0x78/0x180
[  421.161765][ T6665]  walk_page_range+0x2b1/0x4a0
[  421.161808][ T6665]  ? __walk_page_range+0x780/0x780
[  421.161873][ T6665]  mlock_fixup+0x650/0x810
[  421.161930][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  421.161979][ T6665]  ? mlock_fixup+0x810/0x810
[  421.162036][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  421.162084][ T6665]  do_mlock+0x25a/0x6d0
[  421.162131][ T6665]  ? folio_evictable+0x270/0x270
[  421.241269][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  421.247199][ T6665]  __x64_sys_mlock+0x59/0x80
[  421.251808][ T6665]  do_syscall_64+0x39/0xb0
[  421.256255][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  421.262172][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  421.266605][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  421.286236][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  421.294666][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  421.302646][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  421.310626][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  421.318606][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  421.326590][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  421.334591][ T6665]  </TASK>
[  421.354121][ T7473] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  421.357875][ T6665] index not increased! 20ffb000 <= 20ffb000
[  421.365430][ T7473] BTRFS info (device loop3): force clearing of disk cache
[  421.370269][ T6665] BUG at mt_find:6473 (1)
[  421.381503][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  421.390159][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  421.390951][ T7473] BTRFS info (device loop3): setting nodatasum
[  421.427234][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  421.427505][ T6665]     0-536866815: 0000000000000000
[  421.427531][ T6665]     536866816-536870911: ffff888022f0e0e0
[  421.427558][ T6665]     536870912-553627647: ffff888022f0e1c0
[  421.427585][ T6665]     553627648-553635839: 0000000000000000
[  421.427610][ T6665]     553635840-553627647: ffff8880272dc9a0
[  421.427636][ T6665]     553627648-553644031: 
[  421.443879][ T7473] BTRFS info (device loop3): allowing degraded mounts
[  421.501017][ T6665] ffff8880272dc8c0
[  421.528038][ T6665]     553644032-553648127: ffff88807e16c7e0
[  421.533973][ T6665]     553648128-553652223: ffff888022f0e2a0
[  421.539843][ T7473] BTRFS info (device loop3): enabling disk space caching
[  421.539932][ T6665]     553652224-116813594623: 0000000000000000
[  421.552767][ T7473] BTRFS info (device loop3): disk space caching is enabled
[  421.553097][ T6665]     116813594624-116817788927: ffff888022f0e380
[  421.566847][ T6665]     116817788928-93825002663935: 0000000000000000
[  421.574278][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  421.581918][ T6665]     93825002803200-140548063096831: 0000000000000000
[  421.590342][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  421.597445][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  421.603330][ T7473] BTRFS info (device loop3): enabling ssd optimizations
[  421.652506][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  421.652555][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  421.652581][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  421.652608][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  421.652636][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  421.652663][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  421.652690][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  421.652719][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  421.652746][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  421.652773][ T6665]     140548085284864-140548085288959: 0000000000000000
[  421.652801][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  421.652829][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  421.652856][ T6665]     140548085690368-140548085710847: 0000000000000000
[  421.652883][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  421.652910][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416
[  421.683960][ T7473] BTRFS info (device loop3): auto enabling async discard
[  421.688827][ T6665]  contents: 
[  421.712904][ T7473] BTRFS info (device loop3): clearing free space tree
[  421.718153][ T6665] 0000000000000000 140548097601535 
[  421.726535][ T7473] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  421.730863][ T6665] ffff88806b3de460 140548097605631 
[  421.737874][ T7473] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  421.752467][ T6665] ffff88806b3de380 140548097736703 
[  421.795591][ T7473] BTRFS info (device loop3): checking UUID tree
[  421.802862][ T6665] 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  421.873147][ T6665]     140548097556480-140548097601535: 0000000000000000
[  421.885849][ T6665]     140548097601536-140548097605631: ffff88806b3de460
01:46:56 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = open(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0)

01:46:56 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x10e, 0xb, 0x0, 0x0)

01:46:56 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000000)={'tunl0\x00', {0x2, 0x0, @loopback}})

01:46:56 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000300)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x7, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @rand_addr, {[@timestamp_prespec={0x44, 0x4}, @generic={0x0, 0x2}]}}}}})

01:46:56 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$BLKBSZGET(r0, 0x1278, 0x0)

01:46:56 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(0xffffffffffffffff)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:56 executing program 0:
syz_open_dev$evdev(&(0x7f0000000000), 0x20000, 0x0)

01:46:56 executing program 2:
syz_io_uring_setup(0x7fb, &(0x7f0000000100)={0x0, 0xe273, 0x8}, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000001c0))

01:46:56 executing program 4:
r0 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
read$alg(r0, &(0x7f0000000080)=""/124, 0xfdef)

[  421.912728][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  421.933533][ T6665]     140548097736704-140735437164543: 0000000000000000
01:46:56 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000)

[  422.061204][ T7506] binder: BINDER_SET_CONTEXT_MGR already set
01:46:56 executing program 2:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x4, &(0x7f0000000140)=@lang_id={0x4}}, {0x4, &(0x7f0000000180)=@string={0x4, 0x3, "82c4"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4}}]})

01:46:56 executing program 0:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

[  422.108990][ T7506] binder: 7501:7506 ioctl 4018620d 20000000 returned -16
[  422.116128][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  422.175491][ T6665]     140735437299712-140735437316095: 0000000000000000
[  422.239118][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  422.273207][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  422.323924][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  422.423157][   T27] audit: type=1800 audit(1673401617.218:38): pid=7524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1161 res=0 errno=0
[  422.543956][ T7525] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  422.880734][ T6665] Pass: 9591760 Run:9591873
[  423.129560][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  423.139429][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  423.149509][ T6665] Call Trace:
[  423.152811][ T6665]  <TASK>
[  423.155764][ T6665]  dump_stack_lvl+0xd1/0x138
[  423.160401][ T6665]  mt_find.cold+0x8b/0x90
[  423.164775][ T6665]  ? mas_find+0x1d0/0x1d0
[  423.169156][ T6665]  find_vma+0x10c/0x1b0
[  423.173358][ T6665]  ? can_vma_merge_before+0x390/0x390
[  423.178773][ T6665]  ? walk_page_test+0x78/0x180
[  423.179363][   T27] audit: type=1804 audit(1673401617.288:39): pid=7525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/131/bus" dev="sda1" ino=1161 res=1 errno=0
[  423.183551][ T6665]  walk_page_range+0x2b1/0x4a0
[  423.213258][ T6665]  ? __walk_page_range+0x780/0x780
[  423.218437][ T6665]  mlock_fixup+0x650/0x810
[  423.222916][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  423.228168][ T6665]  ? mlock_fixup+0x810/0x810
[  423.232830][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  423.238774][ T6665]  do_mlock+0x25a/0x6d0
[  423.242990][ T6665]  ? folio_evictable+0x270/0x270
[  423.246529][ T5367] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  423.247966][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  423.261323][ T6665]  __x64_sys_mlock+0x59/0x80
[  423.265945][ T6665]  do_syscall_64+0x39/0xb0
[  423.270416][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  423.276351][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  423.280795][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  423.300442][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  423.308890][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  423.316886][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  423.324887][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  423.332888][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  423.340888][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  423.348909][ T6665]  </TASK>
[  423.553815][ T6665] index not increased! 20ffb000 <= 20ffb000
[  423.559994][ T6665] BUG at mt_find:6473 (1)
[  423.570446][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  423.586002][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 
[  423.588037][ T7515] loop3: detected capacity change from 0 to 32768
[  423.626972][ T5367] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  423.640418][ T6665] 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  423.647070][ T7515] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  423.651465][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  423.669141][ T7515] BTRFS info (device loop3): force clearing of disk cache
[  423.709863][ T6665]     0-536866815: 0000000000000000
[  423.709895][ T6665]     536866816-536870911: ffff888022f0e0e0
[  423.709923][ T6665]     536870912-553627647: ffff888022f0e1c0
[  423.709951][ T6665]     553627648-553635839: 0000000000000000
[  423.709977][ T6665]     553635840-553627647: ffff8880272dc9a0
[  423.710003][ T6665]     553627648-553644031: ffff8880272dc8c0
[  423.710029][ T6665]     553644032-553648127: ffff88807e16c7e0
[  423.710053][ T6665]     553648128-553652223: ffff888022f0e2a0
[  423.710080][ T6665]     553652224-116813594623: 0000000000000000
[  423.710106][ T6665]     116813594624-116817788927: ffff888022f0e380
[  423.710134][ T6665]     116817788928-93825002663935: 0000000000000000
[  423.710170][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  423.710197][ T6665]     93825002803200-140548063096831: 0000000000000000
[  423.710224][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  423.710252][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 
[  423.734589][ T7515] BTRFS info (device loop3): setting nodatasum
[  423.738892][ T6665] ffff888022f0e8c0 140548077780991 
[  423.741728][ T7515] BTRFS info (device loop3): allowing degraded mounts
[  423.756968][ T6665] ffff888022f0e9a0 140548079878143 
[  423.761059][ T7515] BTRFS info (device loop3): enabling disk space caching
[  423.765483][ T6665] ffff888022f0ea80 140548084072447 
[  423.772632][ T7515] BTRFS info (device loop3): disk space caching is enabled
[  423.788009][ T6665] ffff888022f0eb60 140548084219903 
[  423.846632][ T5367] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  423.851673][ T6665] ffff888022f0ec40 140548084948991 
[  423.863051][ T5367] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.869920][ T6665] ffff888022f0ed20 140548085284863 
[  423.875129][ T7515] BTRFS info (device loop3): enabling ssd optimizations
[  423.884083][ T6665] 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 
[  423.889761][ T5367] usb 3-1: Manufacturer: ì’‚
[  423.897583][ T7515] BTRFS info (device loop3): auto enabling async discard
[  423.903678][ T5367] usb 3-1: SerialNumber: syz
[  423.919610][ T7515] BTRFS info (device loop3): clearing free space tree
[  423.940608][ T6665] 000000000000000d
[  423.940631][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  423.940661][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  423.940690][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  423.940718][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  423.940746][ T6665]     140548077780992-140548079878143: 
[  423.963325][ T7515] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  423.971956][ T6665] ffff888022f0e9a0
[  423.988705][ T7515] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  423.990397][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  424.036563][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  424.038055][ T7515] BTRFS info (device loop3): checking UUID tree
[  424.043519][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  424.043551][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  424.043578][ T6665]     140548085284864-140548085288959: 0000000000000000
[  424.113560][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  424.136388][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  424.143393][ T6665]     140548085690368-140548085710847: 0000000000000000
[  424.167848][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  424.174842][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  424.237215][ T5367] usb 3-1: USB disconnect, device number 3
[  424.256520][ T6665]     140548097556480-140548097601535: 0000000000000000
[  424.265978][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  424.289094][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  424.305112][ T6665]     140548097736704-140735437164543: 0000000000000000
[  424.331958][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  424.350843][ T6665]     140735437299712-140735437316095: 0000000000000000
[  424.365975][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  424.381045][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  424.393350][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  424.413515][ T6665] Pass: 9615328 Run:9615442
[  424.423715][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  424.433562][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  424.443641][ T6665] Call Trace:
[  424.446941][ T6665]  <TASK>
[  424.449894][ T6665]  dump_stack_lvl+0xd1/0x138
[  424.454537][ T6665]  mt_find.cold+0x8b/0x90
[  424.458921][ T6665]  ? mas_find+0x1d0/0x1d0
[  424.463314][ T6665]  find_vma+0x10c/0x1b0
[  424.467511][ T6665]  ? can_vma_merge_before+0x390/0x390
[  424.472923][ T6665]  ? walk_page_test+0x78/0x180
[  424.477732][ T6665]  walk_page_range+0x2b1/0x4a0
[  424.482548][ T6665]  ? __walk_page_range+0x780/0x780
[  424.487725][ T6665]  mlock_fixup+0x650/0x810
[  424.492207][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  424.497474][ T6665]  ? mlock_fixup+0x810/0x810
[  424.502133][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  424.508078][ T6665]  do_mlock+0x25a/0x6d0
[  424.512308][ T6665]  ? folio_evictable+0x270/0x270
[  424.517310][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  424.523253][ T6665]  __x64_sys_mlock+0x59/0x80
[  424.527877][ T6665]  do_syscall_64+0x39/0xb0
[  424.532341][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  424.538267][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  424.542715][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  424.562356][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  424.570811][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
01:46:59 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = open(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0)

01:46:59 executing program 0:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:46:59 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}}, 0x0)

01:46:59 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:59 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000)

01:46:59 executing program 4:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

[  424.578814][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  424.586814][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  424.594812][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  424.600932][ T7555] binder_alloc: 7549: binder_alloc_buf, no vma
[  424.602784][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  424.602830][ T6665]  </TASK>
01:46:59 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:46:59 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000)

[  424.637805][ T6665] index not increased! 20ffb000 <= 20ffb000
[  424.653482][ T6665] BUG at mt_find:6473 (1)
[  424.676465][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
01:46:59 executing program 2:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

[  424.766020][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 
[  424.772032][   T27] audit: type=1800 audit(1673401619.578:40): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1172 res=0 errno=0
[  424.820350][ T6665] | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  424.877510][ T7563] binder_alloc: 7559: binder_alloc_buf, no vma
[  424.921788][ T7570] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  424.947665][ T7567] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
01:46:59 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[  424.966652][   T27] audit: type=1800 audit(1673401619.618:41): pid=7562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1180 res=0 errno=0
[  424.988363][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  425.003844][   T27] audit: type=1804 audit(1673401619.698:42): pid=7566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir661775221/syzkaller.6zod14/150/bus" dev="sda1" ino=1172 res=1 errno=0
[  425.281435][ T7574] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  425.315741][ T7575] binder_alloc: 7573: binder_alloc_buf, no vma
[  425.373414][ T6665]     0-536866815: 0000000000000000
01:47:00 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000)

01:47:00 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[  425.415625][ T6665]     536866816-536870911: ffff888022f0e0e0
[  425.517713][ T6665]     536870912-553627647: ffff888022f0e1c0
[  425.538642][   T27] audit: type=1804 audit(1673401619.698:43): pid=7567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/132/bus" dev="sda1" ino=1180 res=1 errno=0
[  425.597397][ T6665]     553627648-553635839: 0000000000000000
[  425.620655][ T7577] binder: BINDER_SET_CONTEXT_MGR already set
[  425.638539][ T6665]     553635840-553627647: ffff8880272dc9a0
[  425.656598][ T7577] binder: 7576:7577 ioctl 4018620d 20000000 returned -16
[  425.700088][ T6665]     553627648-553644031: ffff8880272dc8c0
[  425.715210][   T27] audit: type=1800 audit(1673401619.968:44): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1171 res=0 errno=0
[  425.767923][ T6665]     553644032-553648127: ffff88807e16c7e0
[  425.794262][   T27] audit: type=1804 audit(1673401620.038:45): pid=7574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/139/bus" dev="sda1" ino=1171 res=1 errno=0
[  425.831715][ T6665]     553648128-553652223: ffff888022f0e2a0
[  425.866807][ T6665]     553652224-116813594623: 0000000000000000
[  425.939978][ T6665]     116813594624-116817788927: ffff888022f0e380
[  425.966217][ T6665]     116817788928-93825002663935: 0000000000000000
[  426.007860][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  426.014704][ T6665]     93825002803200-140548063096831: 0000000000000000
[  426.086513][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  426.098111][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  426.309106][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  426.334306][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  426.359290][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  426.378138][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  426.385956][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  426.399750][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  426.433032][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  426.457472][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  426.464460][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  426.496413][ T6665]     140548085284864-140548085288959: 0000000000000000
[  426.503419][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  426.545277][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  426.568599][ T6665]     140548085690368-140548085710847: 0000000000000000
[  426.575601][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  426.608590][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  426.826386][ T6665]     140548097556480-140548097601535: 0000000000000000
[  426.833397][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  426.856380][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  426.863411][ T6665]     140548097736704-140735437164543: 0000000000000000
[  426.901320][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  426.926547][ T6665]     140735437299712-140735437316095: 0000000000000000
[  426.933541][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  426.986361][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  426.993567][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  427.036529][ T6665] Pass: 9635490 Run:9635605
[  427.041078][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  427.050914][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  427.060997][ T6665] Call Trace:
[  427.064298][ T6665]  <TASK>
[  427.067258][ T6665]  dump_stack_lvl+0xd1/0x138
[  427.071898][ T6665]  mt_find.cold+0x8b/0x90
[  427.076279][ T6665]  ? mas_find+0x1d0/0x1d0
[  427.080681][ T6665]  find_vma+0x10c/0x1b0
[  427.084871][ T6665]  ? can_vma_merge_before+0x390/0x390
[  427.090292][ T6665]  ? walk_page_test+0x78/0x180
[  427.095105][ T6665]  walk_page_range+0x2b1/0x4a0
[  427.099921][ T6665]  ? __walk_page_range+0x780/0x780
[  427.105097][ T6665]  mlock_fixup+0x650/0x810
[  427.109576][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  427.114831][ T6665]  ? mlock_fixup+0x810/0x810
[  427.119488][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  427.125433][ T6665]  do_mlock+0x25a/0x6d0
[  427.129639][ T6665]  ? folio_evictable+0x270/0x270
[  427.134639][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  427.140582][ T6665]  __x64_sys_mlock+0x59/0x80
[  427.145202][ T6665]  do_syscall_64+0x39/0xb0
[  427.149674][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  427.155605][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  427.160050][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  427.179690][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  427.188140][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  427.196138][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  427.204136][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  427.212145][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  427.220143][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  427.228168][ T6665]  </TASK>
[  427.286300][ T7582] loop3: detected capacity change from 0 to 32768
[  427.330477][ T7582] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  427.363192][ T7582] BTRFS info (device loop3): force clearing of disk cache
[  427.395014][ T7582] BTRFS info (device loop3): setting nodatasum
[  427.412871][ T7582] BTRFS info (device loop3): allowing degraded mounts
[  427.425081][ T7582] BTRFS info (device loop3): enabling disk space caching
[  427.444057][ T7582] BTRFS info (device loop3): disk space caching is enabled
[  427.454899][ T6665] index not increased! 20ffb000 <= 20ffb000
[  427.465708][ T6665] BUG at mt_find:6473 (1)
[  427.485194][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  427.515300][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  427.555661][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  427.573697][ T7582] BTRFS info (device loop3): enabling ssd optimizations
[  427.615844][ T7582] BTRFS info (device loop3): auto enabling async discard
[  427.624010][ T7582] BTRFS info (device loop3): clearing free space tree
[  427.624799][ T6665]     0-536866815: 
[  427.630968][ T7582] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  427.635118][ T6665] 0000000000000000
[  427.644537][ T7582] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  427.659443][ T6665]     536866816-536870911: ffff888022f0e0e0
[  427.659688][ T7582] BTRFS info (device loop3): checking UUID tree
[  427.665358][ T6665]     536870912-553627647: ffff888022f0e1c0
[  427.665388][ T6665]     553627648-553635839: 0000000000000000
[  427.683738][ T6665]     553635840-553627647: ffff8880272dc9a0
[  427.689752][ T6665]     553627648-553644031: ffff8880272dc8c0
[  427.696472][ T6665]     553644032-553648127: ffff88807e16c7e0
[  427.702417][ T6665]     553648128-553652223: ffff888022f0e2a0
[  427.714217][ T6665]     553652224-116813594623: 0000000000000000
[  427.722348][ T6665]     116813594624-116817788927: ffff888022f0e380
[  427.730532][ T6665]     116817788928-93825002663935: 0000000000000000
[  427.745641][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  427.757037][ T6665]     93825002803200-140548063096831: 0000000000000000
[  427.763937][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  427.786468][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  427.906394][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  427.913401][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  427.936607][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  427.943602][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  427.976600][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  427.983598][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  428.006401][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  428.013399][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
01:47:02 executing program 5:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:02 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:47:02 executing program 0:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:02 executing program 2:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:02 executing program 4:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:02 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = open(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0)

[  428.030552][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  428.041228][ T6665]     140548085284864-140548085288959: 0000000000000000
[  428.048808][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
01:47:02 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[  428.088769][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  428.120789][ T6665]     140548085690368-140548085710847: 0000000000000000
[  431.289153][ T7613] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  431.299050][ T7620] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  431.313271][ T7623] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  431.348181][   T27] audit: type=1800 audit(1673401624.238:46): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1186 res=0 errno=0
[  431.349079][    C1] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'acpi_pm' as unstable because the skew is too large:
[  431.382327][    C1] clocksource:                       'tsc' wd_nsec: 3092656787 wd_now: ded3c0cb72 wd_last: dd3e2d0438 mask: ffffffffffffffff
[  431.395314][    C1] clocksource:                       'acpi_pm' cs_nsec: 0 cs_now: 28fe08 cs_last: 800ecd mask: ffffff
[  431.406294][    C1] clocksource:                       Clocksource 'acpi_pm' skewed -3092656787 ns (18446744070616 ms) over watchdog 'tsc' interval of 3092656787 ns (3092 ms)
[  431.422094][    C1] clocksource:                       'tsc' (not 'acpi_pm') is current clocksource.
[  431.444035][   T27] audit: type=1800 audit(1673401624.428:47): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1187 res=0 errno=0
01:47:06 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[  432.092475][ T6665]     140548085710848-140548097556479: ffff88806b3de000
01:47:07 executing program 0:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

[  432.099633][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  432.209365][   T27] audit: type=1800 audit(1673401624.438:48): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1188 res=0 errno=0
[  432.274847][ T7632] binder: 7629:7632 ioctl c0306201 0 returned -14
[  432.318774][   T27] audit: type=1804 audit(1673401625.208:49): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/133/bus" dev="sda1" ino=1188 res=1 errno=0
[  432.346040][ T6665]     140548097556480-140548097601535: 0000000000000000
[  432.370327][ T7637] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  432.594191][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  432.601469][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  432.609175][ T6665]     140548097736704-140735437164543: 0000000000000000
[  432.618321][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
01:47:07 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[  432.990941][ T7635] syz-executor.5 (7635) used greatest stack depth: 21920 bytes left
01:47:08 executing program 4:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:08 executing program 2:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

[  433.194426][ T6665]     140735437299712-140735437316095: 0000000000000000
[  433.443535][   T27] audit: type=1800 audit(1673401627.038:50): pid=7630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1167 res=0 errno=0
[  433.505199][ T7638] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  433.518028][   T27] audit: type=1800 audit(1673401627.198:51): pid=7621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=1187 res=0 errno=0
[  433.538015][   T27] audit: type=1800 audit(1673401627.258:52): pid=7619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=1186 res=0 errno=0
[  433.559865][   T27] audit: type=1800 audit(1673401627.378:53): pid=7639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1189 res=0 errno=0
[  433.581280][   T27] audit: type=1804 audit(1673401627.438:54): pid=7635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir2603334418/syzkaller.6cD5tK/32/bus" dev="sda1" ino=1167 res=1 errno=0
[  433.589676][ T7645] binder: 7644:7645 ioctl c0306201 0 returned -14
[  433.606982][   T27] audit: type=1804 audit(1673401627.808:55): pid=7641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/134/bus" dev="sda1" ino=1189 res=1 errno=0
[  433.640296][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  433.679860][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  433.708355][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  433.769388][ T6665] Pass: 9682205 Run:9682321
[  433.781916][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  433.791765][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  433.801854][ T6665] Call Trace:
[  433.805159][ T6665]  <TASK>
[  433.808117][ T6665]  dump_stack_lvl+0xd1/0x138
[  433.812769][ T6665]  mt_find.cold+0x8b/0x90
[  433.817147][ T6665]  ? mas_find+0x1d0/0x1d0
[  433.821515][ T6665]  find_vma+0x10c/0x1b0
[  433.825691][ T6665]  ? can_vma_merge_before+0x390/0x390
[  433.831091][ T6665]  ? walk_page_test+0x78/0x180
[  433.835884][ T6665]  walk_page_range+0x2b1/0x4a0
[  433.840684][ T6665]  ? __walk_page_range+0x780/0x780
[  433.845844][ T6665]  mlock_fixup+0x650/0x810
[  433.850309][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  433.855543][ T6665]  ? mlock_fixup+0x810/0x810
[  433.860188][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  433.866118][ T6665]  do_mlock+0x25a/0x6d0
[  433.870309][ T6665]  ? folio_evictable+0x270/0x270
[  433.875289][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  433.881214][ T6665]  __x64_sys_mlock+0x59/0x80
[  433.885820][ T6665]  do_syscall_64+0x39/0xb0
[  433.890274][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  433.896192][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  433.900618][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  433.920244][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  433.928704][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  433.936697][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  433.944692][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  433.952684][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  433.960682][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  433.968692][ T6665]  </TASK>
[  434.856627][ T7662] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  434.942232][ T7651] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  434.947034][ T6665] index not increased! 20ffb000 <= 20ffb000
[  434.958197][ T6665] BUG at mt_find:6473 (1)
[  434.980575][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  434.992876][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  435.044368][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  435.131003][ T7656] syz-executor.2 (7656) used greatest stack depth: 21464 bytes left
[  435.196869][ T6665]     0-536866815: 0000000000000000
[  435.202234][ T6665]     536866816-536870911: ffff888022f0e0e0
[  435.226613][ T6665]     536870912-553627647: ffff888022f0e1c0
[  435.242035][ T6665]     553627648-553635839: 0000000000000000
[  435.256523][ T6665]     553635840-553627647: ffff8880272dc9a0
[  435.296462][ T6665]     553627648-553644031: ffff8880272dc8c0
[  435.304676][ T6665]     553644032-553648127: ffff88807e16c7e0
[  435.335535][ T6665]     553648128-553652223: ffff888022f0e2a0
[  435.356401][ T6665]     553652224-116813594623: 0000000000000000
[  435.366542][ T6665]     116813594624-116817788927: ffff888022f0e380
[  435.413517][ T6665]     116817788928-93825002663935: 0000000000000000
[  435.430141][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  435.476261][ T6665]     93825002803200-140548063096831: 0000000000000000
[  435.483562][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  435.496535][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  435.616402][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  435.623492][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  435.646431][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  435.653493][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  435.676445][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  435.683517][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  435.706472][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  435.735834][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  435.766016][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  435.774563][ T6665]     140548085284864-140548085288959: 0000000000000000
[  435.802799][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  435.827970][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  435.835059][ T6665]     140548085690368-140548085710847: 0000000000000000
[  435.855956][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  435.886440][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  436.026427][ T6665]     140548097556480-140548097601535: 0000000000000000
[  436.035774][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  436.060286][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  436.083089][ T6665]     140548097736704-140735437164543: 0000000000000000
[  436.098217][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  436.113616][ T6665]     140735437299712-140735437316095: 0000000000000000
[  436.128647][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  436.140775][ T7666] loop3: detected capacity change from 0 to 32768
[  436.147381][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  436.173219][ T7666] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  436.193251][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  436.213256][ T7666] BTRFS info (device loop3): force clearing of disk cache
[  436.223578][ T6665] Pass: 9696721 Run:9696838
[  436.228539][ T7666] BTRFS info (device loop3): setting nodatasum
[  436.234835][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  436.244673][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  436.254750][ T6665] Call Trace:
[  436.258048][ T6665]  <TASK>
[  436.260998][ T6665]  dump_stack_lvl+0xd1/0x138
[  436.265631][ T6665]  mt_find.cold+0x8b/0x90
[  436.270002][ T6665]  ? mas_find+0x1d0/0x1d0
[  436.274386][ T6665]  find_vma+0x10c/0x1b0
[  436.275206][ T7666] BTRFS info (device loop3): allowing degraded mounts
[  436.278553][ T6665]  ? can_vma_merge_before+0x390/0x390
[  436.278593][ T6665]  ? walk_page_test+0x78/0x180
[  436.278633][ T6665]  walk_page_range+0x2b1/0x4a0
[  436.278674][ T6665]  ? __walk_page_range+0x780/0x780
[  436.278734][ T6665]  mlock_fixup+0x650/0x810
[  436.286578][ T7666] BTRFS info (device loop3): enabling disk space caching
[  436.290848][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  436.295582][ T7666] BTRFS info (device loop3): disk space caching is enabled
[  436.300326][ T6665]  ? mlock_fixup+0x810/0x810
[  436.300384][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  436.300429][ T6665]  do_mlock+0x25a/0x6d0
[  436.343964][ T6665]  ? folio_evictable+0x270/0x270
[  436.348959][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  436.354888][ T6665]  __x64_sys_mlock+0x59/0x80
[  436.359496][ T6665]  do_syscall_64+0x39/0xb0
[  436.363940][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  436.369857][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  436.374286][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  436.393907][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  436.402343][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  436.410328][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  436.418312][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  436.426295][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  436.434281][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  436.442283][ T6665]  </TASK>
[  436.454863][ T6665] index not increased! 20ffb000 <= 20ffb000
[  436.463564][ T6665] BUG at mt_find:6473 (1)
[  436.468888][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  436.478079][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  436.517353][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  436.574334][ T6665]     0-536866815: 0000000000000000
[  436.582445][ T6665]     536866816-536870911: ffff888022f0e0e0
[  436.595192][ T6665]     536870912-553627647: ffff888022f0e1c0
[  436.601312][ T6665]     553627648-553635839: 0000000000000000
[  436.607567][ T6665]     553635840-553627647: ffff8880272dc9a0
[  436.616429][ T6665]     553627648-553644031: ffff8880272dc8c0
[  436.624075][ T6665]     553644032-553648127: ffff88807e16c7e0
[  436.632058][ T6665]     553648128-553652223: ffff888022f0e2a0
[  436.637988][ T7666] BTRFS info (device loop3): enabling ssd optimizations
[  436.638015][ T7666] BTRFS info (device loop3): auto enabling async discard
[  436.643836][ T7666] BTRFS info (device loop3): clearing free space tree
[  436.645966][ T6665]     553652224-116813594623: 0000000000000000
[  436.662635][ T7666] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  436.665932][ T6665]     116813594624-116817788927: 
[  436.675777][ T7666] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  436.687468][ T6665] ffff888022f0e380
[  436.694932][ T6665]     116817788928-93825002663935: 0000000000000000
[  436.703857][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  436.710911][ T6665]     93825002803200-140548063096831: 0000000000000000
[  436.713696][ T7666] BTRFS info (device loop3): checking UUID tree
[  436.717926][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  436.717967][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  436.806419][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  436.813423][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  436.834687][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  436.841879][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  436.850677][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  436.860951][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  436.868100][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  436.886382][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  436.893416][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  436.929277][ T6665]     140548085284864-140548085288959: 0000000000000000
[  436.936274][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  436.959794][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  436.974827][ T6665]     140548085690368-140548085710847: 0000000000000000
[  436.988609][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  436.995602][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  437.091308][ T6665]     140548097556480-140548097601535: 0000000000000000
[  437.098964][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  437.105951][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  437.113358][ T6665]     140548097736704-140735437164543: 0000000000000000
[  437.123730][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  437.131822][ T6665]     140735437299712-140735437316095: 0000000000000000
[  437.142829][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  437.150118][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  437.157451][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  437.164867][ T6665] Pass: 9717289 Run:9717407
[  437.170021][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  437.179859][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  437.189931][ T6665] Call Trace:
[  437.193216][ T6665]  <TASK>
[  437.196157][ T6665]  dump_stack_lvl+0xd1/0x138
[  437.200777][ T6665]  mt_find.cold+0x8b/0x90
[  437.205132][ T6665]  ? mas_find+0x1d0/0x1d0
[  437.209498][ T6665]  find_vma+0x10c/0x1b0
[  437.213673][ T6665]  ? can_vma_merge_before+0x390/0x390
[  437.219067][ T6665]  ? walk_page_test+0x78/0x180
[  437.223860][ T6665]  walk_page_range+0x2b1/0x4a0
[  437.228652][ T6665]  ? __walk_page_range+0x780/0x780
[  437.233805][ T6665]  mlock_fixup+0x650/0x810
[  437.238265][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  437.243500][ T6665]  ? mlock_fixup+0x810/0x810
[  437.248133][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  437.254057][ T6665]  do_mlock+0x25a/0x6d0
[  437.258249][ T6665]  ? folio_evictable+0x270/0x270
[  437.263232][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  437.269151][ T6665]  __x64_sys_mlock+0x59/0x80
[  437.273758][ T6665]  do_syscall_64+0x39/0xb0
[  437.278204][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  437.284115][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  437.288541][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  437.308161][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  437.316596][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  437.324578][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  437.332562][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
01:47:12 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0)

01:47:12 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

01:47:12 executing program 0:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:12 executing program 2:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:12 executing program 5:
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x1f, 0x2, 0x7, 0x1, 0x2, 0x3d, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x50, 0x0, 0xbc}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x7, 0x3f, 0x40}}]}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x4, 0x0, 0x40, 0xff, 0x7f}, 0x22, &(0x7f0000000100)={0x5, 0xf, 0x22, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "569d32bc8310a45d322601cc3a3af7c8"}, @generic={0x9, 0x10, 0xb, "d03ec3143e5b"}]}, 0x7, [{0xc8, &(0x7f0000000140)=@string={0xc8, 0x3, "a50aeaf687fb091af76b68814481c3fc0ce8e78801f7ff53db66c4a553d33321be5f14ea25e8da41113e5599438855fd881486f15fba18f76a5fdbb793985b1dc3eb3ffa192b486d04fb67fc7cd333ca08a49dbaab67f928b1a208a2afa1e53bf94c60b07de82d6d1b5602665950304bba05b90948c8f86c0bc4d64423da34050b288d1fbba8f4c00a40039ebbab941e43ea628f5c9bc1fe56617d583b09b381f9481a7de08ae0be523b8e2835b25b7d4792b9294bca3e6ba767d8872dda2311ea5f38cdc850"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1401}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x42a}}, {0x85, &(0x7f00000002c0)=@string={0x85, 0x3, "ebe8ac684dc1f7e9324d35854adf3e68b1cda036e81157762cccc21f14100d15ac1b97e36c8d52796e41926c6f60a98c2fcca12711fc7aad675946732f4febb1d36f358582afd0af2338c0a1ebeee3229512a86adaa41eca0c6d4a84cb37033b1cfd30ce5ff4cb4ae14f0b90fe0426674876e300d3bdf37431254609fb6ae6f0eeae0f"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x419}}, {0x9b, &(0x7f00000003c0)=@string={0x9b, 0x3, "0c248e70d5231f9dfeaf9161d2f984878d520b481c239294c4aa31b7c65b17822eb926bb745d4cd58d1f1ab28b4e4c6f5579369f123a73c375c533e718db041280b7f9297ca168ac19627915eeefb739f397d8d75c9da9f254d0abc8b9f2b0856ef74934bdd9ca3321b1bcd362376910d6b1dd991b7a4a0dd5299b8f8d32c4e2e8e0bfb3ad95b2fbb00abdffa4c3a126e26d6e3f8a15c3b54d"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x5038}}]})

01:47:12 executing program 4:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
recvmsg(r0, &(0x7f0000002800)={0x0, 0x0, 0x0}, 0x12040)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x0, 'veth0_vlan\x00', {0x3}, 0x8001})

[  437.340543][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  437.348525][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  437.356524][ T6665]  </TASK>
[  437.365152][ T6665] index not increased! 20ffb000 <= 20ffb000
[  437.374379][ T6665] BUG at mt_find:6473 (1)
[  437.380442][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
01:47:12 executing program 4:
r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x0)

[  437.430215][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  437.472999][ T7693] binder: 7687:7693 ioctl c0306201 0 returned -14
[  438.850184][   T27] kauditd_printk_skb: 4 callbacks suppressed
[  438.852106][   T27] audit: type=1800 audit(1673401633.148:60): pid=7697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1167 res=0 errno=0
[  439.223774][ T7695] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  439.530044][ T7700] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  439.615916][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
01:47:14 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f0000001080), &(0x7f00000010c0)=0x4)

01:47:14 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  439.678432][ T1207] ieee802154 phy0 wpan0: encryption failed: -22
[  439.684767][ T1207] ieee802154 phy1 wpan1: encryption failed: -22
01:47:14 executing program 2:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

01:47:14 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup2(r0, r0)
write$P9_RGETATTR(r1, 0x0, 0x0)

01:47:14 executing program 4:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
linkat(r0, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

[  439.731608][   T27] audit: type=1804 audit(1673401633.388:61): pid=7699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/135/bus" dev="sda1" ino=1167 res=1 errno=0
[  439.875052][ T6665]     0-536866815: 0000000000000000
[  439.883507][   T27] audit: type=1800 audit(1673401633.648:62): pid=7698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1168 res=0 errno=0
[  439.908793][ T6665]     536866816-536870911: ffff888022f0e0e0
[  439.934283][ T6665]     536870912-553627647: ffff888022f0e1c0
[  439.966800][ T6665]     553627648-553635839: 0000000000000000
[  440.098985][   T27] audit: type=1804 audit(1673401633.808:63): pid=7700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/142/bus" dev="sda1" ino=1168 res=1 errno=0
[  440.143077][ T7720] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  440.276943][ T5309] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  440.330480][ T6665]     553635840-553627647: ffff8880272dc9a0
[  440.352246][   T27] audit: type=1800 audit(1673401634.808:64): pid=7718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1168 res=0 errno=0
[  440.783381][ T6665]     553627648-553644031: ffff8880272dc8c0
[  440.789426][ T6665]     553644032-553648127: ffff88807e16c7e0
[  440.795365][ T6665]     553648128-553652223: ffff888022f0e2a0
[  440.801500][ T6665]     553652224-116813594623: 0000000000000000
[  440.816992][ T6665]     116813594624-116817788927: ffff888022f0e380
[  440.825099][ T6665]     116817788928-93825002663935: 0000000000000000
[  440.835857][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  440.843779][ T6665]     93825002803200-140548063096831: 0000000000000000
[  440.851063][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  440.858261][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  440.928846][   T27] audit: type=1804 audit(1673401634.878:65): pid=7719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/143/bus" dev="sda1" ino=1168 res=1 errno=0
[  440.961356][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  440.968444][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  440.975420][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  440.982518][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  440.990432][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  440.997940][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  441.013949][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  441.022887][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  441.044017][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  441.052949][ T6665]     140548085284864-140548085288959: 0000000000000000
[  441.070366][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  441.086404][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  441.093911][ T6665]     140548085690368-140548085710847: 0000000000000000
[  441.103558][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  441.110931][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  441.164213][ T6665]     140548097556480-140548097601535: 0000000000000000
[  441.182210][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  441.189524][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  441.197290][ T6665]     140548097736704-140735437164543: 0000000000000000
[  441.204269][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  441.211923][ T6665]     140735437299712-140735437316095: 0000000000000000
[  441.230180][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  441.245360][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  441.265719][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  441.279898][ T6665] Pass: 9733775 Run:9733894
[  441.284432][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  441.294263][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  441.304342][ T6665] Call Trace:
[  441.307638][ T6665]  <TASK>
[  441.310605][ T6665]  dump_stack_lvl+0xd1/0x138
[  441.315253][ T6665]  mt_find.cold+0x8b/0x90
[  441.319630][ T6665]  ? mas_find+0x1d0/0x1d0
[  441.324014][ T6665]  find_vma+0x10c/0x1b0
[  441.328206][ T6665]  ? can_vma_merge_before+0x390/0x390
[  441.333621][ T6665]  ? walk_page_test+0x78/0x180
[  441.338435][ T6665]  walk_page_range+0x2b1/0x4a0
[  441.343244][ T6665]  ? __walk_page_range+0x780/0x780
[  441.348418][ T6665]  mlock_fixup+0x650/0x810
[  441.352900][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  441.358151][ T6665]  ? mlock_fixup+0x810/0x810
[  441.362805][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  441.368747][ T6665]  do_mlock+0x25a/0x6d0
[  441.372958][ T6665]  ? folio_evictable+0x270/0x270
[  441.377958][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  441.383894][ T6665]  __x64_sys_mlock+0x59/0x80
[  441.388513][ T6665]  do_syscall_64+0x39/0xb0
[  441.392972][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  441.398911][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  441.403351][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  441.422987][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  441.431442][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  441.439443][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  441.447440][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  441.455436][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  441.463430][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  441.471471][ T6665]  </TASK>
[  441.481893][ T6665] index not increased! 20ffb000 <= 20ffb000
[  441.487871][ T6665] BUG at mt_find:6473 (1)
[  441.492220][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  441.504206][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  441.544098][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  441.596592][ T6665]     0-536866815: 0000000000000000
[  441.601920][ T6665]     536866816-536870911: ffff888022f0e0e0
[  441.608184][ T6665]     536870912-553627647: ffff888022f0e1c0
[  441.614208][ T6665]     553627648-553635839: 0000000000000000
[  441.620265][ T6665]     553635840-553627647: ffff8880272dc9a0
[  441.626278][ T6665]     553627648-553644031: ffff8880272dc8c0
[  441.632377][ T6665]     553644032-553648127: ffff88807e16c7e0
[  441.639941][ T6665]     553648128-553652223: ffff888022f0e2a0
[  441.645962][ T6665]     553652224-116813594623: 0000000000000000
[  441.652308][ T6665]     116813594624-116817788927: ffff888022f0e380
[  441.658893][ T6665]     116817788928-93825002663935: 0000000000000000
[  441.665604][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  441.672571][ T6665]     93825002803200-140548063096831: 0000000000000000
[  441.680149][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  441.687435][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  441.699077][ T7724] loop3: detected capacity change from 0 to 32768
[  441.749077][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  441.757667][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  441.764728][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  441.772137][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  441.776013][ T7724] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  441.788781][ T7724] BTRFS info (device loop3): force clearing of disk cache
[  441.790819][ T6665]     140548077780992-140548079878143: 
[  441.795904][ T7724] BTRFS info (device loop3): setting nodatasum
[  441.795933][ T7724] BTRFS info (device loop3): allowing degraded mounts
[  441.811073][ T6665] ffff888022f0e9a0
[  441.814828][ T7724] BTRFS info (device loop3): enabling disk space caching
[  441.818719][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  441.826477][ T7724] BTRFS info (device loop3): disk space caching is enabled
[  441.832994][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  441.852096][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  441.859993][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  441.867258][ T6665]     140548085284864-140548085288959: 0000000000000000
[  441.874331][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  441.881669][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  441.881746][ T7724] BTRFS info (device loop3): enabling ssd optimizations
[  441.895888][ T7724] BTRFS info (device loop3): auto enabling async discard
[  441.896964][ T6665]     140548085690368-140548085710847: 0000000000000000
[  441.917098][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  441.920881][ T7724] BTRFS info (device loop3): clearing free space tree
[  441.924062][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  441.936552][ T7724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  441.986538][ T6665]     140548097556480-140548097601535: 0000000000000000
[  441.999852][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  442.006897][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  442.014084][ T6665]     140548097736704-140735437164543: 0000000000000000
[  442.021126][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  442.028487][ T6665]     140735437299712-140735437316095: 0000000000000000
[  442.035468][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  442.037024][ T7724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  442.042530][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  442.060943][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  442.068429][ T6665] Pass: 9738149 Run:9738269
[  442.073094][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  442.082430][ T7724] BTRFS info (device loop3): checking UUID tree
[  442.082903][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  442.082921][ T6665] Call Trace:
[  442.082930][ T6665]  <TASK>
[  442.082942][ T6665]  dump_stack_lvl+0xd1/0x138
[  442.110031][ T6665]  mt_find.cold+0x8b/0x90
[  442.114401][ T6665]  ? mas_find+0x1d0/0x1d0
[  442.118762][ T6665]  find_vma+0x10c/0x1b0
[  442.122939][ T6665]  ? can_vma_merge_before+0x390/0x390
[  442.128331][ T6665]  ? walk_page_test+0x78/0x180
[  442.133126][ T6665]  walk_page_range+0x2b1/0x4a0
[  442.137907][ T6665]  ? __walk_page_range+0x780/0x780
[  442.143064][ T6665]  mlock_fixup+0x650/0x810
[  442.147511][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  442.152764][ T6665]  ? mlock_fixup+0x810/0x810
[  442.157424][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  442.163353][ T6665]  do_mlock+0x25a/0x6d0
[  442.167528][ T6665]  ? folio_evictable+0x270/0x270
[  442.172510][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  442.178432][ T6665]  __x64_sys_mlock+0x59/0x80
[  442.183038][ T6665]  do_syscall_64+0x39/0xb0
[  442.187482][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  442.193395][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  442.197821][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  442.217443][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  442.225872][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  442.233856][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  442.241839][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  442.249824][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  442.257809][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  442.265811][ T6665]  </TASK>
[  442.277332][ T6665] index not increased! 20ffb000 <= 20ffb000
[  442.288913][ T6665] BUG at mt_find:6473 (1)
[  442.306656][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  442.325515][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  442.373285][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  442.514818][ T6665]     0-536866815: 0000000000000000
[  442.526055][ T6665]     536866816-536870911: ffff888022f0e0e0
[  442.537852][ T6665]     536870912-553627647: ffff888022f0e1c0
[  442.543805][ T6665]     553627648-553635839: 0000000000000000
[  442.565982][ T6665]     553635840-553627647: ffff8880272dc9a0
[  442.576488][ T6665]     553627648-553644031: ffff8880272dc8c0
[  442.590281][ T6665]     553644032-553648127: ffff88807e16c7e0
[  442.596225][ T6665]     553648128-553652223: ffff888022f0e2a0
[  442.602536][ T6665]     553652224-116813594623: 0000000000000000
[  442.609012][ T6665]     116813594624-116817788927: ffff888022f0e380
01:47:17 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0)

01:47:17 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

01:47:17 executing program 4:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, 0x0)

01:47:17 executing program 0:
io_submit(0x0, 0x1, &(0x7f0000001900)=[&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])

01:47:17 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r0, 0x6, 0x6ca, &(0x7f0000000040)=0x7, 0x4)

01:47:17 executing program 2:
dup(0xffffffffffffffff)
mkdir(&(0x7f00000010c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x80001d00c0d0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff)
open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)

[  442.615551][ T6665]     116817788928-93825002663935: 0000000000000000
[  442.622499][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  442.632274][ T6665]     93825002803200-140548063096831: 0000000000000000
01:47:17 executing program 0:
r0 = syz_open_dev$rtc(&(0x7f0000000340), 0x0, 0x0)
ioctl$RTC_ALM_READ(r0, 0x4008700e, 0x0)

01:47:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)

[  442.659938][ T6665]     140548063096832-140548063100927: ffff888022f0e540
01:47:17 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  442.709556][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  442.786550][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  442.793537][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  442.844284][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
01:47:17 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae03, 0x3)

01:47:17 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0})

[  442.891796][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  442.951840][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  442.977466][   T27] audit: type=1800 audit(1673401637.788:66): pid=7766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1167 res=0 errno=0
[  442.998301][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
01:47:17 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSLCKTRMIOS(r0, 0x80045432, &(0x7f0000000040))

[  443.092281][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  443.108151][ T7769] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value
[  443.133544][   T27] audit: type=1804 audit(1673401637.868:67): pid=7769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/144/bus" dev="sda1" ino=1167 res=1 errno=0
[  443.290224][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  443.313342][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  443.364098][ T6665]     140548085284864-140548085288959: 0000000000000000
[  443.392065][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  443.402120][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  443.409612][ T6665]     140548085690368-140548085710847: 0000000000000000
[  443.416999][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  443.424113][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  443.482899][ T6665]     140548097556480-140548097601535: 0000000000000000
[  443.490156][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  443.497570][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  443.504644][ T6665]     140548097736704-140735437164543: 0000000000000000
[  443.511766][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  443.519012][ T6665]     140735437299712-140735437316095: 0000000000000000
[  443.526090][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  443.533772][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  443.541410][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  443.549009][ T6665] Pass: 9766049 Run:9766170
[  443.553624][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  443.563458][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  443.573538][ T6665] Call Trace:
[  443.576843][ T6665]  <TASK>
[  443.579804][ T6665]  dump_stack_lvl+0xd1/0x138
[  443.584446][ T6665]  mt_find.cold+0x8b/0x90
[  443.588828][ T6665]  ? mas_find+0x1d0/0x1d0
[  443.593206][ T6665]  find_vma+0x10c/0x1b0
[  443.597392][ T6665]  ? can_vma_merge_before+0x390/0x390
[  443.602804][ T6665]  ? walk_page_test+0x78/0x180
[  443.607614][ T6665]  walk_page_range+0x2b1/0x4a0
[  443.612429][ T6665]  ? __walk_page_range+0x780/0x780
[  443.617604][ T6665]  mlock_fixup+0x650/0x810
[  443.622090][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  443.627344][ T6665]  ? mlock_fixup+0x810/0x810
[  443.631995][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  443.637936][ T6665]  do_mlock+0x25a/0x6d0
[  443.642144][ T6665]  ? folio_evictable+0x270/0x270
[  443.647147][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  443.653086][ T6665]  __x64_sys_mlock+0x59/0x80
[  443.657702][ T6665]  do_syscall_64+0x39/0xb0
[  443.662149][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  443.668065][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  443.672490][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  443.692112][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  443.700541][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  443.708523][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  443.716505][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  443.724485][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  443.732466][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  443.740468][ T6665]  </TASK>
[  444.007078][ T6665] index not increased! 20ffb000 <= 20ffb000
[  444.019762][ T6665] BUG at mt_find:6473 (1)
[  444.028636][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  444.037222][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  444.074343][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  444.126198][ T6665]     0-536866815: 0000000000000000
[  444.138356][ T6665]     536866816-536870911: ffff888022f0e0e0
[  444.151107][ T6665]     536870912-553627647: ffff888022f0e1c0
[  444.162978][ T6665]     553627648-553635839: 0000000000000000
[  444.175792][ T6665]     553635840-553627647: ffff8880272dc9a0
[  444.191967][ T6665]     553627648-553644031: ffff8880272dc8c0
[  444.206472][ T6665]     553644032-553648127: ffff88807e16c7e0
[  444.216946][ T6665]     553648128-553652223: ffff888022f0e2a0
[  444.229150][ T6665]     553652224-116813594623: 0000000000000000
[  444.239887][ T6665]     116813594624-116817788927: ffff888022f0e380
[  444.250937][ T6665]     116817788928-93825002663935: 0000000000000000
[  444.262194][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  444.274691][ T6665]     93825002803200-140548063096831: 0000000000000000
[  444.287310][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  444.300036][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  444.413121][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  444.426955][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  444.440705][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  444.454547][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  444.468313][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  444.483637][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  444.496378][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  444.510154][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  444.522873][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  444.536660][ T6665]     140548085284864-140548085288959: 0000000000000000
[  444.548177][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  444.558239][ T7774] loop3: detected capacity change from 0 to 32768
[  444.564774][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  444.573806][ T6665]     140548085690368-140548085710847: 0000000000000000
[  444.581605][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  444.592257][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  444.643164][ T7774] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  444.653207][ T7774] BTRFS info (device loop3): force clearing of disk cache
[  444.672959][ T7774] BTRFS info (device loop3): setting nodatasum
[  444.679454][ T7774] BTRFS info (device loop3): allowing degraded mounts
[  444.686264][ T7774] BTRFS info (device loop3): enabling disk space caching
[  444.691238][ T6665]     140548097556480-140548097601535: 0000000000000000
[  444.693744][ T7774] BTRFS info (device loop3): disk space caching is enabled
[  444.712418][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  444.719896][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  444.727126][ T6665]     140548097736704-140735437164543: 0000000000000000
[  444.734103][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  444.741464][ T6665]     140735437299712-140735437316095: 0000000000000000
[  444.748895][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  444.752820][ T7774] BTRFS info (device loop3): enabling ssd optimizations
[  444.755854][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  444.755886][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  444.778171][ T7774] BTRFS info (device loop3): auto enabling async discard
[  444.780434][ T6665] Pass: 9772710 Run:9772832
[  444.786202][ T7774] BTRFS info (device loop3): clearing free space tree
[  444.795975][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  444.797059][ T7774] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  444.806263][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  444.806282][ T6665] Call Trace:
[  444.806291][ T6665]  <TASK>
[  444.806303][ T6665]  dump_stack_lvl+0xd1/0x138
[  444.806349][ T6665]  mt_find.cold+0x8b/0x90
[  444.818184][ T7774] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  444.826002][ T6665]  ? mas_find+0x1d0/0x1d0
[  444.826057][ T6665]  find_vma+0x10c/0x1b0
[  444.834709][ T7774] BTRFS info (device loop3): checking UUID tree
[  444.836812][ T6665]  ? can_vma_merge_before+0x390/0x390
[  444.836859][ T6665]  ? walk_page_test+0x78/0x180
[  444.836899][ T6665]  walk_page_range+0x2b1/0x4a0
[  444.880894][ T6665]  ? __walk_page_range+0x780/0x780
[  444.886014][ T6665]  mlock_fixup+0x650/0x810
[  444.890446][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  444.895646][ T6665]  ? mlock_fixup+0x810/0x810
[  444.900245][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  444.906144][ T6665]  do_mlock+0x25a/0x6d0
[  444.910322][ T6665]  ? folio_evictable+0x270/0x270
[  444.915309][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  444.921229][ T6665]  __x64_sys_mlock+0x59/0x80
[  444.925813][ T6665]  do_syscall_64+0x39/0xb0
[  444.930234][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  444.936126][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  444.940546][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  444.960147][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  444.968555][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  444.976519][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  444.984484][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  444.992444][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  445.000420][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  445.008420][ T6665]  </TASK>
[  445.086658][ T6665] index not increased! 20ffb000 <= 20ffb000
[  445.092600][ T6665] BUG at mt_find:6473 (1)
[  445.116371][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  445.136442][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  445.226411][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  445.326613][ T6665]     0-536866815: 0000000000000000
[  445.335287][ T6665]     536866816-536870911: ffff888022f0e0e0
[  445.348124][ T6665]     536870912-553627647: ffff888022f0e1c0
[  445.359872][ T6665]     553627648-553635839: 0000000000000000
[  445.372547][ T6665]     553635840-553627647: ffff8880272dc9a0
[  445.385271][ T6665]     553627648-553644031: ffff8880272dc8c0
[  445.398087][ T6665]     553644032-553648127: ffff88807e16c7e0
[  445.410887][ T6665]     553648128-553652223: ffff888022f0e2a0
[  445.422551][ T6665]     553652224-116813594623: 0000000000000000
[  445.466578][ T6665]     116813594624-116817788927: ffff888022f0e380
[  445.473470][ T6665]     116817788928-93825002663935: 0000000000000000
[  445.496410][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  445.503225][ T6665]     93825002803200-140548063096831: 0000000000000000
01:47:20 executing program 3:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0)

01:47:20 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0xfffffd5d)

01:47:20 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0})

01:47:20 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup(r0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/48, 0x30}, 0x0)

01:47:20 executing program 5:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f00000002c0), &(0x7f0000000440)=0x88)

01:47:20 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000140), 0x8)

[  445.520450][ T6665]     140548063096832-140548063100927: ffff888022f0e540
01:47:20 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f00000000c0)={0x10, 0x2}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0xffffffffffffffd3, 0x2}, 0x10)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0)

[  445.554698][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
01:47:20 executing program 0:
syz_emit_ethernet(0x66, &(0x7f0000000240)={@local, @random="369adf19300e", @val, {@ipv6}}, 0x0)

01:47:20 executing program 2:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c}, 0x1c)
r1 = dup2(r0, r0)
connect$inet6(r1, &(0x7f0000000080)={0x1c, 0x1c, 0x1}, 0x1c)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x25, &(0x7f0000000280)={0x1, [<r3=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x13, &(0x7f0000000100)={r3}, 0x8)

[  445.635373][ T7806] binder: BINDER_SET_CONTEXT_MGR already set
[  445.651225][ T7806] binder: 7797:7806 ioctl 4018620d 20000000 returned -16
01:47:20 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0})

01:47:20 executing program 0:
bpf$OBJ_GET_MAP(0x7, &(0x7f0000001c80)={&(0x7f0000001c40)='./file0\x00'}, 0x10)

01:47:20 executing program 0:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002880)={<r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000000), 0x10, &(0x7f00000002c0)=[{&(0x7f0000000080)='b', 0x1}], 0x1, &(0x7f0000000300)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @multicast1}}}], 0x20}, 0x1)

[  445.859369][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  445.930325][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  446.011832][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  446.051408][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  446.087144][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  446.105688][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  446.123552][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  446.133170][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  446.140728][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  446.226551][ T6665]     140548085284864-140548085288959: 0000000000000000
[  446.233551][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  446.256402][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  446.263380][ T6665]     140548085690368-140548085710847: 0000000000000000
[  446.273283][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  446.282906][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  446.396719][ T6665]     140548097556480-140548097601535: 0000000000000000
[  446.403716][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  446.426784][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  446.433772][ T6665]     140548097736704-140735437164543: 0000000000000000
[  446.456426][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  446.463463][ T6665]     140735437299712-140735437316095: 0000000000000000
[  446.477803][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  446.484785][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  446.492388][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  446.501666][ T6665] Pass: 9821635 Run:9821758
[  446.506199][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  446.516032][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  446.526111][ T6665] Call Trace:
[  446.529415][ T6665]  <TASK>
[  446.532370][ T6665]  dump_stack_lvl+0xd1/0x138
[  446.537013][ T6665]  mt_find.cold+0x8b/0x90
[  446.541398][ T6665]  ? mas_find+0x1d0/0x1d0
[  446.545780][ T6665]  find_vma+0x10c/0x1b0
[  446.549975][ T6665]  ? can_vma_merge_before+0x390/0x390
[  446.555394][ T6665]  ? walk_page_test+0x78/0x180
[  446.560204][ T6665]  walk_page_range+0x2b1/0x4a0
[  446.564997][ T6665]  ? __walk_page_range+0x780/0x780
[  446.570148][ T6665]  mlock_fixup+0x650/0x810
[  446.574606][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  446.579838][ T6665]  ? mlock_fixup+0x810/0x810
[  446.584470][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  446.590395][ T6665]  do_mlock+0x25a/0x6d0
[  446.594589][ T6665]  ? folio_evictable+0x270/0x270
[  446.599568][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  446.605487][ T6665]  __x64_sys_mlock+0x59/0x80
[  446.610102][ T6665]  do_syscall_64+0x39/0xb0
[  446.614556][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  446.620475][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  446.624902][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  446.644536][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  446.652976][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  446.660969][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  446.669001][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  446.676988][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  446.684999][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  446.693000][ T6665]  </TASK>
[  446.700943][ T6665] index not increased! 20ffb000 <= 20ffb000
[  446.707007][ T6665] BUG at mt_find:6473 (1)
[  446.711461][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  446.720359][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  446.759007][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  446.811509][ T6665]     0-536866815: 0000000000000000
[  446.816907][ T6665]     536866816-536870911: ffff888022f0e0e0
[  446.822921][ T6665]     536870912-553627647: ffff888022f0e1c0
[  446.829001][ T6665]     553627648-553635839: 0000000000000000
[  446.835025][ T6665]     553635840-553627647: ffff8880272dc9a0
[  446.841122][ T6665]     553627648-553644031: ffff8880272dc8c0
[  446.847207][ T6665]     553644032-553648127: ffff88807e16c7e0
[  446.853221][ T6665]     553648128-553652223: ffff888022f0e2a0
[  446.859272][ T6665]     553652224-116813594623: 0000000000000000
[  446.867650][ T6665]     116813594624-116817788927: ffff888022f0e380
[  446.874192][ T6665]     116817788928-93825002663935: 0000000000000000
[  446.880995][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  446.887946][ T6665]     93825002803200-140548063096831: 0000000000000000
[  446.894919][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  446.902039][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  446.960567][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  446.969661][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  446.976792][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  446.983882][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  446.991019][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  446.998172][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  447.005234][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  447.012365][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  447.019488][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  447.026604][ T6665]     140548085284864-140548085288959: 0000000000000000
[  447.033667][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  447.040820][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  447.047989][ T6665]     140548085690368-140548085710847: 0000000000000000
[  447.055073][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  447.062234][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  447.067669][ T7825] loop3: detected capacity change from 0 to 32768
[  447.126649][ T6665]     140548097556480-140548097601535: 0000000000000000
[  447.133956][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  447.136744][ T7825] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  447.143794][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  447.157349][ T6665]     140548097736704-140735437164543: 0000000000000000
[  447.159374][ T7825] BTRFS info (device loop3): force clearing of disk cache
[  447.164299][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  447.164330][ T6665]     140735437299712-140735437316095: 0000000000000000
[  447.180765][ T7825] BTRFS info (device loop3): setting nodatasum
[  447.186619][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  447.186652][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  447.186680][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  447.186709][ T6665] Pass: 9826357 Run:9826481
[  447.186725][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  447.186757][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  447.200993][ T7825] BTRFS info (device loop3): allowing degraded mounts
[  447.206721][ T6665] Call Trace:
[  447.206732][ T6665]  <TASK>
[  447.206743][ T6665]  dump_stack_lvl+0xd1/0x138
[  447.214304][ T7825] BTRFS info (device loop3): enabling disk space caching
[  447.218600][ T6665]  mt_find.cold+0x8b/0x90
[  447.218647][ T6665]  ? mas_find+0x1d0/0x1d0
[  447.230204][ T7825] BTRFS info (device loop3): disk space caching is enabled
[  447.238495][ T6665]  find_vma+0x10c/0x1b0
[  447.238532][ T6665]  ? can_vma_merge_before+0x390/0x390
[  447.238567][ T6665]  ? walk_page_test+0x78/0x180
[  447.238609][ T6665]  walk_page_range+0x2b1/0x4a0
[  447.238651][ T6665]  ? __walk_page_range+0x780/0x780
[  447.238713][ T6665]  mlock_fixup+0x650/0x810
[  447.238769][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  447.238817][ T6665]  ? mlock_fixup+0x810/0x810
[  447.238876][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  447.238922][ T6665]  do_mlock+0x25a/0x6d0
[  447.238967][ T6665]  ? folio_evictable+0x270/0x270
[  447.275636][ T7825] BTRFS info (device loop3): enabling ssd optimizations
[  447.279366][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  447.279414][ T6665]  __x64_sys_mlock+0x59/0x80
[  447.283593][ T7825] BTRFS info (device loop3): auto enabling async discard
[  447.288887][ T6665]  do_syscall_64+0x39/0xb0
[  447.288932][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  447.288967][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  447.288991][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  447.289019][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  447.289049][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  447.289069][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  447.289089][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  447.289109][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  447.289128][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  447.289169][ T6665]  </TASK>
[  447.309103][ T6665] index not increased! 20ffb000 <= 20ffb000
[  447.327545][ T7825] BTRFS info (device loop3): clearing free space tree
[  447.328960][ T6665] BUG at mt_find:6473 (1)
[  447.333606][ T7825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  447.340776][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  447.348070][ T7825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  447.358884][ T6665] 0-18446744073709551615: 
[  447.368573][ T7825] BTRFS info (device loop3): checking UUID tree
[  447.381826][ T6665] node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  447.569275][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  447.675289][ T6665]     0-536866815: 0000000000000000
[  447.686414][ T6665]     536866816-536870911: ffff888022f0e0e0
[  447.699052][ T6665]     536870912-553627647: ffff888022f0e1c0
[  447.705009][ T6665]     553627648-553635839: 0000000000000000
[  447.721022][ T6665]     553635840-553627647: ffff8880272dc9a0
[  447.733323][ T6665]     553627648-553644031: ffff8880272dc8c0
[  447.756086][ T6665]     553644032-553648127: ffff88807e16c7e0
[  447.762518][ T6665]     553648128-553652223: ffff888022f0e2a0
01:47:22 executing program 5:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd, 0xd, 0x2, [@datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], '['}]}}, &(0x7f0000000140)=""/197, 0x2a, 0xc5, 0x1}, 0x20)

01:47:22 executing program 4:
openat$tun(0xffffffffffffff9c, 0x0, 0x442902, 0x0)

01:47:22 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:47:22 executing program 2:
bpf$PROG_LOAD(0x4, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x93)

01:47:22 executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={0x0, &(0x7f0000000540)=""/189, 0x0, 0xbd, 0x3f}, 0x20)

[  447.778655][ T6665]     553652224-116813594623: 0000000000000000
01:47:22 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x1300, 0x6, 0x0, 0x1}, 0x48)

01:47:22 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x19, 0x4, 0x4, 0x2}, 0x48)

01:47:22 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:47:22 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "7f8f93c565cf3339b5cd2971e4569289"})

01:47:22 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0x4b47, 0x0)

01:47:22 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r0, 0x4008af22, &(0x7f0000000280))

[  447.847298][ T6665]     116813594624-116817788927: ffff888022f0e380
[  447.870044][ T6665]     116817788928-93825002663935: 0000000000000000
01:47:22 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x9, 0x2, &(0x7f0000000000)=@raw=[@map_idx], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[  447.922231][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  447.930875][ T6665]     93825002803200-140548063096831: 0000000000000000
[  447.968278][ T6665]     140548063096832-140548063100927: ffff888022f0e540
01:47:22 executing program 0:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0})

01:47:22 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup2(r2, r0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r3 = dup(r0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

01:47:22 executing program 2:
ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0)
syz_open_dev$evdev(&(0x7f0000001040), 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x1, 0x5, {0x9, 0x21, 0x1, 0x70, 0x1, {0x22, 0xebe}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0x40}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0xb6, 0x0, 0x3}}]}}}]}}]}}, &(0x7f0000001700)={0xa, &(0x7f00000012c0)={0xa, 0x6, 0x201, 0x6, 0x1, 0x0, 0x10, 0xa3}, 0x3a, &(0x7f0000001300)={0x5, 0xf, 0x3a, 0x3, [@wireless={0xb, 0x10, 0x1, 0xe, 0x8, 0x65, 0x6, 0x8001, 0x1}, @generic={0x16, 0x10, 0xa, "fbc12d4d2925746182f184113a1f4f0c035f8c"}, @ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0xea, 0xf0f, 0x0, [0x0, 0xff00]}]}, 0x6, [{0x4, &(0x7f0000001380)=@lang_id={0x4, 0x3, 0xc09}}, {0x4, &(0x7f0000001440)=@lang_id={0x4, 0x3, 0x6ebad91a2dde650d}}, {0x0, 0x0}, {0xa9, &(0x7f0000001580)=@string={0xa9, 0x3, "c36fc75a1a6d38aa17d3f2aee058da363ad0025ca1a980efdffe1f26f4c3e55c301cef4416acf186065e8dc0abee8f2619db9531804237ad03ae8471cb1b50112d2e3f788703596e9a290bb1909757a96397d7fd2968902620dee8a015a6869dfcdab27055b3523ba4bee7bb49e5c2bc96e0bd409a56c4035e27ec5f8b65ed981f73eec534744fe80eb30f8784f5755649ca9a1820d8d330f53437c94d77bf59d8709c07bcb63e"}}, {0x4, &(0x7f0000001640)=@lang_id={0x4, 0x3, 0x843}}, {0x2f, &(0x7f0000001680)=@string={0x2f, 0x3, "a193c1f1fc4e44a3ae2fa6d8ca5cfdbd3a5bd0fe170a5e15faabf3397d26d74d138312fef87092991ad69a4d30"}}]})

[  448.015705][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
01:47:22 executing program 4:
syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x2, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x5, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x40}}}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x4, &(0x7f0000001400)=@lang_id={0x4, 0x3, 0x2c01}}, {0x0, 0x0}]})

01:47:23 executing program 1:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})

[  448.280174][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  448.306004][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  448.326578][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
01:47:23 executing program 5:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001380)=@lang_id={0x4}}, {0x4, &(0x7f0000001440)=@lang_id={0x4}}]})

[  448.351023][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  448.370148][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  448.381015][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  448.411809][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  448.444978][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  448.452730][ T7658] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  448.460358][ T2554] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  448.469586][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  448.477625][ T6665]     140548085284864-140548085288959: 0000000000000000
[  448.485201][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  448.493014][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  448.502906][ T6665]     140548085690368-140548085710847: 0000000000000000
[  448.513523][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  448.523209][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  448.527493][ T6515] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  448.627561][ T6665]     140548097556480-140548097601535: 0000000000000000
[  448.634865][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  448.644192][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  448.646622][ T5169] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  448.651639][ T6665]     140548097736704-140735437164543: 0000000000000000
[  448.669250][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  448.676236][ T6665]     140735437299712-140735437316095: 0000000000000000
[  448.694344][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  448.703032][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  448.716492][ T7658] usb 1-1: Using ep0 maxpacket: 16
[  448.721924][ T2554] usb 5-1: Using ep0 maxpacket: 16
[  448.722733][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  448.735874][ T6665] Pass: 9855403 Run:9855528
[  448.740945][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  448.746523][ T5194] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  448.750761][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  448.750780][ T6665] Call Trace:
[  448.750790][ T6665]  <TASK>
[  448.750802][ T6665]  dump_stack_lvl+0xd1/0x138
[  448.750848][ T6665]  mt_find.cold+0x8b/0x90
[  448.783520][ T6665]  ? mas_find+0x1d0/0x1d0
[  448.787905][ T6665]  find_vma+0x10c/0x1b0
[  448.792090][ T6665]  ? can_vma_merge_before+0x390/0x390
[  448.797508][ T6665]  ? walk_page_test+0x78/0x180
[  448.802317][ T6665]  walk_page_range+0x2b1/0x4a0
[  448.807132][ T6665]  ? __walk_page_range+0x780/0x780
[  448.812311][ T6665]  mlock_fixup+0x650/0x810
[  448.816796][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  448.822045][ T6665]  ? mlock_fixup+0x810/0x810
[  448.826706][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  448.832656][ T6665]  do_mlock+0x25a/0x6d0
[  448.836871][ T6665]  ? folio_evictable+0x270/0x270
[  448.841877][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  448.847821][ T6665]  __x64_sys_mlock+0x59/0x80
[  448.852443][ T6665]  do_syscall_64+0x39/0xb0
[  448.856906][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  448.862836][ T6665] RIP: 0033:0x7fd3e6a8c0c9
01:47:23 executing program 3:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001380)=@lang_id={0x4}}, {0xc, &(0x7f0000001480)=@string={0xc, 0x3, "5e07b817fcd517daaca8"}}]})

[  448.867289][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  448.886939][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  448.895393][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  448.903394][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  448.911399][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  448.919402][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  448.927402][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  448.935428][ T6665]  </TASK>
[  448.943478][ T6665] index not increased! 20ffb000 <= 20ffb000
[  448.949516][ T6665] BUG at mt_find:6473 (1)
[  448.953868][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  448.962410][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  448.999469][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  449.049394][ T6665]     0-536866815: 0000000000000000
[  449.054819][ T6665]     536866816-536870911: ffff888022f0e0e0
[  449.071202][ T6665]     536870912-553627647: ffff888022f0e1c0
[  449.077316][ T6665]     553627648-553635839: 0000000000000000
[  449.083251][ T6665]     553635840-553627647: ffff8880272dc9a0
[  449.086715][ T7658] usb 1-1: unable to get BOS descriptor or descriptor too short
[  449.090606][ T6665]     553627648-553644031: 
[  449.097044][ T2554] usb 5-1: unable to get BOS descriptor or descriptor too short
[  449.097052][ T6515] usb 2-1: Using ep0 maxpacket: 16
[  449.097149][ T5169] usb 3-1: Using ep0 maxpacket: 16
[  449.112122][ T6665] ffff8880272dc8c0
[  449.124466][ T5194] usb 6-1: Using ep0 maxpacket: 16
[  449.129945][ T6665]     553644032-553648127: ffff88807e16c7e0
[  449.135869][ T6665]     553648128-553652223: ffff888022f0e2a0
[  449.142261][ T6665]     553652224-116813594623: 0000000000000000
[  449.149133][ T6665]     116813594624-116817788927: ffff888022f0e380
[  449.155594][ T6665]     116817788928-93825002663935: 0000000000000000
[  449.162520][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  449.174012][ T6665]     93825002803200-140548063096831: 0000000000000000
[  449.182859][ T2554] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  449.195847][ T7658] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  449.206431][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  449.207030][ T7658] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  449.216579][ T6515] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  449.223936][ T6954] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  449.244869][ T7658] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  449.246164][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  449.333591][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  449.341046][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  449.346673][ T5194] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  449.351054][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  449.366801][ T5169] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 182, changing to 11
[  449.369226][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  449.387580][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  449.394644][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  449.402161][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  449.409720][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  449.417250][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  449.424957][ T6665]     140548085284864-140548085288959: 0000000000000000
[  449.432050][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  449.452696][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  449.460951][ T6665]     140548085690368-140548085710847: 0000000000000000
[  449.473083][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  449.481272][ T7658] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  449.496058][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  449.536457][ T6515] usb 2-1: string descriptor 0 read error: -22
[  449.547017][ T7658] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.560300][ T2554] usb 5-1: string descriptor 0 read error: -22
[  449.566594][ T6954] usb 4-1: Using ep0 maxpacket: 16
[  449.571836][ T7658] usb 1-1: Product: syz
[  449.576019][ T7658] usb 1-1: Manufacturer: syz
[  449.581279][ T2554] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  449.590752][ T7658] usb 1-1: SerialNumber: syz
[  449.592833][ T6515] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  449.596110][ T2554] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.604852][ T6515] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.638995][ T6665]     140548097556480-140548097601535: 0000000000000000
[  449.649684][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  449.657329][ T5194] usb 6-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  449.673208][ T5194] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.679174][ T6515] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  449.684232][ T2554] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[  449.698664][ T6954] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  449.718283][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  449.725276][ T6665]     140548097736704-140735437164543: 0000000000000000
[  449.737602][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  449.738859][ T5194] usb 6-1: Product: syz
[  449.751829][ T6665]     140735437299712-140735437316095: 0000000000000000
[  449.757368][ T5194] usb 6-1: SerialNumber: syz
[  449.759848][ T5169] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  449.773471][ T5169] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.779906][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  449.782112][ T5169] usb 3-1: Manufacturer: �
[  449.793622][ T5169] usb 3-1: SerialNumber: 濃嫇洚꨸팗껲壠㛚퀺専ꦡﻟ☟�峥ᰰ䓯갖蛱帆��㆕䊀괷긃熄ᯋ�⸭砿·湙⦚넋�꥗�﷗栩�ꃨꘕ鶆炲�㭒뺤믧볂䂽嚚τ�忬斋飭猟엮��댎�噵쩉ᢚビ㓵줷�妿烘ޜ뚼
[  449.796956][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  449.835120][ T5194] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[  449.845778][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  449.879548][ T6665] Pass: 9856244 Run:9856370
[  449.887658][ T5194] usb 5-1: USB disconnect, device number 4
[  449.894929][ T6515] usb 2-1: USB disconnect, device number 2
[  449.897155][ T7658] usbhid 1-1:1.0: can't add hid device: -22
[  449.915925][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  449.925836][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  449.935910][ T6665] Call Trace:
[  449.939198][ T6665]  <TASK>
[  449.942139][ T6665]  dump_stack_lvl+0xd1/0x138
[  449.946771][ T6665]  mt_find.cold+0x8b/0x90
[  449.951134][ T6665]  ? mas_find+0x1d0/0x1d0
[  449.955470][ T6665]  find_vma+0x10c/0x1b0
[  449.959635][ T6665]  ? can_vma_merge_before+0x390/0x390
[  449.965047][ T6665]  ? walk_page_test+0x78/0x180
[  449.969856][ T6665]  walk_page_range+0x2b1/0x4a0
[  449.974651][ T6665]  ? __walk_page_range+0x780/0x780
[  449.979808][ T6665]  mlock_fixup+0x650/0x810
[  449.984263][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  449.989496][ T6665]  ? mlock_fixup+0x810/0x810
[  449.994130][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  450.000060][ T6665]  do_mlock+0x25a/0x6d0
[  450.004251][ T6665]  ? folio_evictable+0x270/0x270
[  450.009226][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  450.015146][ T6665]  __x64_sys_mlock+0x59/0x80
[  450.019750][ T6665]  do_syscall_64+0x39/0xb0
[  450.024200][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  450.030113][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  450.034538][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  450.054174][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  450.062614][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  450.070599][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  450.078596][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  450.086591][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  450.094572][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  450.102583][ T6665]  </TASK>
[  450.110964][ T7658] usbhid: probe of 1-1:1.0 failed with error -22
[  450.116496][ T6665] index not increased! 20ffb000 <= 20ffb000
[  450.117863][ T6954] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  450.123178][ T6665] BUG at mt_find:6473 (1)
[  450.123197][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  450.123228][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001
[  450.134430][ T7658] usb 1-1: USB disconnect, device number 2
[  450.170798][ T6954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.179374][ T6954] usb 4-1: Product: syz
[  450.184039][ T6954] usb 4-1: Manufacturer: ݞី헼ꢬ
[  450.189569][ T6954] usb 4-1: SerialNumber: syz
[  450.204910][ T6665]  contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  450.211281][ T5174] usb 6-1: USB disconnect, device number 4
[  450.250161][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  450.303334][ T6954] usbhid 4-1:1.0: couldn't find an input interrupt endpoint
[  450.317499][ T6665]     0-536866815: 0000000000000000
[  450.331335][ T6665]     536866816-536870911: ffff888022f0e0e0
[  450.344898][ T6665]     536870912-553627647: ffff888022f0e1c0
[  450.351358][ T5169] usbhid 3-1:1.0: can't add hid device: -71
[  450.351653][ T6665]     553627648-553635839: 
[  450.357366][ T5169] usbhid: probe of 3-1:1.0 failed with error -71
[  450.364579][ T5169] usb 3-1: USB disconnect, device number 4
[  450.381555][ T6665] 0000000000000000
[  450.385590][ T6665]     553635840-553627647: ffff8880272dc9a0
[  450.392590][ T6665]     553627648-553644031: ffff8880272dc8c0
[  450.399049][ T6665]     553644032-553648127: ffff88807e16c7e0
[  450.405134][ T6665]     553648128-553652223: ffff888022f0e2a0
[  450.412373][ T6665]     553652224-116813594623: 0000000000000000
[  450.419254][ T6665]     116813594624-116817788927: ffff888022f0e380
[  450.425850][ T6665]     116817788928-93825002663935: 0000000000000000
[  450.432793][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  450.439925][ T6665]     93825002803200-140548063096831: 0000000000000000
[  450.451355][ T6665]     140548063096832-140548063100927: ffff888022f0e540
01:47:25 executing program 4:
syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0)

[  450.458844][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  450.521066][ T7658] usb 4-1: USB disconnect, device number 2
[  450.528203][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  450.539436][ T6665]     140548071489536-140548073586687: ffff888022f0e700
01:47:25 executing program 0:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0})

01:47:25 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)=@newlinkprop={0x50, 0x6c, 0x601, 0x0, 0x0, {}, [@IFLA_LINKMODE={0x5}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'batadv_slave_0\x00'}]}, 0x50}}, 0x0)

[  450.565297][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  450.581074][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
01:47:25 executing program 1:
r0 = socket(0x1, 0x2, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

01:47:25 executing program 2:
syz_emit_ethernet(0xcc1, &(0x7f0000001140)={@empty, @broadcast, @val={@void}, {@ipv4={0x800, @igmp={{0x4, 0x4, 0x0, 0x0, 0xcaf, 0x0, 0x0, 0x0, 0x2, 0x0, @multicast2, @local}, {0x0, 0x0, 0x0, @loopback, "8617f98400ed878332c762879259e225640120e480634770c18fa48f9b1ac5221e39bdd201c359c41eb647a44815ab4464e0df21f4a8d36bb93ae9824841b1f32ccf319a686b0f8d41fa2fcb7c9f6516f8a6dc53eb73bce7b1e15253886a17cb0fbf8f64158ca557e8a548ed68f4ae27b542208055fe3bb90a5b1a777481ec2abb68034110d697f1c691fee45de78e6fa43a261227186517ccad87425329566c684fdc44561fb767e351584aa429a442e74377a99ae75e6d206a614af75720fa81d6f07659980e989f173175ae36f182db1915092484715af9b7514ecf718ae24c51fd852b41d768b27734dae971d9d3b3bb27b392e6540509483e03f75478dbde6210b814c76f4afa7c090c19ba2bb6fb2d6d24c37de2525860cc1d2dbeca0f9a8549c4c3baecb0b370078db1c9d895000ade47c5c33070768e96edd4bc874bb3bbde1417e621a1cb0827b28d9940341c3456c772981396ca47de8f7817b728cb401284a3178a441e36b9d612396bbd16d0a139093ee53a45bb98150639e0b77d21a9c10788270eb6ba07daf283d183a897d3095eff9cdf071686ca51d53cae0e3fe6ef7642d7a4f4413bdcce6585aa42cc4d20737ea33e3048757a1ac497307b2f15e512e64ddf27bfb7874b8ec7adcac2d0704ca555c83c02bc46739aebc1a26db19396269d9250f61c7b5b1373a953bafb4271559578fe716de583d572d83f476bbd027f4032b18c44f21316b3d9a8121f133d76808013835e358c6c5b777fe8e2038f150cdfe054d245e47ddada73f1b6f1c07574f402ac9d0da3f9c97d11f864059dda55a1743b5e72457f881d50aa9fbbe5c37cb5a0f3daf38bf15dc74c16b956b4f91c455d2dcf70e95a3d1c2aeb2492e7ea884cd3c3c655f0d85b89f6d4a2a2fc630303f18d60e02ab27e45985c439e69daf4e1489f3c501ca476fe53d9323b746e8cdeda37e1026ab7ec3455ea92d163322a89854694c446e531956ad13063ac19d68ce47835de6fc8ec4c739baf6be44d9f573b41372c0938b98315ce04e047e4971c5a3ae61a2e020a8ffcc880d9acfb3d6a3fd7386fa5b17fdcf930fe516128bc79ca56bc120f27175a1cb6f005a461ed609d12d73c49341134af988879ab4b0f1f9845f80c6c7dee369194f20688016f059632a2a2b76e5f262b7177e13397de276c3687877e7dcc7d3838acf7ecf2e05fe9b33f55c6bd5b66806162b382540e7732a9fff4aeb7a859f4b93a7cd3974c75a5294afd2fb369d8a273afe74dd49b3cbcdb51771ec86d5b93d51c68662dd37a91887a349db1fe310176715a848b7bc0e96f52c9ea5dd89232a9a0a4d487045726b9c6591a22e0b875686f35e9ee7749bf3f1ca7fdb1a248650b0a3aa291531c477c8e3c184f80696e1c5db6f40c5b5612431c2ab0dbbb611ae9d762e0e3c49e32e10538ef6ab118cee2b8f61b83a031ab7bb306d42b5bc1a8475072cf0567edc140d1d6d7a657938a319c03ecf2411420559a23ca11e1dbf68009d51f01134b21548b6ca7573f91a44228882d2593bffcb2adfdb52a18b3e026b3e836c810dd98da1c0a5cf1550bc4a4f6ae772c2491eb2ea5526c79960379a0749f2a02d421fa90df8b60092e2742d7bdca92df762cc9786f2e7a098eddca5864705dc1c99de859e8f470e7467f54f8dbb942bcce47b5effac0b425cf4edca032561e01411bb3c363ddbb472425a8ec00559ef1cd6184f629afb3583e0aa499fb5620713a4a0d85940d80593a981c08ae069da59544a9a85db8ee969518c5b1bac691e8eda4f54e9338cf26d90f3b4c254cd16cc29fd614e36ff0dc9f060360b41c29460d2578403ffaec06c0c693d9aafd8ba6914b65f71e409fc3f3cb2f399c80518b4a7c555881a35b8394f7aafa6150bab61d6e86086eb96fb1e63b59241cd4846a8fd397342253af340611e3de771410f341da3454ec2b31744c71c2b5a99b10648cc2a4c26aef877dae469b01191feb39226d67f39d4b094f40bfbc34dd45cc01e40d5f6c1b269dda2fb94e413a98083ce935d46fe167723c657fb700efc7ab221bb8faf445c07d0f8c50af3e54b5aa2c7873c5b2b8119563a118dee369d3edea66728bcef359631d30e17e5381482bbbadf6265efdb2d6edb4ce6e39701533712026cd24ddfa6aedc8978f360c3f510ca8d61347177d96a8b90cb9dbf1f9d3d5c3e8589c6efe91d094146e73959d0ba08fcc6594e83dab8e4e26d29e144d8fdec2d9c8f33336901f2c61e78cf0908cade25cbf7282327f16e5afe0815d41337f55504f8b415e2420cab41e121b3858249c3b4f4b3bf77e0bf6af583451471a77e0031a052ac4d18807d6a25eb9968d5178ad173ee535016859a4c6a4d73820fe8443c1f26044a348e0e502e4bc0a6b60c1e0c00c6ad051b68d0fe001297060191a810ff0793d59c8482923aeaf66f3d0b407e6a047b13a141205f024de7eb87f4e7204a43e181bc38be3ef9cadfbb3641730ebfafd6e62f1fafb39e3c4df09f45995500f536d9a1c6d08c649f2b2d102b8d516c7e4911f3a3ca437c18d2b4093285b9a7725d3c5bacd61f8b93190eaa03747de824b2256d0db38ae69cab50f45eb9c52f9a16896e6276b2e81a5b1f324236b8125ac22cc2638f213a25381787951d8aa53ab5258582620fc05cd2eadf61e2b6533fa313ac327ce15d32e447e654a147c8f4527fd3fd18a880331dcedabc346fa3946ca88c55336103fde0a21d7cdce0699e241b99560039f27f591ee3e6d0b4c30accff68a843a091fb94075fb335815e260190557c771ee58163a64a2f34ed6fc1caab1a5390adfcd49bfca809358ca5190cf2ee85aae070944c9b7daecb565a1f048675c834718cde17afc9771769c06219b4891ab483c737bcd1cf22a2e053177c5aaff9c2409b6109ed5edbbb3ca5b8862a1ab8aece38c773757b806ed0e5289ba3767d3ac45628c1f7a5113c316d2dbaf3f87b1598c30b1f571bc3c11fb4fac77564bb595a49f96d922134bf0905f1f171095bdc72920e1a58e21506520c2d141fa1164dffcedffa10471df77c8d3318c02cfd79641aa703ae40e32afa864ccf1b64b66a4289c51c1bab0848c3a2e6fd7e9b4263bc300d06ab804338d4188cb61579e444085fd682910448ebd968e8ed0f0c13ea34c25571265113683a351d9df25fb0620a53fa031b244a50e5301c1ee33b97bdc689963d610432eaa97b0879137878d2153de4265c83c1eaea8c6e594914841862cd5d84ddabd78318307d77251d6a18c4a66e4dbe63674391f7e6fd08df229c0d2b81c036f89f4a253120dc276b3b17a10c10a2fb7a52b0a924d6ba47ec24ac248f35d3f839281ffbd14403da03a82eb3c5110bbe9ca528d204ebd4794c3547cde975168dbdbe961b774f13f514c39f589b64b2138b67cebdc459597fbc7735d982e7eea413cb9befa14f5885cdd0886000b607f7fcfab85a94acd63d7deb79525cd4e45e6dd1b06b1e6513cfd21a73ade168148e409dcdee0ecda24ba7ebf4046532c161f2f6ff4f091bfc994178f53767b69d677af26b312e879d71ff7868f24d71b8edc768aa0479acb49b387ef8b1c46a485aede1134447af14026988b2d49486f31a336486ade5495dc1e15824ba5e6164e480d168e13e321dcca19478fe461a0497eda844b363b292175c7fc098e1c77e78402e2bef3e3e13cabd162b884548bc209a45b91ac8395d300020a6390296d5ad7f4081e06dfaf89cf4b83bf5eb71e2cae13f957be9713674731e85d32ef362755968eb4bd40d692ebdb381d8100eea3da3fa48b3d6500cdfecf73b9bf254df83b55ffd090d5c3350f0e3694b6b201d13cbce1a6d556c223ae8d735b34bca6715831ceac65d1fd61d1bbe9d15abfbb0f69346ffca0b12dd5361f5dbb2e46f43187fea637c7221dc2986caed1fee7b54ee4aa5fcf18ded92f23859bae2c7598d63e6002c5ceb671b4fed9c3b38cecb15c89e26c52bd10dc49df6bd9102ab171807532f3def86d25869d5db9ce70fcf87b607f91b9e0edc246d8d139edcf8592528d23e8d84cf82a5ddaf1a465a2f2f3882ab2ad7a6e7a7419c438f3b596c6b954ff275203579217271b418937386976471850258c25dd51005f70d7cd2543930463234d18d62e68a15a70f1ba154ef3a5b14a38e2c6ca024d469c5549df8c2fa549064a37d8a90a7f8f4992bbac1d64d08bbc54bde4d113636f92f973e5c66eea9c8e4902f4929d57e7020952f38625824d4293862057104fae0bb07388a5e1f4c6e61f4b423648299ca97cf5e9ac30366d41bda04bbdaa7a9fa0f2aedd5e67351d8f300819e541b10eda1bc17c7bba7fb45a67b3ab20f26fd6a513a1c90d35956566c04c3f983496c79eab1f6456c890afe526e46fb836b99e2cb12f4ad9d2702b8632a3a259c5e13d5e605ec4eb136fc818c330731841dde4ca7dc0ab4678a1673ce6f1f460bb9ab14f653cfe06f75d8a47923058ed6e363d9d8c2e1e4eb7bf552edf396f46ba1c1aa700bc2fc68c11dee86e8454ff4fdd69567a80d68d35"}}}}}, 0x0)

01:47:25 executing program 4:
syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0)

[  450.634569][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  450.681523][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
01:47:25 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @mcast1}})

01:47:25 executing program 2:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)

01:47:25 executing program 4:
syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0)

[  450.722575][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  450.759927][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
01:47:25 executing program 2:
syz_open_dev$loop(&(0x7f0000000940), 0x0, 0x4001)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

[  450.789689][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
01:47:25 executing program 5:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x18, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

[  450.831868][ T6665]     140548085284864-140548085288959: 0000000000000000
[  450.856822][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  450.876716][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  450.892638][ T6665]     140548085690368-140548085710847: 0000000000000000
[  450.905430][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  450.906482][ T6954] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  450.916606][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  450.978878][ T6665]     140548097556480-140548097601535: 0000000000000000
[  450.996607][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  451.003597][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  451.010779][ T6665]     140548097736704-140735437164543: 0000000000000000
[  451.018484][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  451.025470][ T6665]     140735437299712-140735437316095: 0000000000000000
01:47:25 executing program 5:
openat$zero(0xffffffffffffff9c, &(0x7f0000001ac0), 0x0, 0x0)

01:47:25 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000300), 0x4)

[  451.037735][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  451.044828][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  451.078853][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  451.104489][ T6665] Pass: 9862083 Run:9862210
[  451.112598][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  451.122447][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  451.132526][ T6665] Call Trace:
[  451.135832][ T6665]  <TASK>
[  451.138788][ T6665]  dump_stack_lvl+0xd1/0x138
[  451.143418][ T6665]  mt_find.cold+0x8b/0x90
[  451.147784][ T6665]  ? mas_find+0x1d0/0x1d0
[  451.152157][ T6665]  find_vma+0x10c/0x1b0
[  451.156332][ T6665]  ? can_vma_merge_before+0x390/0x390
[  451.161729][ T6665]  ? walk_page_test+0x78/0x180
[  451.166531][ T6665]  walk_page_range+0x2b1/0x4a0
[  451.171330][ T6665]  ? __walk_page_range+0x780/0x780
[  451.176488][ T6665]  mlock_fixup+0x650/0x810
[  451.180953][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  451.186187][ T6665]  ? mlock_fixup+0x810/0x810
[  451.190818][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  451.196740][ T6665]  do_mlock+0x25a/0x6d0
[  451.200947][ T6665]  ? folio_evictable+0x270/0x270
[  451.205939][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  451.211863][ T6665]  __x64_sys_mlock+0x59/0x80
[  451.216468][ T6665]  do_syscall_64+0x39/0xb0
[  451.220918][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  451.226831][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  451.231268][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  451.250894][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  451.259323][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  451.267302][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  451.275284][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  451.283266][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  451.291243][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  451.299245][ T6665]  </TASK>
[  451.323510][ T6665] index not increased! 20ffb000 <= 20ffb000
[  451.346478][ T6954] usb 1-1: Using ep0 maxpacket: 16
[  451.365443][ T6665] BUG at mt_find:6473 (1)
[  451.373199][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  451.384603][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  451.434782][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  451.485595][ T6665]     0-536866815: 0000000000000000
[  451.491612][ T6665]     536866816-536870911: ffff888022f0e0e0
[  451.497893][ T6665]     536870912-553627647: ffff888022f0e1c0
[  451.503876][ T6665]     553627648-553635839: 0000000000000000
[  451.510185][ T6665]     553635840-553627647: ffff8880272dc9a0
[  451.516160][ T6665]     553627648-553644031: ffff8880272dc8c0
[  451.522397][ T6665]     553644032-553648127: ffff88807e16c7e0
[  451.528457][ T6665]     553648128-553652223: ffff888022f0e2a0
[  451.534482][ T6665]     553652224-116813594623: 0000000000000000
[  451.542000][ T6665]     116813594624-116817788927: ffff888022f0e380
[  451.549299][ T6665]     116817788928-93825002663935: 0000000000000000
[  451.555977][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  451.562902][ T6665]     93825002803200-140548063096831: 0000000000000000
[  451.569955][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  451.577904][ T6954] usb 1-1: unable to get BOS descriptor or descriptor too short
[  451.581919][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  451.640978][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  451.648072][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  451.655051][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  451.664903][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  451.671966][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  451.680684][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  451.688383][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  451.695448][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  451.702840][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  451.710115][ T6954] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  451.721157][ T6954] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  451.722655][ T6665]     140548085284864-140548085288959: 
[  451.731292][ T6954] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  451.733533][ T6665] 0000000000000000
[  451.753643][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  451.761072][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  451.769102][ T6665]     140548085690368-140548085710847: 0000000000000000
[  451.778216][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  451.785204][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  451.835195][ T6665]     140548097556480-140548097601535: 0000000000000000
[  451.843421][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  451.850481][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  451.857548][ T6665]     140548097736704-140735437164543: 0000000000000000
[  451.864526][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  451.871578][ T6665]     140735437299712-140735437316095: 0000000000000000
[  451.880584][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  451.890608][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  451.898196][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  451.905649][ T6665] Pass: 9862119 Run:9862247
[  451.910831][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  451.920671][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  451.930733][ T6665] Call Trace:
[  451.934002][ T6665]  <TASK>
[  451.936938][ T6665]  dump_stack_lvl+0xd1/0x138
[  451.941580][ T6665]  mt_find.cold+0x8b/0x90
[  451.945942][ T6665]  ? mas_find+0x1d0/0x1d0
[  451.950275][ T6665]  find_vma+0x10c/0x1b0
[  451.954425][ T6665]  ? can_vma_merge_before+0x390/0x390
[  451.959809][ T6665]  ? walk_page_test+0x78/0x180
[  451.964598][ T6665]  walk_page_range+0x2b1/0x4a0
[  451.969363][ T6665]  ? __walk_page_range+0x780/0x780
[  451.974482][ T6665]  mlock_fixup+0x650/0x810
[  451.978928][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  451.984177][ T6665]  ? mlock_fixup+0x810/0x810
[  451.988830][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  451.994753][ T6665]  do_mlock+0x25a/0x6d0
[  451.998932][ T6665]  ? folio_evictable+0x270/0x270
[  452.003925][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  452.009851][ T6665]  __x64_sys_mlock+0x59/0x80
[  452.014432][ T6665]  do_syscall_64+0x39/0xb0
[  452.018864][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  452.024781][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  452.029189][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  452.048789][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  452.057208][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  452.065193][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  452.073161][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  452.081138][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  452.089123][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  452.097124][ T6665]  </TASK>
[  452.107194][ T6665] index not increased! 20ffb000 <= 20ffb000
[  452.113169][ T6665] BUG at mt_find:6473 (1)
[  452.118113][ T6954] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  452.121396][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  452.127642][ T6954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.135688][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 
[  452.143938][ T6954] usb 1-1: Product: syz
[  452.152513][ T6665] 93708184875008 
[  452.154908][ T6954] usb 1-1: Manufacturer: syz
[  452.160099][ T6665] 20480 
[  452.163083][ T6954] usb 1-1: SerialNumber: syz
[  452.174975][ T6665] 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  452.203058][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  452.252891][ T6665]     0-536866815: 0000000000000000
[  452.258560][ T6665]     536866816-536870911: ffff888022f0e0e0
[  452.264589][ T6665]     536870912-553627647: ffff888022f0e1c0
[  452.270700][ T6665]     553627648-553635839: 0000000000000000
[  452.276750][ T6665]     553635840-553627647: ffff8880272dc9a0
[  452.282723][ T6665]     553627648-553644031: ffff8880272dc8c0
[  452.289894][ T6665]     553644032-553648127: ffff88807e16c7e0
[  452.295874][ T6665]     553648128-553652223: ffff888022f0e2a0
[  452.301889][ T6665]     553652224-116813594623: 0000000000000000
[  452.308164][ T6665]     116813594624-116817788927: ffff888022f0e380
[  452.314628][ T6665]     116817788928-93825002663935: 0000000000000000
[  452.321554][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  452.328471][ T6665]     93825002803200-140548063096831: 0000000000000000
[  452.335406][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  452.342458][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  452.401708][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  452.409425][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  452.416578][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  452.423641][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  452.430770][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  452.437887][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  452.444873][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  452.451973][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  452.459025][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  452.466010][ T6665]     140548085284864-140548085288959: 0000000000000000
[  452.473129][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  452.484928][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  452.492036][ T6665]     140548085690368-140548085710847: 0000000000000000
[  452.499754][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  452.506685][ T6954] usbhid 1-1:1.0: can't add hid device: -22
[  452.509478][ T6665]   140548097556480-18446744073709551615: 
[  452.512670][ T6954] usbhid: probe of 1-1:1.0 failed with error -22
[  452.512707][ T6665] node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  452.537982][ T6954] usb 1-1: USB disconnect, device number 3
[  452.589503][ T6665]     140548097556480-140548097601535: 0000000000000000
[  452.600130][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  452.607333][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  452.614319][ T6665]     140548097736704-140735437164543: 0000000000000000
[  452.622239][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  452.629445][ T6665]     140735437299712-140735437316095: 0000000000000000
[  452.636542][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  452.643513][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  452.650559][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  452.658101][ T6665] Pass: 9862145 Run:9862274
[  452.662665][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  452.672464][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  452.682515][ T6665] Call Trace:
[  452.685787][ T6665]  <TASK>
[  452.688709][ T6665]  dump_stack_lvl+0xd1/0x138
[  452.693303][ T6665]  mt_find.cold+0x8b/0x90
[  452.697649][ T6665]  ? mas_find+0x1d0/0x1d0
[  452.702012][ T6665]  find_vma+0x10c/0x1b0
[  452.706164][ T6665]  ? can_vma_merge_before+0x390/0x390
[  452.711533][ T6665]  ? walk_page_test+0x78/0x180
[  452.716295][ T6665]  walk_page_range+0x2b1/0x4a0
[  452.721105][ T6665]  ? __walk_page_range+0x780/0x780
[  452.726280][ T6665]  mlock_fixup+0x650/0x810
[  452.730752][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  452.736013][ T6665]  ? mlock_fixup+0x810/0x810
[  452.740612][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  452.746512][ T6665]  do_mlock+0x25a/0x6d0
[  452.750672][ T6665]  ? folio_evictable+0x270/0x270
[  452.755621][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  452.761517][ T6665]  __x64_sys_mlock+0x59/0x80
[  452.766100][ T6665]  do_syscall_64+0x39/0xb0
[  452.770533][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  452.776455][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  452.780863][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  452.800477][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  452.808925][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  452.816921][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  452.824930][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  452.832918][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  452.840882][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  452.848857][ T6665]  </TASK>
[  452.856135][ T6665] index not increased! 20ffb000 <= 20ffb000
[  452.862215][ T6665] BUG at mt_find:6473 (1)
[  452.866702][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  452.875242][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  452.913432][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  452.965372][ T6665]     0-536866815: 0000000000000000
[  452.970761][ T6665]     536866816-536870911: ffff888022f0e0e0
[  452.976852][ T6665]     536870912-553627647: ffff888022f0e1c0
[  452.982825][ T6665]     553627648-553635839: 0000000000000000
[  452.988868][ T6665]     553635840-553627647: ffff8880272dc9a0
01:47:27 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000980)='/proc/bus/input/handlers\x00', 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

01:47:27 executing program 4:
syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0)

01:47:27 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x42, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

01:47:27 executing program 3:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001380)=@lang_id={0x4}}, {0xc, &(0x7f0000001480)=@string={0xc, 0x3, "5e07b817fcd517daaca8"}}]})

01:47:27 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8929, &(0x7f0000000080)={'ip6gre0\x00', 0x0})

01:47:27 executing program 5:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x46, 0x0, 0x0)

[  452.994852][ T6665]     553627648-553644031: ffff8880272dc8c0
[  453.000914][ T6665]     553644032-553648127: ffff88807e16c7e0
[  453.008106][ T6665]     553648128-553652223: ffff888022f0e2a0
[  453.014225][ T6665]     553652224-116813594623: 0000000000000000
01:47:27 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x6, 0x6c4, &(0x7f0000000000)={@empty}, 0x20)

01:47:27 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8930, &(0x7f0000000080)={'ip6gre0\x00', 0x0})

01:47:27 executing program 2:
syz_clone3(&(0x7f0000003380)={0x0, &(0x7f0000002300), &(0x7f0000002280), &(0x7f00000022c0), {}, &(0x7f0000002240)=""/51, 0x33, &(0x7f0000003480)=""/4096, &(0x7f0000003340)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0x8}, 0x48)

[  453.055704][ T6665]     116813594624-116817788927: ffff888022f0e380
[  453.088061][ T6665]     116817788928-93825002663935: 0000000000000000
01:47:27 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x6, 0x7, &(0x7f0000000000)={@empty}, 0x20)

01:47:27 executing program 5:
r0 = socket(0x1, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(sha384-arm64,ecb-camellia-aesni-avx2)\x00'}, 0x58)

01:47:27 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x8, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

01:47:27 executing program 4:
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8923, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x700}})

[  453.124639][ T6665]     93825002663936-93825002803199: ffff888022f0e460
01:47:28 executing program 2:
clock_getres(0x0, &(0x7f00000008c0))

01:47:28 executing program 0:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/block/loop0', 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cgroups\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

[  453.185092][ T6665]     93825002803200-140548063096831: 0000000000000000
[  453.210849][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  453.262884][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  453.326586][ T5169] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  453.327351][ T7938] €: renamed from ip6gre0 (while UP)
[  453.380395][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  453.389593][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  453.396809][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  453.403989][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  453.416855][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  453.425106][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  453.436192][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  453.444601][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  453.452488][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  453.459944][ T6665]     140548085284864-140548085288959: 0000000000000000
[  453.467144][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  453.481675][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  453.492461][ T6665]     140548085690368-140548085710847: 0000000000000000
[  453.521477][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  453.542715][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  453.593078][ T6665]     140548097556480-140548097601535: 0000000000000000
[  453.600788][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  453.608777][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  453.615864][ T6665]     140548097736704-140735437164543: 0000000000000000
[  453.624065][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  453.624513][ T5169] usb 4-1: Using ep0 maxpacket: 16
[  453.631438][ T6665]     140735437299712-140735437316095: 0000000000000000
[  453.643536][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  453.651475][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  453.659514][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  453.667160][ T6665] Pass: 9868404 Run:9868534
[  453.671725][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  453.681536][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  453.691611][ T6665] Call Trace:
[  453.694882][ T6665]  <TASK>
[  453.697820][ T6665]  dump_stack_lvl+0xd1/0x138
[  453.702458][ T6665]  mt_find.cold+0x8b/0x90
[  453.706818][ T6665]  ? mas_find+0x1d0/0x1d0
[  453.711154][ T6665]  find_vma+0x10c/0x1b0
[  453.715305][ T6665]  ? can_vma_merge_before+0x390/0x390
[  453.720693][ T6665]  ? walk_page_test+0x78/0x180
[  453.725508][ T6665]  walk_page_range+0x2b1/0x4a0
[  453.730317][ T6665]  ? __walk_page_range+0x780/0x780
[  453.735474][ T6665]  mlock_fixup+0x650/0x810
[  453.739937][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  453.745172][ T6665]  ? mlock_fixup+0x810/0x810
[  453.749805][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  453.755731][ T6665]  do_mlock+0x25a/0x6d0
[  453.759923][ T6665]  ? folio_evictable+0x270/0x270
[  453.764906][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  453.770840][ T6665]  __x64_sys_mlock+0x59/0x80
[  453.775453][ T6665]  do_syscall_64+0x39/0xb0
[  453.779901][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  453.785816][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  453.790251][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  453.809871][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  453.818302][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  453.826285][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  453.834271][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  453.842256][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  453.850243][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  453.858255][ T6665]  </TASK>
[  453.865643][ T5169] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  453.879270][ T6665] index not increased! 20ffb000 <= 20ffb000
[  453.885227][ T6665] BUG at mt_find:6473 (1)
[  453.889703][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  453.898379][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  453.936498][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  453.985867][ T6665]     0-536866815: 0000000000000000
[  453.991822][ T6665]     536866816-536870911: ffff888022f0e0e0
[  453.998322][ T6665]     536870912-553627647: ffff888022f0e1c0
[  454.004310][ T6665]     553627648-553635839: 0000000000000000
[  454.010634][ T6665]     553635840-553627647: ffff8880272dc9a0
[  454.016964][ T6665]     553627648-553644031: ffff8880272dc8c0
[  454.022952][ T6665]     553644032-553648127: ffff88807e16c7e0
[  454.031039][ T6665]     553648128-553652223: ffff888022f0e2a0
[  454.037181][ T6665]     553652224-116813594623: 0000000000000000
[  454.043369][ T6665]     116813594624-116817788927: ffff888022f0e380
[  454.050033][ T6665]     116817788928-93825002663935: 0000000000000000
[  454.056745][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  454.063542][ T6665]     93825002803200-140548063096831: 0000000000000000
[  454.070449][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  454.076551][ T5169] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40
[  454.077474][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  454.091318][ T5169] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.143820][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  454.159954][ T5169] usb 4-1: Product: syz
[  454.160723][ T6665]     140548071489536-140548073586687: 
[  454.164405][ T5169] usb 4-1: Manufacturer: ݞី헼ꢬ
[  454.164429][ T5169] usb 4-1: SerialNumber: syz
[  454.170394][ T6665] ffff888022f0e700
[  454.184723][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  454.191839][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  454.198970][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  454.205983][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  454.213036][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  454.220191][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  454.227313][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  454.228813][ T5169] usbhid 4-1:1.0: couldn't find an input interrupt endpoint
[  454.235181][ T6665]     140548085284864-140548085288959: 0000000000000000
[  454.235213][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  454.235242][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  454.235270][ T6665]     140548085690368-140548085710847: 0000000000000000
[  454.235297][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  454.235326][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  454.331903][ T6665]     140548097556480-140548097601535: 0000000000000000
[  454.340110][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  454.347175][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  454.354144][ T6665]     140548097736704-140735437164543: 0000000000000000
[  454.361715][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  454.368758][ T6665]     140735437299712-140735437316095: 0000000000000000
[  454.375721][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  454.382705][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  454.389748][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  454.397350][ T6665] Pass: 9868404 Run:9868535
[  454.401880][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  454.411701][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  454.421749][ T6665] Call Trace:
[  454.425018][ T6665]  <TASK>
[  454.427939][ T6665]  dump_stack_lvl+0xd1/0x138
[  454.432538][ T6665]  mt_find.cold+0x8b/0x90
[  454.436872][ T6665]  ? mas_find+0x1d0/0x1d0
[  454.441211][ T6665]  find_vma+0x10c/0x1b0
[  454.445365][ T6665]  ? can_vma_merge_before+0x390/0x390
[  454.450739][ T6665]  ? walk_page_test+0x78/0x180
[  454.455504][ T6665]  walk_page_range+0x2b1/0x4a0
[  454.460285][ T6665]  ? __walk_page_range+0x780/0x780
[  454.465443][ T6665]  mlock_fixup+0x650/0x810
[  454.469905][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  454.475147][ T6665]  ? mlock_fixup+0x810/0x810
[  454.479780][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  454.485709][ T6665]  do_mlock+0x25a/0x6d0
[  454.489902][ T6665]  ? folio_evictable+0x270/0x270
[  454.494886][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  454.500809][ T6665]  __x64_sys_mlock+0x59/0x80
[  454.505415][ T6665]  do_syscall_64+0x39/0xb0
[  454.509866][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  454.515782][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  454.520211][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  454.539843][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  454.548279][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  454.556262][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  454.564249][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  454.572232][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.580214][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  454.588215][ T6665]  </TASK>
[  454.605406][ T6665] index not increased! 20ffb000 <= 20ffb000
[  454.611547][ T6665] BUG at mt_find:6473 (1)
[  454.615978][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  454.624952][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  454.636893][ T6508] usb 4-1: USB disconnect, device number 3
[  454.664508][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  454.722824][ T6665]     0-536866815: 0000000000000000
[  454.728432][ T6665]     536866816-536870911: ffff888022f0e0e0
[  454.734478][ T6665]     536870912-553627647: ffff888022f0e1c0
[  454.740914][ T6665]     553627648-553635839: 0000000000000000
[  454.748126][ T6665]     553635840-553627647: ffff8880272dc9a0
[  454.754166][ T6665]     553627648-553644031: ffff8880272dc8c0
[  454.760573][ T6665]     553644032-553648127: ffff88807e16c7e0
[  454.766931][ T6665]     553648128-553652223: ffff888022f0e2a0
[  454.772904][ T6665]     553652224-116813594623: 0000000000000000
[  454.779375][ T6665]     116813594624-116817788927: ffff888022f0e380
[  454.785886][ T6665]     116817788928-93825002663935: 0000000000000000
[  454.792895][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  454.800491][ T6665]     93825002803200-140548063096831: 0000000000000000
[  454.807741][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  454.814716][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  454.871138][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  454.878423][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  454.885404][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  454.893302][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  454.900451][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  454.907751][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  454.914735][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  454.921931][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  454.929179][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  454.936160][ T6665]     140548085284864-140548085288959: 0000000000000000
[  454.943616][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  454.951613][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  454.959407][ T6665]     140548085690368-140548085710847: 0000000000000000
[  454.966591][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  454.983036][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  455.033176][ T6665]     140548097556480-140548097601535: 0000000000000000
[  455.040967][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  455.048462][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  455.058064][ T6665]     140548097736704-140735437164543: 0000000000000000
[  455.065146][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  455.072585][ T6665]     140735437299712-140735437316095: 0000000000000000
[  455.079932][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  455.088975][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  455.096095][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  455.104116][ T6665] Pass: 9868431 Run:9868563
[  455.108959][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  455.118801][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  455.128883][ T6665] Call Trace:
[  455.132171][ T6665]  <TASK>
[  455.135100][ T6665]  dump_stack_lvl+0xd1/0x138
[  455.139712][ T6665]  mt_find.cold+0x8b/0x90
[  455.144076][ T6665]  ? mas_find+0x1d0/0x1d0
[  455.148438][ T6665]  find_vma+0x10c/0x1b0
[  455.152620][ T6665]  ? can_vma_merge_before+0x390/0x390
[  455.158012][ T6665]  ? walk_page_test+0x78/0x180
[  455.162826][ T6665]  walk_page_range+0x2b1/0x4a0
[  455.167641][ T6665]  ? __walk_page_range+0x780/0x780
[  455.172795][ T6665]  mlock_fixup+0x650/0x810
[  455.177238][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  455.182483][ T6665]  ? mlock_fixup+0x810/0x810
[  455.187118][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  455.193046][ T6665]  do_mlock+0x25a/0x6d0
[  455.197239][ T6665]  ? folio_evictable+0x270/0x270
[  455.202293][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  455.208231][ T6665]  __x64_sys_mlock+0x59/0x80
[  455.212849][ T6665]  do_syscall_64+0x39/0xb0
[  455.217305][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  455.223227][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  455.227666][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  455.247296][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  455.255733][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  455.263721][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  455.271713][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  455.279701][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  455.287688][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  455.295693][ T6665]  </TASK>
[  455.303280][ T6665] index not increased! 20ffb000 <= 20ffb000
01:47:30 executing program 3:
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0}, 0x38)

01:47:30 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x2b, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

01:47:30 executing program 5:
r0 = syz_open_dev$vcsu(&(0x7f0000000540), 0x0, 0x2)
write$cgroup_pressure(r0, &(0x7f0000000580)={'some'}, 0x124000)

01:47:30 executing program 2:
syz_emit_ethernet(0x36, &(0x7f0000000280)={@link_local, @random="1acd46740547", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, '`tK', 0x0, 0x0, 0x0, @dev, @remote}}}}, 0x0)

01:47:30 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x1600bd81, 0x0, 0x0)

01:47:30 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000040), 0x4)

[  455.309353][ T6665] BUG at mt_find:6473 (1)
[  455.313800][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  455.322326][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
01:47:30 executing program 4:
r0 = socket(0x1, 0x5, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x89e0, 0x0)

01:47:30 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0x6ce, 0x0, &(0x7f0000000040))

01:47:30 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000001640), 0x4)

01:47:30 executing program 2:
capset(&(0x7f0000001000)={0x0, 0xffffffffffffffff}, 0x0)

01:47:30 executing program 4:
syz_emit_ethernet(0x6c, &(0x7f0000000100)={@remote, @random="56b266dd56d7", @val={@void}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x2f, 0x0, @multicast2, @private}, {{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x6}}}}}}}}, 0x0)

01:47:30 executing program 5:
r0 = syz_open_dev$vcsu(&(0x7f0000000540), 0x0, 0x141002)
read$FUSE(r0, 0x0, 0x0)

[  455.426464][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
01:47:30 executing program 3:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$FUSE_GETXATTR(r0, 0x0, 0x0)

01:47:30 executing program 2:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/seq/clients\x00', 0x0, 0x0)

01:47:30 executing program 1:
socketpair(0x10, 0x2, 0x6, &(0x7f0000000080))

01:47:30 executing program 0:
syz_emit_ethernet(0x6a, &(0x7f0000000100)={@remote, @random="56b266dd56d7", @val={@void}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @multicast2, @private}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}}}}}, 0x0)

[  455.555751][ T6665]     0-536866815: 0000000000000000
01:47:30 executing program 4:
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x0, 0x64010, r0, 0x0)

01:47:30 executing program 3:
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x0, 0x13, r0, 0x0)

01:47:30 executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x1, 0x0, 0x0, 0xc}]}}, &(0x7f0000000340)=""/176, 0x26, 0xb0, 0x1}, 0x20)

[  455.606551][ T6665]     536866816-536870911: ffff888022f0e0e0
[  455.645004][ T6665]     536870912-553627647: ffff888022f0e1c0
01:47:30 executing program 1:
r0 = socket$igmp(0x2, 0x3, 0x2)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @private=0xa010100}, 0x10)

01:47:30 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000007c0)={'ip6gre0\x00', 0x0})

01:47:30 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x11, 0x40, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

[  455.661283][ T6665]     553627648-553635839: 0000000000000000
01:47:30 executing program 3:
r0 = socket$inet6(0xa, 0x3, 0x2)
getsockopt$inet6_int(r0, 0x29, 0x40, 0x0, &(0x7f0000000040))

01:47:30 executing program 5:
setreuid(0x0, 0xee00)
syz_open_procfs$namespace(0x0, &(0x7f0000003d40)='ns/cgroup\x00')

01:47:30 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x890b, 0x0)

01:47:30 executing program 1:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x301, 0xffffffffffffffff)

[  455.736653][ T6665]     553635840-553627647: ffff8880272dc9a0
01:47:30 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x2404c081, &(0x7f0000000140)={0xa, 0x0, 0x0, @local}, 0x1c)

01:47:30 executing program 4:
openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)

[  455.816452][ T6665]     553627648-553644031: ffff8880272dc8c0
[  455.822419][ T6665]     553644032-553648127: ffff88807e16c7e0
01:47:30 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x33, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

01:47:30 executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000700)=""/4096, 0x1a, 0x1000, 0x1}, 0x20)

01:47:30 executing program 1:
r0 = socket(0x28, 0x5, 0x0)
bind$alg(r0, 0x0, 0x7)

01:47:30 executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x3}]}]}}, &(0x7f0000000340)=""/156, 0x32, 0x9c, 0x1}, 0x20)

01:47:30 executing program 4:
syz_emit_ethernet(0x4e, &(0x7f0000001140)={@empty, @broadcast, @val={@void}, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @multicast2, @local}, {0x0, 0x0, 0x0, @loopback, "8617f98400ed878332c762879259e225640120e480634770c18fa48f9b1ac522"}}}}}, 0x0)

[  455.869822][ T6665]     553648128-553652223: ffff888022f0e2a0
01:47:30 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040))

01:47:30 executing program 3:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$FUSE_GETXATTR(r0, &(0x7f0000000080)={0x18}, 0x18)

01:47:30 executing program 5:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x11}]}}, &(0x7f0000000340)=""/156, 0x26, 0x9c, 0x1}, 0x20)

01:47:30 executing program 2:
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x700}})

01:47:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0x7, 0x0, [{}]}]}}, &(0x7f0000000340)=""/156, 0x2e, 0x9c, 0x1}, 0x20)

[  455.938416][ T6665]     553652224-116813594623: 0000000000000000
[  455.971687][ T6665]     116813594624-116817788927: ffff888022f0e380
01:47:30 executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x2)
getsockopt$inet6_int(r0, 0x29, 0x4c, 0x0, &(0x7f0000000040))

01:47:30 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x6, 0x3, &(0x7f0000000000)={@empty}, 0x20)

[  456.016607][ T6665]     116817788928-93825002663935: 0000000000000000
[  456.023259][ T6665]     93825002663936-93825002803199: ffff888022f0e460
01:47:30 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0x15, 0x0, &(0x7f0000000040))

01:47:30 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x43, &(0x7f0000000000)={@empty}, 0x20)

01:47:30 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000440), r1)
sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r2, 0x1}, 0x14}}, 0x0)

01:47:30 executing program 5:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, 0x0, 0x0, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f7")

01:47:30 executing program 1:
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)

01:47:30 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0)
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, 0x0, &(0x7f0000000440), &(0x7f0000000480))
write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af32457721"], 0x59)

[  456.109425][ T6665]     93825002803200-140548063096831: 0000000000000000
01:47:30 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001d40)=ANY=[@ANYBLOB="2400000018000100000000000000000002"], 0x24}}, 0x0)

01:47:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0)
sendfile(r0, r0, 0x0, 0x4)

01:47:31 executing program 4:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")
write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43"], 0x59)

01:47:31 executing program 1:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x11}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x20, 0xb079, 0x1}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={<r4=>0x0, @private, @dev}, &(0x7f0000000280)=0xc)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', r4, 0x10, 0x7800, 0x80000000, 0x9, {{0x2c, 0x4, 0x0, 0x1, 0xb0, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x43}, @multicast1, {[@timestamp={0x44, 0x8, 0xab, 0x0, 0x3, [0x401]}, @timestamp_addr={0x44, 0x1c, 0x5d, 0x1, 0x7, [{@remote}, {@local, 0xfffffff9}, {@local, 0x7}]}, @ssrr={0x89, 0x23, 0x13, [@local, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @end, @rr={0x7, 0x13, 0x86, [@private=0xa010100, @dev={0xac, 0x14, 0x14, 0x42}, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty]}, @generic={0xc, 0xe, "9c49f7bd2331c6a109e599f5"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1f, 0x23, [@rand_addr=0x64010101, @broadcast, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x1b04, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0xf, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1acc, 0x2, [@TCA_CGROUP_EMATCHES={0x4c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x4, 0x8, 0xfff}, {0x4, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x11f, 0x3, 0xbd5a}, {0xe2, 0x1, 0x6, 0x8}}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x5, 0x2, 0x7}, {0x8, 0x2, 0x1, "1109"}}}]}]}, @TCA_CGROUP_ACT={0x414, 0x1, [@m_sample={0x114, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x2}]}, {0xd8, 0x6, "fa5cae7fde4ee747d195f2af1761a0f062fa7aa47c8b099c00726fcaccfb82d4535ce85cbaa59f7388fb37280d7fe20d7693f19b6d024ede8a2c198541b9c0ed2051c890a7fc88fcf25a3b9fb7036145eca64358668c0288ec57ba6cf9706f5bb2820a26b0e22830717219aaa3d4880ae3a54ce92d6d0edc354b9b8d0cdec2d5787a705f36b754bf617614925303cf5455308544e7cc922fb8772cfe1dc5b19a22383173d11153275fe44c9add168c66a4a8f43da0247880edee93a23834ee6f3697c57792dc2ccde0a37a3ef92dd232da5e6718"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ipt={0x12c, 0x17, 0x0, 0x0, {{0x8}, {0x84, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x942}, @TCA_IPT_TARG={0x66, 0x6, {0x101, 'filter\x00', 0x20, 0x1000, "91d2d14f9cecc52d824d7ca88897459820eba95badc4dbd441f572dcf0427dc47de2bc5be32a256c945df10786721c47aca7f3c2369864494eb6d724"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x200}, @TCA_IPT_HOOK={0x8}]}, {0x83, 0x6, "8ce059aa545a3552d091bc11acb93061abe22daf024046be041849201bbe6ffe1083161850054a2b8598246bd7e5efb57d1d9d243e2b4f538509b4334b01de437bc796f15c8e03873aab58e007a0497f42dc735b9083736c6ab4e965ff398ec84733a42f41e0e01ba3027d1372f7c7a289f0d1bfe0eabf5d73c995b7568075"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_csum={0x70, 0x9, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x5, 0x1, 0x7f, 0x6}, 0x79}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x2e892d1c, 0x1, 0x4, 0x5}, 0x52}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x84, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x4}]}, {0x47, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be30103fc793fb3769"}, {0xc}, {0xc, 0x8, {0x0, 0x5}}}}]}, @TCA_CGROUP_ACT={0x12e0, 0x1, [@m_ipt={0x158, 0x10, 0x0, 0x0, {{0x8}, {0x114, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10d, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9dd27"}}]}, {0x1f, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a22a26fa05ef931"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xefc, 0x15, 0x0, 0x0, {{0xa}, {0xea0, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x3, 0x3, 0x96, 0x0, 0xfffff4d3}]}, [{0xd73, 0x2, 0x8, 0x91, 0x8, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x9, 0x0, 0x3, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x7fff, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1, 0x100}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x7f, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x3a5f7058, 0x7fff, 0x80000}, {0x5, 0xcd7f, 0x7, 0xe1, 0x513eb84, 0x5e717d0d}, {0x8, 0x0, 0xde8, 0x0, 0xff28, 0x4}, {0x7, 0xd4, 0x660, 0x5, 0x1, 0x661}, {0x5, 0x101, 0xb8d, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x101, 0xff, 0x9, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0xaec, 0x1f, 0x4, 0x7, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0xd8, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x8000, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9, 0x7a1969b0, 0x40}, {0x1, 0xc6a6, 0x7fffffff, 0x5724a1c9, 0x3f, 0x1}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x2, 0xff, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x3, 0x200, 0x1, 0x680}, {0x7, 0x0, 0x2, 0xcc6, 0x5f, 0xfffffff7}, {0xb50, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x40, 0x8, 0x5}, {0x80, 0x20, 0xffff, 0x5, 0x7}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x80000001, 0x400, 0x1, 0x1}, {0x4, 0x4, 0xd0, 0x6, 0x8, 0x1000}, {0x5, 0x7, 0x47, 0x0, 0x7, 0x482}, {0x9, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x10000, 0x675b, 0x6, 0x1}, {0x101, 0x1, 0x800, 0x100, 0x200, 0xffffffc0}, {0x100, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x6, 0x3ff}, {0x2, 0x1000, 0x6, 0x5, 0x8, 0x3}, {0x1, 0x80620000, 0x9, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x100, 0x251, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x5, 0x4, 0x8001, 0x7fff}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x20, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0xb9, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6, 0x4}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x7496, 0x10000, 0xffffffc0, 0x7fff}, {0x81, 0xd2a0, 0x800, 0x3f, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9, 0x3}, {0x10000, 0x15bb, 0x9, 0xfffffffc, 0x6, 0x5}, {0x1, 0xffffffc0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x2, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401, 0x6}, {0x800, 0x1, 0x6, 0x80000001, 0x2, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x800, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x80000000, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0xe5, 0x80000001, 0x2, 0xffffff0a, 0x5}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8, 0xc000000}, {0x81, 0x0, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x3f, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x2, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0xff, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x401, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x7, 0x1, 0x7}, {0x49, 0x9, 0x0, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20, 0x98}, {0x81, 0x81, 0x7, 0x7, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd, 0x1}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x3ff, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x4, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x1, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x0, 0x6, 0x100, 0x1}, {0x80000001, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x81, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x10df, 0x5}, {0x8, 0x6, 0x6, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x0, 0x8b0f, 0x6, 0x800}, {0x3, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {0x3}, {0x3}, {0xd}, {0x1}, {0x0, 0x1}, {0x2}, {0x3, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x4}, {0x5}, {0x2, 0x1}, {0x5}, {0x6}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x1, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {0x4}, {0x3, 0x2bc8966203855f88}, {0x5}, {0x3, 0x1}, {}, {0x1}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {0x4}, {}, {0x4}, {0x0, 0x1}, {}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x5, 0x1}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {0x5}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x2}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}, {0x3}]}}, @TCA_PEDIT_KEYS_EX={0x4c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}]}]}]}, {0x33, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e7769d6b958becc99c4b5fe8082378f841318b9c4f78134db"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0xb8, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x1000, 0x2, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x50, 0x6, "664895a43cd59acf164a22e3061b8599476e1b7d6f84b72f601d25a760e56d86c85330c394183510935175fa7618da158f45d0ce576bbf5f4d643c8fe204ac635f0c6c2c02b7b1b0785d7051"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x17c, 0x1b, 0x0, 0x0, {{0xc}, {0x5c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0xffff, 0x5, 0x6, 0x5}}]}, {0xf8, 0x6, "6693c4e34853efd571c166717b25fe4ec0ce765c9dbe54cc87b51b75dff67c8013845b8b2ed61d4abd8ee15e30568094e0b8f6a8274f2f25e6117d0e91f1e5401be4ffb50cb5f1825a200ed90eb7f67bc9a98de18e4c5ce2da84a9fda2ef11378cfb6500fc32ce9065d4bc7a064c606853ec3348c8dfc2a73fd54eb9a3e3ca553eb11e099f44972d9e4c91c49d7064ec81efafef501cfe489f0e005eb3a1a90d4e58efb5a8ef92ea86eec8821a8bc6fd5bae501220ed4d61cd5a7baec0d935c0646489bec7e580c2c266599beee2d66f7e319dd3a73fd26cb24866a47372ef8edbc72d890e7788efd34d0f10e3c64c2d06dd9ab5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_CGROUP_POLICE={0xc, 0x2, [@TCA_POLICE_RESULT={0x8, 0x5, 0xea69}]}, @TCA_CGROUP_EMATCHES={0x110, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_LIST={0x54, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x2a1, 0x3, 0xa8}, {0x1, 0x8000, 0x1, 0x5}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x7, 0x1, 0x7fff}, {0x0, 0x4b, 0x7fff, 0x4, 0x7, 0x2, 0x1}}}, @TCF_EM_NBYTE={0x1c, 0x3, 0x0, 0x0, {{0x8, 0x2, 0x200}, {0x3f, 0xa, 0x2, "5489419a5688d74fd1d2"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0xac, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x3, 0x0, 0x0, {{0x6, 0x4, 0x1}, [@TCA_EM_META_LVALUE={0x9, 0x2, [@TCF_META_TYPE_VAR="8feba9620c"]}]}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{}, {{0x0, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x7, 0x8, 0x4}, {0x3, 0x1, 0x2}}}, @TCF_EM_META={0x44, 0x1, 0x0, 0x0, {{0x9, 0x4, 0x4}, [@TCA_EM_META_RVALUE={0x23, 0x3, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="63e9c81e948ab1a3fe26", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="ce", @TCF_META_TYPE_VAR="61d25b", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="ea", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR]}, @TCA_EM_META_LVALUE={0xc, 0x2, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_RVALUE={0x8, 0x3, [@TCF_META_TYPE_INT=0x9]}]}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x9, 0x1, 0x1}, {0x4, 0x2, 0x1ff, 0x0, 0x5, 0x3}}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x3, 0x8, 0xfe8}, {0x2, 0x6, 0x3}}}]}]}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}, @TCA_CGROUP_EMATCHES={0x260, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0x2}, {0x10001, 0x200, 0x3f, 0x7, 0x3, 0x2, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_LIST={0x238, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x38, 0x2, 0x0, 0x0, {{0x8001, 0x9, 0x7}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3f}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3f}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}]}}, @TCF_EM_IPT={0x4c, 0x1, 0x0, 0x0, {{0x0, 0x9, 0xfff}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x5c}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x92, 0x1, 0x6}, {0x20000, 0x10000, 0x100, 0x3, 0x1, 0x0, 0x2}}}, @TCF_EM_IPT={0x40, 0x2, 0x0, 0x0, {{0x1, 0x9, 0x1}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}, @TCA_EM_IPT_NFPROTO={0x5}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x8}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}]}}, @TCF_EM_META={0xa8, 0x1, 0x0, 0x0, {{0x5c, 0x4, 0x527}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0x9, 0x1}, {0x4, 0x0, 0x2}}}, @TCA_EM_META_RVALUE={0x2c, 0x3, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="82e1d68a3d97", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="6bbeaa2e", @TCF_META_TYPE_VAR="797559ad295a9339f0eb"]}, @TCA_EM_META_LVALUE={0x3a, 0x2, [@TCF_META_TYPE_VAR="8a58f523", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="6ac8b75bf2a9ca4c0b42", @TCF_META_TYPE_VAR="df7d9134cd5ebf", @TCF_META_TYPE_VAR="e043f0e9df342345d5", @TCF_META_TYPE_VAR="511edd", @TCF_META_TYPE_VAR="c48114f5", @TCF_META_TYPE_VAR="7842faa7c873ff8769", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x3f, 0x3f, 0x1}, {0x2, 0x3}}}, @TCA_EM_META_RVALUE={0x1c, 0x3, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="8d9a9d", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="1300cb63", @TCF_META_TYPE_VAR='\n', @TCF_META_TYPE_INT=0x8]}]}}, @TCF_EM_META={0xb0, 0x3, 0x0, 0x0, {{0x4, 0x4, 0x4}, [@TCA_EM_META_LVALUE={0x1b, 0x2, [@TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="918918f4ec60eb887c", @TCF_META_TYPE_VAR="bbc6", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x7, 0x7}, {0x2, 0x81, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x3, 0x1}, {0xfffa}}}, @TCA_EM_META_LVALUE={0x2d, 0x2, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_VAR="168394e24931565f9861", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="1b", @TCF_META_TYPE_VAR="84", @TCF_META_TYPE_VAR="dab6361965", @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_RVALUE={0x31, 0x3, [@TCF_META_TYPE_VAR="ecb3ba15dacd14a3", @TCF_META_TYPE_VAR="84913a9dd9", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="115581255316b8547b", @TCF_META_TYPE_VAR="3f01649b420608", @TCF_META_TYPE_VAR="33d94a", @TCF_META_TYPE_VAR='?']}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0xff}, {0x1, 0x0, 0x1}}}]}}]}]}]}}]}, 0x1b04}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)

[  456.225491][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  456.244008][ T8035] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
01:47:31 executing program 0:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, r0)

[  456.295684][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
01:47:31 executing program 0:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

[  456.579052][ T8036] loop3: detected capacity change from 0 to 8192
[  456.586472][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  456.638784][ T8036] syz-executor.3: attempt to access beyond end of device
[  456.638784][ T8036] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192
01:47:31 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0xf)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c00000018ff01"], 0x1c}}, 0x0)

[  456.700932][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  456.767971][ T8036] Buffer I/O error on dev loop3, logical block 64405, async page read
[  456.805206][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
01:47:31 executing program 0:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

01:47:31 executing program 4:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

[  456.851014][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  456.861064][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  456.893875][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  456.916985][ T8036] FAT-fs (loop3): Filesystem has been set read-only
[  456.923781][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.027274][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  457.034284][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  457.067988][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.086455][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.094314][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.219328][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.253722][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  457.261322][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.298478][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.346904][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  457.353900][ T6665]     140548085284864-140548085288959: 0000000000000000
[  457.376646][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.387303][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.406428][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.429936][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  457.433443][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  457.463837][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  457.471238][   T27] audit: type=1800 audit(1673401652.268:68): pid=8036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048605 res=0 errno=0
[  457.524855][ T6665]     140548085690368-140548085710847: 0000000000000000
[  457.534611][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  457.565450][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  457.673130][ T6665]     140548097556480-140548097601535: 0000000000000000
[  457.683329][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  457.709240][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  457.728963][ T6665]     140548097736704-140735437164543: 0000000000000000
[  457.735960][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  457.755755][ T6665]     140735437299712-140735437316095: 0000000000000000
[  457.765571][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  457.816170][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  457.826126][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  457.849069][ T6665] Pass: 9929013 Run:9929146
[  457.867723][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  457.877574][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  457.887660][ T6665] Call Trace:
[  457.890968][ T6665]  <TASK>
[  457.893929][ T6665]  dump_stack_lvl+0xd1/0x138
[  457.898572][ T6665]  mt_find.cold+0x8b/0x90
[  457.902953][ T6665]  ? mas_find+0x1d0/0x1d0
[  457.907354][ T6665]  find_vma+0x10c/0x1b0
[  457.911552][ T6665]  ? can_vma_merge_before+0x390/0x390
[  457.916968][ T6665]  ? walk_page_test+0x78/0x180
[  457.921783][ T6665]  walk_page_range+0x2b1/0x4a0
[  457.926606][ T6665]  ? __walk_page_range+0x780/0x780
[  457.931794][ T6665]  mlock_fixup+0x650/0x810
[  457.936279][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  457.941534][ T6665]  ? mlock_fixup+0x810/0x810
[  457.946194][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  457.952145][ T6665]  do_mlock+0x25a/0x6d0
[  457.956362][ T6665]  ? folio_evictable+0x270/0x270
[  457.961370][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  457.967316][ T6665]  __x64_sys_mlock+0x59/0x80
[  457.971946][ T6665]  do_syscall_64+0x39/0xb0
[  457.976418][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  457.982355][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  457.986805][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  458.006457][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  458.014921][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  458.022928][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  458.030930][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  458.038932][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  458.046935][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  458.054970][ T6665]  </TASK>
[  458.085704][ T6665] index not increased! 20ffb000 <= 20ffb000
[  458.105608][ T6665] BUG at mt_find:6473 (1)
[  458.114478][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  458.135850][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  458.189301][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  458.240496][ T6665]     0-536866815: 0000000000000000
[  458.260763][ T6665]     536866816-536870911: ffff888022f0e0e0
[  458.296471][ T6665]     536870912-553627647: ffff888022f0e1c0
[  458.302519][ T6665]     553627648-553635839: 0000000000000000
[  458.331176][ T6665]     553635840-553627647: ffff8880272dc9a0
[  458.356384][ T6665]     553627648-553644031: ffff8880272dc8c0
[  458.386494][ T6665]     553644032-553648127: ffff88807e16c7e0
[  458.392575][ T6665]     553648128-553652223: ffff888022f0e2a0
[  458.406486][ T6665]     553652224-116813594623: 0000000000000000
[  458.412786][ T6665]     116813594624-116817788927: ffff888022f0e380
[  458.436788][ T6665]     116817788928-93825002663935: 0000000000000000
[  458.456476][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  458.463340][ T6665]     93825002803200-140548063096831: 0000000000000000
[  458.477916][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  458.484907][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  458.676422][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  458.683429][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  458.756354][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  458.763357][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  458.816438][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  458.823439][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  458.876974][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  458.906761][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  458.946439][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  458.953649][ T6665]     140548085284864-140548085288959: 0000000000000000
[  459.046926][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  459.063517][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  459.106516][ T6665]     140548085690368-140548085710847: 0000000000000000
[  459.113677][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  459.138163][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  459.286481][ T6665]     140548097556480-140548097601535: 0000000000000000
[  459.293491][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  459.326403][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  459.333498][ T6665]     140548097736704-140735437164543: 0000000000000000
[  459.376813][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  459.383919][ T6665]     140735437299712-140735437316095: 0000000000000000
[  459.407532][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  459.426478][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  459.446486][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  459.461732][ T6665] Pass: 9943571 Run:9943705
[  459.478026][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  459.487877][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  459.497957][ T6665] Call Trace:
[  459.501257][ T6665]  <TASK>
[  459.504210][ T6665]  dump_stack_lvl+0xd1/0x138
[  459.508850][ T6665]  mt_find.cold+0x8b/0x90
[  459.513227][ T6665]  ? mas_find+0x1d0/0x1d0
[  459.517612][ T6665]  find_vma+0x10c/0x1b0
[  459.521805][ T6665]  ? can_vma_merge_before+0x390/0x390
[  459.527223][ T6665]  ? walk_page_test+0x78/0x180
[  459.532036][ T6665]  walk_page_range+0x2b1/0x4a0
[  459.536844][ T6665]  ? __walk_page_range+0x780/0x780
[  459.542017][ T6665]  mlock_fixup+0x650/0x810
[  459.546493][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  459.551740][ T6665]  ? mlock_fixup+0x810/0x810
[  459.556393][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  459.562327][ T6665]  do_mlock+0x25a/0x6d0
[  459.566526][ T6665]  ? folio_evictable+0x270/0x270
[  459.571506][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  459.577427][ T6665]  __x64_sys_mlock+0x59/0x80
[  459.582035][ T6665]  do_syscall_64+0x39/0xb0
[  459.586485][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  459.592402][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  459.596831][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  459.616453][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  459.624882][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  459.632865][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  459.640846][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  459.648827][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  459.656809][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  459.664813][ T6665]  </TASK>
[  459.685691][ T6665] index not increased! 20ffb000 <= 20ffb000
[  459.734093][ T6665] BUG at mt_find:6473 (1)
[  459.738851][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  459.748070][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  459.796131][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  459.876354][ T6665]     0-536866815: 0000000000000000
[  459.881968][ T6665]     536866816-536870911: ffff888022f0e0e0
[  459.888010][ T6665]     536870912-553627647: ffff888022f0e1c0
[  459.893971][ T6665]     553627648-553635839: 0000000000000000
[  459.902879][ T6665]     553635840-553627647: ffff8880272dc9a0
[  459.909056][ T6665]     553627648-553644031: ffff8880272dc8c0
[  459.915151][ T6665]     553644032-553648127: ffff88807e16c7e0
[  459.921288][ T6665]     553648128-553652223: ffff888022f0e2a0
[  459.927347][ T6665]     553652224-116813594623: 0000000000000000
[  459.933572][ T6665]     116813594624-116817788927: ffff888022f0e380
[  459.940124][ T6665]     116817788928-93825002663935: 0000000000000000
[  459.946813][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  459.953619][ T6665]     93825002803200-140548063096831: 0000000000000000
[  459.960732][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  459.989200][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  460.058936][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  460.065923][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  460.085592][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  460.094081][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  460.111555][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  460.123042][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  460.135656][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  460.152570][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  460.165277][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  460.188157][ T6665]     140548085284864-140548085288959: 0000000000000000
[  460.195142][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  460.212038][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  460.221964][ T6665]     140548085690368-140548085710847: 0000000000000000
[  460.236012][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  460.245882][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  460.311991][ T6665]     140548097556480-140548097601535: 0000000000000000
[  460.323511][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  460.344815][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  460.353304][ T6665]     140548097736704-140735437164543: 0000000000000000
[  460.370173][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  460.385782][ T6665]     140735437299712-140735437316095: 0000000000000000
[  460.409260][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  460.416250][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  460.433363][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  460.442440][ T6665] Pass: 9943573 Run:9943708
[  460.455402][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  460.465249][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  460.475327][ T6665] Call Trace:
[  460.478624][ T6665]  <TASK>
[  460.481576][ T6665]  dump_stack_lvl+0xd1/0x138
[  460.486218][ T6665]  mt_find.cold+0x8b/0x90
[  460.490591][ T6665]  ? mas_find+0x1d0/0x1d0
[  460.494977][ T6665]  find_vma+0x10c/0x1b0
[  460.499163][ T6665]  ? can_vma_merge_before+0x390/0x390
[  460.504574][ T6665]  ? walk_page_test+0x78/0x180
[  460.509384][ T6665]  walk_page_range+0x2b1/0x4a0
[  460.514198][ T6665]  ? __walk_page_range+0x780/0x780
[  460.519374][ T6665]  mlock_fixup+0x650/0x810
[  460.523849][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  460.529100][ T6665]  ? mlock_fixup+0x810/0x810
[  460.533750][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  460.539694][ T6665]  do_mlock+0x25a/0x6d0
[  460.543905][ T6665]  ? folio_evictable+0x270/0x270
[  460.548904][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  460.554850][ T6665]  __x64_sys_mlock+0x59/0x80
[  460.559477][ T6665]  do_syscall_64+0x39/0xb0
[  460.563944][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  460.569875][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  460.574327][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  460.593973][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  460.602426][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  460.610421][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  460.618415][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  460.626412][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  460.634405][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  460.642426][ T6665]  </TASK>
[  460.655103][ T6665] index not increased! 20ffb000 <= 20ffb000
[  460.661111][ T6665] BUG at mt_find:6473 (1)
[  460.665463][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  460.673960][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  460.713132][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  460.770649][ T6665]     0-536866815: 0000000000000000
[  460.775907][ T6665]     536866816-536870911: ffff888022f0e0e0
[  460.788500][ T6665]     536870912-553627647: ffff888022f0e1c0
[  460.794555][ T6665]     553627648-553635839: 0000000000000000
[  460.822212][ T6665]     553635840-553627647: ffff8880272dc9a0
[  460.833644][ T6665]     553627648-553644031: ffff8880272dc8c0
[  460.845292][ T6665]     553644032-553648127: ffff88807e16c7e0
[  460.855504][ T6665]     553648128-553652223: ffff888022f0e2a0
[  460.872064][ T6665]     553652224-116813594623: 0000000000000000
[  460.894635][ T6665]     116813594624-116817788927: ffff888022f0e380
[  460.903909][ T6665]     116817788928-93825002663935: 0000000000000000
[  460.920383][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  460.932948][ T6665]     93825002803200-140548063096831: 0000000000000000
[  460.951949][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  461.001605][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  461.067362][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  461.074358][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  461.091233][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  461.114058][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  461.125901][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  461.143107][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  461.153173][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  461.170467][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  461.183346][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  461.194803][ T6665]     140548085284864-140548085288959: 0000000000000000
[  461.219637][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  461.235891][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  461.244666][ T6665]     140548085690368-140548085710847: 0000000000000000
[  461.261752][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  461.273221][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  461.341373][ T6665]     140548097556480-140548097601535: 0000000000000000
[  461.355670][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  461.376414][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  461.383402][ T6665]     140548097736704-140735437164543: 0000000000000000
[  461.399794][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  461.415425][ T6665]     140735437299712-140735437316095: 0000000000000000
[  461.433184][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  461.462463][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  461.473268][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  461.490913][ T6665] Pass: 9945284 Run:9945420
[  461.495447][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  461.505281][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  461.515358][ T6665] Call Trace:
[  461.518657][ T6665]  <TASK>
[  461.521612][ T6665]  dump_stack_lvl+0xd1/0x138
[  461.526260][ T6665]  mt_find.cold+0x8b/0x90
[  461.530638][ T6665]  ? mas_find+0x1d0/0x1d0
[  461.535029][ T6665]  find_vma+0x10c/0x1b0
[  461.539217][ T6665]  ? can_vma_merge_before+0x390/0x390
[  461.544626][ T6665]  ? walk_page_test+0x78/0x180
[  461.549442][ T6665]  walk_page_range+0x2b1/0x4a0
[  461.554251][ T6665]  ? __walk_page_range+0x780/0x780
[  461.559424][ T6665]  mlock_fixup+0x650/0x810
[  461.563901][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  461.569150][ T6665]  ? mlock_fixup+0x810/0x810
[  461.573803][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  461.579750][ T6665]  do_mlock+0x25a/0x6d0
[  461.583961][ T6665]  ? folio_evictable+0x270/0x270
[  461.588968][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  461.594906][ T6665]  __x64_sys_mlock+0x59/0x80
[  461.599526][ T6665]  do_syscall_64+0x39/0xb0
[  461.603998][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  461.609931][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  461.614374][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  461.634014][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  461.642462][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  461.650460][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  461.658456][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  461.666449][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  461.674442][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  461.682462][ T6665]  </TASK>
[  461.715652][ T6665] index not increased! 20ffb000 <= 20ffb000
[  461.731909][ T6665] BUG at mt_find:6473 (1)
[  461.736270][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  461.754629][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  461.801064][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  461.856644][ T6665]     0-536866815: 0000000000000000
[  461.861897][ T6665]     536866816-536870911: ffff888022f0e0e0
[  461.870430][ T6665]     536870912-553627647: ffff888022f0e1c0
[  461.876715][ T6665]     553627648-553635839: 0000000000000000
[  461.882745][ T6665]     553635840-553627647: ffff8880272dc9a0
[  461.895598][ T6665]     553627648-553644031: ffff8880272dc8c0
[  461.901838][ T6665]     553644032-553648127: ffff88807e16c7e0
[  461.908563][ T6665]     553648128-553652223: ffff888022f0e2a0
01:47:36 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0)

01:47:36 executing program 1:
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup/syz1\x00', 0x200002, 0x0)

01:47:36 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000180201"], 0x2c}}, 0x0)

01:47:36 executing program 0:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

01:47:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0)
sendfile(r0, r0, 0x0, 0x4)

01:47:36 executing program 4:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

[  461.915723][ T6665]     553652224-116813594623: 0000000000000000
[  461.922706][ T6665]     116813594624-116817788927: ffff888022f0e380
[  461.929564][ T6665]     116817788928-93825002663935: 0000000000000000
[  461.936191][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  461.943357][ T6665]     93825002803200-140548063096831: 0000000000000000
01:47:36 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newroute={0x38, 0x18, 0xffffffffffffffff, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @dev}, @RTA_EXPIRES={0x8}]}, 0x38}}, 0x0)

01:47:36 executing program 2:
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)

[  462.051960][ T6665]     140548063096832-140548063100927: ffff888022f0e540
01:47:36 executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x11}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0), 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x2c, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xd, 0x3}, {0xf, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)

[  462.111048][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
01:47:37 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55)
syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000)

01:47:37 executing program 0:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

[  462.313337][ T8086] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
[  462.334074][ T8076] loop3: detected capacity change from 0 to 8192
[  462.366209][ T6665]     140548063100928-140548071489535: ffff888022f0e620
01:47:37 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0)

[  462.411479][ T8076] syz-executor.3: attempt to access beyond end of device
[  462.411479][ T8076] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192
01:47:37 executing program 4:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

[  462.460432][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  462.482558][ T8076] Buffer I/O error on dev loop3, logical block 64405, async page read
[  462.536688][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  462.552056][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  462.589069][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  462.591339][ T8097] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
[  462.605919][ T8076] FAT-fs (loop3): Filesystem has been set read-only
[  462.623897][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  462.651643][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  462.655238][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  462.684795][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
01:47:37 executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x64}, {}]})

[  462.694728][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  462.716847][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  462.727423][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  462.781767][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  462.796750][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  462.811685][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  462.823270][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
01:47:37 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @empty}}})

01:47:37 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, 0x0)

[  462.856650][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  462.873490][ T6665]     140548085284864-140548085288959: 0000000000000000
[  462.953471][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  462.967284][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  463.008350][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  463.022094][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  463.033780][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  463.073770][ T6665]     140548085690368-140548085710847: 0000000000000000
[  463.103350][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  463.113679][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  463.144711][   T27] audit: type=1800 audit(1673401657.938:69): pid=8076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048606 res=0 errno=0
01:47:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0)
sendfile(r0, r0, 0x0, 0x4)

01:47:38 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0)

01:47:38 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000003940), 0x0, 0x0)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000039c0))

01:47:38 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, 0x0, 0x4)

[  463.193680][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
01:47:38 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, 0x0, 0x0)

01:47:38 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55)
syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000)

01:47:38 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00')
preadv(r0, &(0x7f0000000440)=[{&(0x7f0000000180)=""/174, 0xae}], 0x1, 0x401, 0x0)

01:47:38 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000001c0)=@filter={'filter\x00', 0xe, 0x4, 0x410, 0xffffffff, 0x100, 0x340, 0x100, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@frag={{0x30}}]}, @REJECT={0x28}}, {{@ipv6={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'dvmrp0\x00', 'wlan1\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@frag={{0x30}}, @common=@eui64={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470)

01:47:38 executing program 0:
pipe(&(0x7f0000003b00)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f0000003c40)=[{0x0}, {&(0x7f0000003b80)='K', 0x1}], 0x2, 0x0)

01:47:38 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, 0x1c}}, 0x0)

01:47:38 executing program 4:
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)

[  463.447498][ T8121] x_tables: duplicate underflow at hook 2
01:47:38 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {0x74}]})

[  463.515220][ T8109] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
[  463.566449][ T6665]     140548097556480-140548097601535: 0000000000000000
[  463.601684][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  463.638585][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  463.638641][ T8129] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  463.653178][ T8129] IPv6: NLM_F_CREATE should be set when creating new route
[  463.695040][ T6665]     140548097736704-140735437164543: 0000000000000000
[  463.737425][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  463.784369][ T6665]     140735437299712-140735437316095: 0000000000000000
[  463.811044][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  463.822995][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  463.842532][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  463.860373][ T6665] Pass: 10004474 Run:10004611
[  463.870764][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  463.880606][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  463.890693][ T6665] Call Trace:
[  463.893991][ T6665]  <TASK>
[  463.896958][ T6665]  dump_stack_lvl+0xd1/0x138
[  463.901603][ T6665]  mt_find.cold+0x8b/0x90
[  463.905982][ T6665]  ? mas_find+0x1d0/0x1d0
[  463.910370][ T6665]  find_vma+0x10c/0x1b0
[  463.914568][ T6665]  ? can_vma_merge_before+0x390/0x390
[  463.919988][ T6665]  ? walk_page_test+0x78/0x180
[  463.924805][ T6665]  walk_page_range+0x2b1/0x4a0
[  463.929616][ T6665]  ? __walk_page_range+0x780/0x780
[  463.934798][ T6665]  mlock_fixup+0x650/0x810
[  463.935842][ T8124] loop3: detected capacity change from 0 to 8192
[  463.939255][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  463.939306][ T6665]  ? mlock_fixup+0x810/0x810
[  463.939365][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  463.939412][ T6665]  do_mlock+0x25a/0x6d0
[  463.965579][ T6665]  ? folio_evictable+0x270/0x270
[  463.970590][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  463.976533][ T6665]  __x64_sys_mlock+0x59/0x80
[  463.981142][ T6665]  do_syscall_64+0x39/0xb0
[  463.985590][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  463.991509][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  463.995938][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  464.015565][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  464.023998][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  464.031983][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  464.039965][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  464.047948][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  464.055933][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  464.063941][ T6665]  </TASK>
[  464.090361][ T8124] syz-executor.3: attempt to access beyond end of device
[  464.090361][ T8124] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192
[  464.119422][ T8124] Buffer I/O error on dev loop3, logical block 64405, async page read
[  464.134533][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.145616][ T8124] FAT-fs (loop3): Filesystem has been set read-only
[  464.162672][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.183150][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.203751][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.214449][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.244900][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.252836][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.284011][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.294020][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.322807][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.351006][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.392934][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  464.414509][   T27] audit: type=1800 audit(1673401659.218:70): pid=8124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048607 res=0 errno=0
01:47:39 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x17, 0x0, 0x200, 0x614, 0x0, 0x1}, 0x48)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r0}, 0x10)

01:47:39 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x24, 0x10, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x5}]}, 0x24}}, 0x0)

01:47:39 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0)

01:47:39 executing program 2:
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x1, 0x10}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0)

01:47:39 executing program 3:
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0)
sendfile(r0, r0, 0x0, 0x4)

01:47:39 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55)
syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000)

[  464.451132][ T6665] index not increased! 20ffb000 <= 20ffb000
[  464.482872][ T8137] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
01:47:39 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newroute={0x44, 0x18, 0xffffffffffffffff, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @dev}, @RTA_METRICS={0x4}, @RTA_PRIORITY={0x8, 0x6, 0xdd}, @RTA_EXPIRES={0x8}]}, 0x44}}, 0x0)

[  464.532381][ T6665] BUG at mt_find:6473 (1)
[  464.545563][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
01:47:39 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x40008001)

[  464.617171][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
01:47:39 executing program 5:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000)

01:47:39 executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0)

01:47:39 executing program 4:
clock_settime(0xab405b01d94ea4ab, &(0x7f0000000040))

[  464.766646][ T6508] usb 3-1: new high-speed USB device number 5 using dummy_hcd
01:47:39 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000e00)={'syztnl1\x00', 0x0})

[  464.882363][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
01:47:39 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x5}, @RTA_ENCAP_TYPE={0x4}]}, 0x2c}}, 0x0)

[  465.016366][ T6508] usb 3-1: Using ep0 maxpacket: 16
[  465.090242][ T8164] netlink: 'syz-executor.4': attribute type 21 has an invalid length.
[  465.106535][ T5169] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  465.123026][ T8150] loop3: detected capacity change from 0 to 8192
[  465.125247][ T6665]     0-536866815: 
01:47:39 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@ipv6_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_METRICS={0x5, 0x8, 0x0, 0x1, 'x'}]}, 0x24}}, 0x0)

[  465.136789][ T6508] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  465.160605][ T6665] 0000000000000000
[  465.166911][ T6508] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  465.193381][ T6665]     536866816-536870911: ffff888022f0e0e0
[  465.209256][ T8150] syz-executor.3: attempt to access beyond end of device
[  465.209256][ T8150] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192
[  465.231123][ T6508] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  465.243111][ T6665]     536870912-553627647: ffff888022f0e1c0
01:47:40 executing program 4:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000013c0)={&(0x7f00000010c0)='netfs_failure\x00'}, 0x10)

[  465.285221][ T8150] Buffer I/O error on dev loop3, logical block 64405, async page read
[  465.298136][ T6665]     553627648-553635839: 0000000000000000
[  465.338429][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.352009][ T6665]     553635840-553627647: ffff8880272dc9a0
[  465.366762][ T5169] usb 1-1: Using ep0 maxpacket: 16
[  465.387416][ T6665]     553627648-553644031: ffff8880272dc8c0
[  465.388287][ T8150] FAT-fs (loop3): Filesystem has been set read-only
[  465.426919][ T6508] usb 3-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17
[  465.436105][ T6665]     553644032-553648127: ffff88807e16c7e0
[  465.444689][ T6665]     553648128-553652223: ffff888022f0e2a0
[  465.451344][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.464139][ T6508] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.480766][ T6665]     553652224-116813594623: 0000000000000000
[  465.487556][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  465.501081][ T6508] usb 3-1: Product: syz
[  465.511440][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  465.523783][ T6508] usb 3-1: Manufacturer: syz
[  465.531051][ T6665]     116813594624-116817788927: ffff888022f0e380
[  465.544759][ T6508] usb 3-1: SerialNumber: syz
[  465.551100][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.570771][ T6508] usb 3-1: config 0 descriptor??
[  465.571576][ T6665]     116817788928-93825002663935: 0000000000000000
[  465.606383][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.614240][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.615005][ T8139] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  465.622840][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  465.636862][ T6665]     93825002803200-140548063096831: 0000000000000000
[  465.643760][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  465.651290][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  465.710011][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.718193][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.726159][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.726631][ T5169] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17
[  465.734153][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.751343][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  465.758606][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.766080][ T5169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.766597][ T6665]     140548071489536-140548073586687: 
[  465.775016][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.780828][ T5169] usb 1-1: Product: syz
[  465.788756][ T6665] ffff888022f0e700
[  465.806808][ T5169] usb 1-1: Manufacturer: syz
[  465.807631][ T6665]     140548073586688-140548075683839: 
[  465.811419][ T5169] usb 1-1: SerialNumber: syz
[  465.823832][ T5169] usb 1-1: config 0 descriptor??
[  465.827589][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f)
[  465.845335][ T6665] ffff888022f0e7e0
01:47:40 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55)
syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000)

[  465.849327][   T27] audit: type=1800 audit(1673401660.658:71): pid=8150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048608 res=0 errno=0
[  465.853896][ T6665]     140548075683840-140548077780991: 
[  465.870258][ T8156] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  465.926708][ T6508] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  465.951002][ T6508] asix: probe of 3-1:0.0 failed with error -71
[  465.976516][ T6665] ffff888022f0e8c0
[  465.989396][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  465.993299][ T6508] usb 3-1: USB disconnect, device number 5
[  466.024799][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  466.048100][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  466.072034][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  466.095432][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  466.119500][ T6665]     140548085284864-140548085288959: 0000000000000000
[  466.134663][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  466.140009][ T5169] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  466.148608][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  466.176929][ T5169] asix: probe of 1-1:0.0 failed with error -71
[  466.181002][ T6665]     140548085690368-140548085710847: 0000000000000000
[  466.199376][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  466.225253][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  466.228325][ T5169] usb 1-1: USB disconnect, device number 4
01:47:41 executing program 2:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, 0x0)
syz_clone(0x40108000, 0x0, 0x0, 0x0, &(0x7f0000000440), 0x0)

01:47:41 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {0x28}]})

01:47:41 executing program 5:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000)

01:47:41 executing program 3:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000)

[  466.397181][ T6665]     140548097556480-140548097601535: 0000000000000000
[  466.404184][ T6665]     140548097601536-140548097605631: ffff88806b3de460
01:47:41 executing program 4:
syz_clone(0x40108000, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0)

[  466.477436][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  466.538797][ T6665]     140548097736704-140735437164543: 0000000000000000
[  466.577762][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
01:47:41 executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0)

[  466.645641][ T6665]     140735437299712-140735437316095: 0000000000000000
[  466.706690][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  466.769524][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  466.832523][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  466.872982][ T6665] Pass: 10063470 Run:10063608
[  466.894378][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  466.904236][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  466.914319][ T6665] Call Trace:
[  466.917625][ T6665]  <TASK>
[  466.920586][ T6665]  dump_stack_lvl+0xd1/0x138
[  466.925234][ T6665]  mt_find.cold+0x8b/0x90
[  466.929617][ T6665]  ? mas_find+0x1d0/0x1d0
[  466.934018][ T6665]  find_vma+0x10c/0x1b0
[  466.938214][ T6665]  ? can_vma_merge_before+0x390/0x390
[  466.943640][ T6665]  ? walk_page_test+0x78/0x180
[  466.948476][ T6665]  walk_page_range+0x2b1/0x4a0
[  466.953294][ T6665]  ? __walk_page_range+0x780/0x780
[  466.958461][ T6665]  mlock_fixup+0x650/0x810
[  466.962921][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  466.968154][ T6665]  ? mlock_fixup+0x810/0x810
[  466.972790][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  466.978726][ T6665]  do_mlock+0x25a/0x6d0
[  466.982918][ T6665]  ? folio_evictable+0x270/0x270
[  466.987899][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  466.993821][ T6665]  __x64_sys_mlock+0x59/0x80
[  466.998429][ T6665]  do_syscall_64+0x39/0xb0
[  467.002874][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  467.008789][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  467.013223][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  467.032848][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  467.041285][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  467.049272][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  467.057255][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  467.065240][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  467.073231][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  467.081240][ T6665]  </TASK>
01:47:41 executing program 1:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})

[  467.096565][ T6665] index not increased! 20ffb000 <= 20ffb000
[  467.110969][ T6665] BUG at mt_find:6473 (1)
[  467.131677][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  467.156573][ T5169] usb 1-1: new high-speed USB device number 5 using dummy_hcd
01:47:42 executing program 2:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")

[  467.210324][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
01:47:42 executing program 3:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000)

[  467.310097][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
01:47:42 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x8c}, 0x48)

[  467.394817][ T6665]     0-536866815: 0000000000000000
[  467.407447][ T6665]     536866816-536870911: ffff888022f0e0e0
[  467.422977][ T6665]     536870912-553627647: ffff888022f0e1c0
[  467.443621][ T6665]     553627648-553635839: 0000000000000000
01:47:42 executing program 5:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000)

[  467.476544][ T5169] usb 1-1: Using ep0 maxpacket: 16
[  467.489393][ T6665]     553635840-553627647: ffff8880272dc9a0
01:47:42 executing program 1:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})

01:47:42 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x6)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1}, 0x1c}}, 0x0)

[  467.564107][ T6665]     553627648-553644031: ffff8880272dc8c0
[  467.596727][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  467.627341][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  467.629653][ T6665]     553644032-553648127: ffff88807e16c7e0
[  467.730938][ T6665]     553648128-553652223: ffff888022f0e2a0
[  467.762466][ T6665]     553652224-116813594623: 0000000000000000
01:47:42 executing program 4:
unshare(0x0)
timer_create(0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
close(0xffffffffffffffff)
socket$inet6(0xa, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00')
preadv(r0, &(0x7f0000000440)=[{&(0x7f0000000180)=""/174, 0xae}, {&(0x7f0000000280)=""/136, 0x88}, {&(0x7f0000000340)=""/225, 0xe1}, {&(0x7f0000000580)=""/246, 0xf6}, {&(0x7f0000000680)=""/215, 0xd7}, {&(0x7f0000000780)=""/166, 0xa6}, {&(0x7f0000000840)=""/200, 0xc8}], 0x7, 0x401, 0x68)

[  467.806932][ T6665]     116813594624-116817788927: ffff888022f0e380
[  467.816461][ T6665]     116817788928-93825002663935: 0000000000000000
01:47:42 executing program 2:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")

[  467.847955][ T5169] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17
[  467.866498][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  467.886470][ T5169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
01:47:42 executing program 3:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000)

[  467.914801][ T6665]     93825002803200-140548063096831: 0000000000000000
[  467.924908][ T5169] usb 1-1: Product: syz
[  467.945114][ T5169] usb 1-1: Manufacturer: syz
[  467.973106][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  467.980516][ T5169] usb 1-1: SerialNumber: syz
[  468.016685][ T5169] usb 1-1: config 0 descriptor??
01:47:42 executing program 1:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})

[  468.031166][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  468.106931][ T8192] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  468.259350][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  468.306626][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  468.352583][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  468.386535][ T5169] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  468.406792][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  468.410555][ T5169] asix: probe of 1-1:0.0 failed with error -71
[  468.429274][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  468.460205][ T5169] usb 1-1: USB disconnect, device number 5
[  468.485982][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  468.522798][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  468.601209][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  468.617517][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  468.652218][ T6665]     140548085284864-140548085288959: 0000000000000000
[  468.702381][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  468.733908][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  468.745317][ T6665]     140548085690368-140548085710847: 0000000000000000
[  468.758227][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  468.765298][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  468.844181][ T6665]     140548097556480-140548097601535: 0000000000000000
[  468.853068][ T6665]     140548097601536-140548097605631: ffff88806b3de460
01:47:43 executing program 1:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})

01:47:43 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x24, 0x12, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x5}]}, 0x24}}, 0x0)

01:47:43 executing program 5:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000)

01:47:43 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0)

01:47:43 executing program 2:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")

01:47:43 executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0)

01:47:43 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0)

[  469.055751][ T8249] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
01:47:43 executing program 4:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59)
ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0)

01:47:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0)

[  469.112815][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  469.137766][ T6665]     140548097736704-140735437164543: 0000000000000000
[  469.236280][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  469.271314][ T6665]     140735437299712-140735437316095: 0000000000000000
01:47:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0)

[  469.296485][ T6515] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  469.304230][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  469.321976][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  469.372406][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  469.414508][ T6665] Pass: 10201331 Run:10201470
[  469.440757][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  469.450608][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  469.460692][ T6665] Call Trace:
[  469.464003][ T6665]  <TASK>
[  469.466963][ T6665]  dump_stack_lvl+0xd1/0x138
[  469.471608][ T6665]  mt_find.cold+0x8b/0x90
[  469.475992][ T6665]  ? mas_find+0x1d0/0x1d0
[  469.480384][ T6665]  find_vma+0x10c/0x1b0
[  469.484580][ T6665]  ? can_vma_merge_before+0x390/0x390
01:47:44 executing program 1:
syz_usb_connect$hid(0x0, 0x36, 0xfffffffffffffffe, 0x0)

01:47:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_getnexthop={0x18, 0x6a, 0x285}, 0x18}}, 0x0)

[  469.489997][ T6665]  ? walk_page_test+0x78/0x180
[  469.494811][ T6665]  walk_page_range+0x2b1/0x4a0
[  469.499634][ T6665]  ? __walk_page_range+0x780/0x780
[  469.504814][ T6665]  mlock_fixup+0x650/0x810
[  469.509288][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  469.514535][ T6665]  ? mlock_fixup+0x810/0x810
[  469.519193][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  469.525143][ T6665]  do_mlock+0x25a/0x6d0
[  469.529360][ T6665]  ? folio_evictable+0x270/0x270
[  469.534367][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  469.540312][ T6665]  __x64_sys_mlock+0x59/0x80
[  469.544926][ T6665]  do_syscall_64+0x39/0xb0
[  469.549377][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  469.555294][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  469.559719][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  469.579344][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  469.587776][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  469.595760][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  469.603741][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  469.611727][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  469.619710][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  469.627711][ T6665]  </TASK>
[  469.686571][ T6515] usb 1-1: Using ep0 maxpacket: 16
01:47:44 executing program 3:
userfaultfd(0x0)
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0)
write$FUSE_WRITE(r0, &(0x7f00000047c0)={0x18}, 0x18)

01:47:44 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='.\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001200000085"], 0x3c}}, 0x0)

[  469.806682][ T6515] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  469.824014][ T6515] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  469.964487][ T8274] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'.
[  469.999863][ T6665] index not increased! 20ffb000 <= 20ffb000
[  470.006670][ T6515] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17
[  470.015802][ T6515] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.048714][ T6515] usb 1-1: Product: syz
[  470.056631][ T6515] usb 1-1: Manufacturer: syz
01:47:44 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x7, &(0x7f0000000080)=[{0x5}, {}, {}, {}, {}, {}, {}]})

[  470.064258][ T6515] usb 1-1: SerialNumber: syz
[  470.075421][ T6515] usb 1-1: config 0 descriptor??
[  470.098078][ T6665] BUG at mt_find:6473 (1)
[  470.102449][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  470.112039][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  470.117822][ T8248] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
01:47:45 executing program 1:
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2)
r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)

[  470.153270][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
01:47:45 executing program 2:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")

[  470.286664][ T6665]     0-536866815: 0000000000000000
[  470.331844][ T6665]     536866816-536870911: ffff888022f0e0e0
[  470.380432][ T6665]     536870912-553627647: ffff888022f0e1c0
[  470.406697][ T6665]     553627648-553635839: 0000000000000000
[  470.435362][ T6665]     553635840-553627647: ffff8880272dc9a0
[  470.451049][ T6665]     553627648-553644031: ffff8880272dc8c0
[  470.473298][ T6665]     553644032-553648127: ffff88807e16c7e0
[  470.489597][ T6665]     553648128-553652223: ffff888022f0e2a0
[  470.505681][ T6665]     553652224-116813594623: 0000000000000000
[  470.524293][ T6665]     116813594624-116817788927: ffff888022f0e380
[  470.558043][ T6665]     116817788928-93825002663935: 0000000000000000
[  470.586482][ T6515] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  470.586772][ T6665]     93825002663936-93825002803199: 
[  470.599132][ T6515] asix: probe of 1-1:0.0 failed with error -71
[  470.626405][ T6665] ffff888022f0e460
[  470.630165][ T6665]     93825002803200-140548063096831: 0000000000000000
[  470.644958][ T6515] usb 1-1: USB disconnect, device number 6
[  470.671390][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  470.695744][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  470.876159][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  470.896366][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  470.903364][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  470.910657][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  470.917726][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  470.932090][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  470.943720][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  470.956550][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  470.970357][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  470.985329][ T6665]     140548085284864-140548085288959: 0000000000000000
[  471.002920][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  471.019044][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  471.035305][ T6665]     140548085690368-140548085710847: 0000000000000000
[  471.054719][ T6665]     140548085710848-140548097556479: ffff88806b3de000
01:47:45 executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0)

01:47:45 executing program 4:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59)
ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0)

01:47:45 executing program 3:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x82)
write$cgroup_pid(r0, &(0x7f0000000040), 0x12)

01:47:45 executing program 5:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")
write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59)
ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, 0x0)

01:47:45 executing program 1:
syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f00000003c0), 0x3735, 0x0)

[  471.070796][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
01:47:46 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r1, 0x1}, 0x14}}, 0x0)

01:47:46 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000600)={0x0}}, 0x0)

[  471.261518][ T6665]     140548097556480-140548097601535: 0000000000000000
01:47:46 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}})

[  471.301811][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  471.339306][ T6665]     140548097605632-140548097736703: ffff88806b3de380
01:47:46 executing program 3:
clock_settime(0x700, 0x0)

[  471.403041][ T6665]     140548097736704-140735437164543: 0000000000000000
01:47:46 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}})

[  471.452971][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
01:47:46 executing program 3:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x2, &(0x7f0000000080)=@raw=[@initr0], &(0x7f00000000c0)='GPL\x00', 0x3, 0xd1, &(0x7f0000000100)=""/209, 0x0, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[  471.509249][ T6665]     140735437299712-140735437316095: 0000000000000000
[  471.546491][ T6954] usb 1-1: new high-speed USB device number 7 using dummy_hcd
01:47:46 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='.\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001200000005002a000000000008"], 0x3c}}, 0x0)

[  471.586536][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  471.669195][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  471.703073][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  471.736413][ T6665] Pass: 10252504 Run:10252644
[  471.746688][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  471.756541][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  471.766627][ T6665] Call Trace:
[  471.769923][ T6665]  <TASK>
[  471.772871][ T6665]  dump_stack_lvl+0xd1/0x138
[  471.777507][ T6665]  mt_find.cold+0x8b/0x90
[  471.781893][ T6665]  ? mas_find+0x1d0/0x1d0
[  471.786292][ T6665]  find_vma+0x10c/0x1b0
[  471.790486][ T6665]  ? can_vma_merge_before+0x390/0x390
[  471.795900][ T6665]  ? walk_page_test+0x78/0x180
[  471.800712][ T6665]  walk_page_range+0x2b1/0x4a0
[  471.805523][ T6665]  ? __walk_page_range+0x780/0x780
[  471.810702][ T6665]  mlock_fixup+0x650/0x810
[  471.815188][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  471.820456][ T6665]  ? mlock_fixup+0x810/0x810
[  471.825144][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  471.831097][ T6665]  do_mlock+0x25a/0x6d0
[  471.835314][ T6665]  ? folio_evictable+0x270/0x270
[  471.840323][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  471.846276][ T6665]  __x64_sys_mlock+0x59/0x80
[  471.850899][ T6665]  do_syscall_64+0x39/0xb0
[  471.855371][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  471.861305][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  471.865755][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  471.885408][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  471.893864][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  471.901869][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  471.906526][ T6954] usb 1-1: Using ep0 maxpacket: 16
[  471.909851][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  471.909875][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  471.909894][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  471.909934][ T6665]  </TASK>
[  471.986011][ T6665] index not increased! 20ffb000 <= 20ffb000
[  472.031171][ T6665] BUG at mt_find:6473 (1)
[  472.057021][ T6954] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  472.067858][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  472.095240][ T6954] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  472.173906][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  472.222320][ T8316] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.2'.
[  472.324745][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  472.406431][ T6954] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17
[  472.415518][ T6954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.454417][ T6954] usb 1-1: Product: syz
[  472.466428][ T6954] usb 1-1: Manufacturer: syz
[  472.471068][ T6954] usb 1-1: SerialNumber: syz
[  472.506768][ T6954] usb 1-1: config 0 descriptor??
[  472.526777][ T8294] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  472.656364][ T6665]     0-536866815: 0000000000000000
[  472.661636][ T6665]     536866816-536870911: ffff888022f0e0e0
[  472.736434][ T6665]     536870912-553627647: ffff888022f0e1c0
[  472.742404][ T6665]     553627648-553635839: 0000000000000000
[  472.757694][ T6954] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  472.796508][ T6954] asix: probe of 1-1:0.0 failed with error -71
[  472.817451][ T6954] usb 1-1: USB disconnect, device number 7
[  472.824243][ T6665]     553635840-553627647: ffff8880272dc9a0
[  472.886863][ T6665]     553627648-553644031: ffff8880272dc8c0
[  472.892818][ T6665]     553644032-553648127: ffff88807e16c7e0
[  472.946376][ T6665]     553648128-553652223: ffff888022f0e2a0
[  472.952330][ T6665]     553652224-116813594623: 0000000000000000
[  472.996343][ T6665]     116813594624-116817788927: ffff888022f0e380
[  473.002862][ T6665]     116817788928-93825002663935: 0000000000000000
[  473.056362][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  473.063185][ T6665]     93825002803200-140548063096831: 0000000000000000
[  473.136345][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  473.143366][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  473.281880][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  473.289116][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  473.296180][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  473.303356][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  473.310767][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  473.317912][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
01:47:48 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}})

01:47:48 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0xd00}, 0x14}}, 0x0)

01:47:48 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000008c0), 0xffffffffffffffff)

01:47:48 executing program 4:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59)
ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0)

01:47:48 executing program 2:
r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020)

01:47:48 executing program 3:
openat$vhost_vsock(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)

01:47:48 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}})

01:47:48 executing program 0:
syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x81c2)

[  473.439306][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
01:47:48 executing program 3:
timer_create(0x0, &(0x7f0000001340)={0x0, 0x0, 0x4, @tid=0xffffffffffffffff}, 0x0)

01:47:48 executing program 1:
r0 = syz_open_dev$loop(&(0x7f00000003c0), 0x4, 0x0)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

01:47:48 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x8912, &(0x7f0000000180)={'sit0\x00', 0x0})

01:47:48 executing program 3:
socketpair(0x26, 0x0, 0x0, &(0x7f0000000680))

[  473.532567][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
01:47:48 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000140)={'gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x0, 0x7800, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private}}}})

01:47:48 executing program 0:
r0 = openat$cuse(0xffffff9c, &(0x7f00000046c0), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000004700)=ANY=[], 0x2e)

[  473.646431][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
01:47:48 executing program 5:
memfd_create(&(0x7f00000003c0)='!#{:^\x00', 0x4)

[  473.785223][ T6665]     140548085284864-140548085288959: 0000000000000000
[  473.869411][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  473.939538][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  474.035423][ T6665]     140548085690368-140548085710847: 0000000000000000
[  474.060905][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  474.113175][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  474.256563][ T6665]     140548097556480-140548097601535: 0000000000000000
[  474.263576][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  474.358587][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  474.365596][ T6665]     140548097736704-140735437164543: 0000000000000000
01:47:49 executing program 4:
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0)
ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580))
syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6")
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59)
ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0)

[  474.466395][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  474.473441][ T6665]     140735437299712-140735437316095: 0000000000000000
[  474.497217][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  474.504259][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
01:47:49 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @local}}}})

01:47:49 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0xc0045878, 0x0)

01:47:49 executing program 3:
r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0)
read$FUSE(r0, &(0x7f00000024c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000200)={0xa0, 0xfffffffffffffffe, r1}, 0xa0)

01:47:49 executing program 2:
r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020)

01:47:49 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x8933, &(0x7f0000000180)={'sit0\x00', 0x0})

01:47:49 executing program 1:
clock_settime(0x0, &(0x7f00000003c0)={0x77359400})

01:47:49 executing program 3:
syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={{}, 0x2c, {}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee01}}, 0x0, 0x0, 0x0)

01:47:49 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040))

03:33:20 executing program 5:
r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x300, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0)

03:33:20 executing program 1:
r0 = openat$zero(0xffffff9c, &(0x7f0000000440), 0x20142, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)

[  474.642072][ T6665]     140735437340672-18446744073709551615: 0000000000000000
03:33:20 executing program 0:
r0 = openat$cuse(0xffffff9c, &(0x7f00000061c0), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000006240)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_ENTRY(r0, &(0x7f0000008280)={0x90, 0x8c508da88351c97a, r1}, 0x90)

[  474.789077][ T6665] Pass: 10302971 Run:10303112
[  474.822300][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  474.832157][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  474.842238][ T6665] Call Trace:
[  474.845537][ T6665]  <TASK>
[  474.848498][ T6665]  dump_stack_lvl+0xd1/0x138
[  474.853139][ T6665]  mt_find.cold+0x8b/0x90
[  474.857520][ T6665]  ? mas_find+0x1d0/0x1d0
[  474.861904][ T6665]  find_vma+0x10c/0x1b0
[  474.866100][ T6665]  ? can_vma_merge_before+0x390/0x390
[  474.871513][ T6665]  ? walk_page_test+0x78/0x180
[  474.876319][ T6665]  walk_page_range+0x2b1/0x4a0
[  474.881130][ T6665]  ? __walk_page_range+0x780/0x780
[  474.886292][ T6665]  mlock_fixup+0x650/0x810
[  474.890752][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  474.895987][ T6665]  ? mlock_fixup+0x810/0x810
[  474.900622][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  474.906550][ T6665]  do_mlock+0x25a/0x6d0
[  474.910740][ T6665]  ? folio_evictable+0x270/0x270
[  474.915722][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  474.921643][ T6665]  __x64_sys_mlock+0x59/0x80
[  474.926253][ T6665]  do_syscall_64+0x39/0xb0
[  474.930707][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  474.936624][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  474.941057][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  474.960683][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  474.969114][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  474.977105][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  474.985091][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  474.993073][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  475.001056][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  475.009057][ T6665]  </TASK>
[  475.315025][ T6665] index not increased! 20ffb000 <= 20ffb000
[  475.400433][ T6665] BUG at mt_find:6473 (1)
[  475.405012][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  475.423306][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  475.485095][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  475.549645][ T6665]     0-536866815: 0000000000000000
[  475.555038][ T6665]     536866816-536870911: ffff888022f0e0e0
[  475.568556][ T6665]     536870912-553627647: ffff888022f0e1c0
[  475.574641][ T6665]     553627648-553635839: 0000000000000000
[  475.587671][ T6665]     553635840-553627647: ffff8880272dc9a0
[  475.594162][ T6665]     553627648-553644031: ffff8880272dc8c0
[  475.634383][ T6665]     553644032-553648127: ffff88807e16c7e0
[  475.643517][ T6665]     553648128-553652223: ffff888022f0e2a0
[  475.674618][ T6665]     553652224-116813594623: 0000000000000000
[  475.684295][ T6665]     116813594624-116817788927: ffff888022f0e380
[  475.700868][ T6665]     116817788928-93825002663935: 0000000000000000
[  475.711874][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  475.744245][ T6665]     93825002803200-140548063096831: 0000000000000000
[  475.772743][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  475.785997][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  475.916365][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  475.923374][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  475.997096][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  476.004100][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  476.067715][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  476.074716][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  476.122937][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  476.156651][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  476.190876][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  476.208652][ T6665]     140548085284864-140548085288959: 0000000000000000
[  476.215641][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  476.268628][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  476.275634][ T6665]     140548085690368-140548085710847: 0000000000000000
[  476.321999][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  476.352867][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  476.547149][ T6665]     140548097556480-140548097601535: 0000000000000000
[  476.596387][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  476.603389][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  476.646365][ T6665]     140548097736704-140735437164543: 0000000000000000
[  476.696387][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  476.703384][ T6665]     140735437299712-140735437316095: 0000000000000000
[  476.797124][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  476.856361][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  476.863362][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  476.919533][ T6665] Pass: 10322220 Run:10322362
[  476.924252][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  476.934084][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  476.944148][ T6665] Call Trace:
[  476.947434][ T6665]  <TASK>
[  476.950372][ T6665]  dump_stack_lvl+0xd1/0x138
[  476.955011][ T6665]  mt_find.cold+0x8b/0x90
[  476.959378][ T6665]  ? mas_find+0x1d0/0x1d0
[  476.963746][ T6665]  find_vma+0x10c/0x1b0
[  476.967927][ T6665]  ? can_vma_merge_before+0x390/0x390
[  476.973377][ T6665]  ? walk_page_test+0x78/0x180
[  476.978178][ T6665]  walk_page_range+0x2b1/0x4a0
[  476.982974][ T6665]  ? __walk_page_range+0x780/0x780
[  476.988127][ T6665]  mlock_fixup+0x650/0x810
[  476.992584][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  476.997816][ T6665]  ? mlock_fixup+0x810/0x810
[  477.002448][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  477.008375][ T6665]  do_mlock+0x25a/0x6d0
[  477.012562][ T6665]  ? folio_evictable+0x270/0x270
[  477.017539][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  477.023460][ T6665]  __x64_sys_mlock+0x59/0x80
[  477.028064][ T6665]  do_syscall_64+0x39/0xb0
[  477.032511][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  477.038427][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  477.042856][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  477.062482][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  477.070910][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  477.078895][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  477.086879][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  477.094862][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  477.102844][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  477.110845][ T6665]  </TASK>
[  477.526404][ T6665] index not increased! 20ffb000 <= 20ffb000
[  477.532352][ T6665] BUG at mt_find:6473 (1)
[  477.559191][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  477.596493][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  477.786397][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  478.026397][ T6665]     0-536866815: 0000000000000000
[  478.031669][ T6665]     536866816-536870911: ffff888022f0e0e0
[  478.056389][ T6665]     536870912-553627647: ffff888022f0e1c0
[  478.062341][ T6665]     553627648-553635839: 0000000000000000
[  478.077684][ T6665]     553635840-553627647: ffff8880272dc9a0
[  478.083638][ T6665]     553627648-553644031: ffff8880272dc8c0
[  478.131705][ T6665]     553644032-553648127: ffff88807e16c7e0
[  478.146351][ T6665]     553648128-553652223: ffff888022f0e2a0
[  478.152292][ T6665]     553652224-116813594623: 0000000000000000
[  478.170213][ T6665]     116813594624-116817788927: ffff888022f0e380
[  478.179708][ T6665]     116817788928-93825002663935: 0000000000000000
[  478.187894][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  478.197236][ T6665]     93825002803200-140548063096831: 0000000000000000
[  478.204134][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  478.226771][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  478.336782][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  478.343778][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  478.350923][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  478.366378][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  478.373364][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  478.380447][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  478.415331][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  478.455686][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  478.476701][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  478.483739][ T6665]     140548085284864-140548085288959: 0000000000000000
[  478.536360][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  478.543793][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  478.564238][ T6665]     140548085690368-140548085710847: 0000000000000000
[  478.596408][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  478.614055][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  478.697749][ T6665]     140548097556480-140548097601535: 0000000000000000
[  478.704972][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  478.745717][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  478.776276][ T6665]     140548097736704-140735437164543: 0000000000000000
[  478.783512][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  478.803427][ T6665]     140735437299712-140735437316095: 0000000000000000
[  478.831968][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  478.843594][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  478.856451][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  478.863866][ T6665] Pass: 10340926 Run:10341069
[  478.920985][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  478.930839][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  478.940920][ T6665] Call Trace:
[  478.944223][ T6665]  <TASK>
[  478.947179][ T6665]  dump_stack_lvl+0xd1/0x138
[  478.951818][ T6665]  mt_find.cold+0x8b/0x90
[  478.956192][ T6665]  ? mas_find+0x1d0/0x1d0
[  478.960572][ T6665]  find_vma+0x10c/0x1b0
[  478.964772][ T6665]  ? can_vma_merge_before+0x390/0x390
[  478.970183][ T6665]  ? walk_page_test+0x78/0x180
[  478.974988][ T6665]  walk_page_range+0x2b1/0x4a0
[  478.979806][ T6665]  ? __walk_page_range+0x780/0x780
[  478.984997][ T6665]  mlock_fixup+0x650/0x810
[  478.989479][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  478.994732][ T6665]  ? mlock_fixup+0x810/0x810
[  478.999391][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  479.005336][ T6665]  do_mlock+0x25a/0x6d0
[  479.009545][ T6665]  ? folio_evictable+0x270/0x270
[  479.014556][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  479.020502][ T6665]  __x64_sys_mlock+0x59/0x80
[  479.025133][ T6665]  do_syscall_64+0x39/0xb0
[  479.029602][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  479.035535][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  479.039980][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  479.059634][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  479.068089][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  479.076180][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  479.084181][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  479.092183][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  479.100180][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  479.108200][ T6665]  </TASK>
[  479.416059][ T6665] index not increased! 20ffb000 <= 20ffb000
[  479.422040][ T6665] BUG at mt_find:6473 (1)
[  479.456337][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  479.464795][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  479.546455][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  479.646389][ T6665]     0-536866815: 0000000000000000
[  479.651650][ T6665]     536866816-536870911: ffff888022f0e0e0
[  479.676460][ T6665]     536870912-553627647: ffff888022f0e1c0
[  479.682409][ T6665]     553627648-553635839: 0000000000000000
[  479.707945][ T6665]     553635840-553627647: ffff8880272dc9a0
[  479.713892][ T6665]     553627648-553644031: ffff8880272dc8c0
[  479.745111][ T6665]     553644032-553648127: ffff88807e16c7e0
[  479.766401][ T6665]     553648128-553652223: ffff888022f0e2a0
[  479.772380][ T6665]     553652224-116813594623: 0000000000000000
[  479.796408][ T6665]     116813594624-116817788927: ffff888022f0e380
[  479.802869][ T6665]     116817788928-93825002663935: 0000000000000000
[  479.826351][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  479.833922][ T6665]     93825002803200-140548063096831: 0000000000000000
[  479.876339][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  479.883332][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  480.036350][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  480.044160][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  480.076483][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  480.106356][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  480.113355][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  480.136385][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  480.144571][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  480.176351][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  480.183337][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  480.206458][ T6665]     140548085284864-140548085288959: 0000000000000000
[  480.213451][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  480.246489][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  480.253692][ T6665]     140548085690368-140548085710847: 0000000000000000
[  480.286556][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  480.293550][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  480.426405][ T6665]     140548097556480-140548097601535: 0000000000000000
[  480.433412][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  480.451558][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  480.476784][ T6665]     140548097736704-140735437164543: 0000000000000000
[  480.483767][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  480.526479][ T6665]     140735437299712-140735437316095: 0000000000000000
[  480.533467][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  480.566343][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  480.573327][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  480.606384][ T6665] Pass: 10349671 Run:10349815
[  480.611090][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  480.620923][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  480.631002][ T6665] Call Trace:
[  480.634299][ T6665]  <TASK>
[  480.637250][ T6665]  dump_stack_lvl+0xd1/0x138
[  480.641890][ T6665]  mt_find.cold+0x8b/0x90
[  480.646269][ T6665]  ? mas_find+0x1d0/0x1d0
[  480.650647][ T6665]  find_vma+0x10c/0x1b0
[  480.654836][ T6665]  ? can_vma_merge_before+0x390/0x390
[  480.660250][ T6665]  ? walk_page_test+0x78/0x180
[  480.665054][ T6665]  walk_page_range+0x2b1/0x4a0
[  480.669861][ T6665]  ? __walk_page_range+0x780/0x780
[  480.675039][ T6665]  mlock_fixup+0x650/0x810
[  480.679519][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  480.684774][ T6665]  ? mlock_fixup+0x810/0x810
[  480.689425][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  480.695366][ T6665]  do_mlock+0x25a/0x6d0
[  480.699578][ T6665]  ? folio_evictable+0x270/0x270
[  480.704577][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  480.710517][ T6665]  __x64_sys_mlock+0x59/0x80
[  480.715137][ T6665]  do_syscall_64+0x39/0xb0
[  480.719603][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  480.725530][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  480.729968][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  480.749614][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  480.758063][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  480.766065][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  480.774061][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  480.782142][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  480.790137][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  480.798159][ T6665]  </TASK>
[  480.849079][ T6665] index not increased! 20ffb000 <= 20ffb000
[  480.855010][ T6665] BUG at mt_find:6473 (1)
[  480.866617][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  480.875119][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  480.937972][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  481.015652][ T6665]     0-536866815: 0000000000000000
[  481.023337][ T6665]     536866816-536870911: ffff888022f0e0e0
[  481.029707][ T6665]     536870912-553627647: ffff888022f0e1c0
[  481.035653][ T6665]     553627648-553635839: 0000000000000000
[  481.042204][ T6665]     553635840-553627647: ffff8880272dc9a0
[  481.048490][ T6665]     553627648-553644031: ffff8880272dc8c0
[  481.054440][ T6665]     553644032-553648127: ffff88807e16c7e0
[  481.060743][ T6665]     553648128-553652223: ffff888022f0e2a0
[  481.071116][ T6665]     553652224-116813594623: 0000000000000000
[  481.077655][ T6665]     116813594624-116817788927: ffff888022f0e380
[  481.084116][ T6665]     116817788928-93825002663935: 0000000000000000
[  481.091335][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  481.098428][ T6665]     93825002803200-140548063096831: 0000000000000000
[  481.105497][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  481.112900][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  481.196444][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  481.203443][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  481.216370][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  481.223625][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  481.236355][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  481.243340][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  481.268585][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  481.275578][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  481.284269][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  481.297127][ T6665]     140548085284864-140548085288959: 0000000000000000
[  481.304113][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  481.326390][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  481.333380][ T6665]     140548085690368-140548085710847: 0000000000000000
[  481.365588][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  481.391765][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  481.459039][ T6665]     140548097556480-140548097601535: 0000000000000000
[  481.466026][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  481.484496][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  481.506835][ T6665]     140548097736704-140735437164543: 0000000000000000
[  481.513821][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  481.536338][ T6665]     140735437299712-140735437316095: 0000000000000000
[  481.543325][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  481.571280][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  481.586443][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  481.598545][ T6665] Pass: 10353685 Run:10353830
[  481.606408][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  481.616258][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  481.626338][ T6665] Call Trace:
[  481.629640][ T6665]  <TASK>
[  481.632592][ T6665]  dump_stack_lvl+0xd1/0x138
[  481.637234][ T6665]  mt_find.cold+0x8b/0x90
[  481.641607][ T6665]  ? mas_find+0x1d0/0x1d0
[  481.645992][ T6665]  find_vma+0x10c/0x1b0
[  481.650179][ T6665]  ? can_vma_merge_before+0x390/0x390
[  481.655588][ T6665]  ? walk_page_test+0x78/0x180
[  481.660396][ T6665]  walk_page_range+0x2b1/0x4a0
[  481.665210][ T6665]  ? __walk_page_range+0x780/0x780
[  481.670382][ T6665]  mlock_fixup+0x650/0x810
[  481.674864][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  481.680115][ T6665]  ? mlock_fixup+0x810/0x810
[  481.684772][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  481.690715][ T6665]  do_mlock+0x25a/0x6d0
[  481.694921][ T6665]  ? folio_evictable+0x270/0x270
[  481.699916][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  481.705854][ T6665]  __x64_sys_mlock+0x59/0x80
[  481.710474][ T6665]  do_syscall_64+0x39/0xb0
[  481.714940][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  481.720872][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  481.725328][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  481.744969][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  481.753416][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  481.761416][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  481.769416][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  481.777415][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  481.785415][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  481.793443][ T6665]  </TASK>
[  481.809053][ T6665] index not increased! 20ffb000 <= 20ffb000
[  481.814982][ T6665] BUG at mt_find:6473 (1)
[  481.819424][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  481.829369][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  481.866876][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  481.920385][ T6665]     0-536866815: 0000000000000000
[  481.925649][ T6665]     536866816-536870911: ffff888022f0e0e0
[  481.932020][ T6665]     536870912-553627647: ffff888022f0e1c0
[  481.938228][ T6665]     553627648-553635839: 0000000000000000
[  481.944201][ T6665]     553635840-553627647: ffff8880272dc9a0
[  481.950480][ T6665]     553627648-553644031: ffff8880272dc8c0
[  481.956542][ T6665]     553644032-553648127: ffff88807e16c7e0
[  481.962591][ T6665]     553648128-553652223: ffff888022f0e2a0
[  481.972052][ T6665]     553652224-116813594623: 0000000000000000
[  481.984908][ T6665]     116813594624-116817788927: ffff888022f0e380
[  481.991874][ T6665]     116817788928-93825002663935: 0000000000000000
[  481.998960][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  482.005768][ T6665]     93825002803200-140548063096831: 0000000000000000
[  482.013755][ T6665]     140548063096832-140548063100927: ffff888022f0e540
[  482.021067][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
[  482.081061][ T6665]     140548063100928-140548071489535: ffff888022f0e620
[  482.090304][ T6665]     140548071489536-140548073586687: ffff888022f0e700
[  482.097598][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
[  482.104694][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
[  482.116231][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
[  482.123430][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
[  482.142633][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
[  482.149741][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  482.156877][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
[  482.163886][ T6665]     140548085284864-140548085288959: 0000000000000000
[  482.171025][ T6665]     140548085288960-140548085653503: ffff888022f0ee00
[  482.178149][ T6665]     140548085653504-140548085690367: ffff888022f0eee0
[  482.185159][ T6665]     140548085690368-140548085710847: 0000000000000000
[  482.204507][ T6665]     140548085710848-140548097556479: ffff88806b3de000
[  482.214296][ T6665]   140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  482.276188][ T6665]     140548097556480-140548097601535: 0000000000000000
[  482.283327][ T6665]     140548097601536-140548097605631: ffff88806b3de460
[  482.293090][ T6665]     140548097605632-140548097736703: ffff88806b3de380
[  482.300232][ T6665]     140548097736704-140735437164543: 0000000000000000
[  482.308786][ T6665]     140735437164544-140735437299711: ffff88806b3de0e0
[  482.315884][ T6665]     140735437299712-140735437316095: 0000000000000000
[  482.333533][ T6665]     140735437316096-140735437332479: ffff88806b3de1c0
[  482.344842][ T6665]     140735437332480-140735437340671: ffff88806b3de2a0
[  482.357547][ T6665]     140735437340672-18446744073709551615: 0000000000000000
[  482.364969][ T6665] Pass: 10355328 Run:10355474
[  482.376357][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
[  482.386197][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  482.396277][ T6665] Call Trace:
[  482.399574][ T6665]  <TASK>
[  482.402524][ T6665]  dump_stack_lvl+0xd1/0x138
[  482.407156][ T6665]  mt_find.cold+0x8b/0x90
[  482.411521][ T6665]  ? mas_find+0x1d0/0x1d0
[  482.415903][ T6665]  find_vma+0x10c/0x1b0
[  482.420093][ T6665]  ? can_vma_merge_before+0x390/0x390
[  482.425502][ T6665]  ? walk_page_test+0x78/0x180
[  482.430308][ T6665]  walk_page_range+0x2b1/0x4a0
[  482.435121][ T6665]  ? __walk_page_range+0x780/0x780
[  482.440289][ T6665]  mlock_fixup+0x650/0x810
[  482.444763][ T6665]  apply_vma_lock_flags+0x23d/0x350
[  482.450009][ T6665]  ? mlock_fixup+0x810/0x810
[  482.454647][ T6665]  ? __ia32_sys_get_robust_list+0x400/0x400
[  482.460572][ T6665]  do_mlock+0x25a/0x6d0
[  482.464765][ T6665]  ? folio_evictable+0x270/0x270
[  482.469747][ T6665]  ? syscall_enter_from_user_mode+0x26/0xb0
[  482.475675][ T6665]  __x64_sys_mlock+0x59/0x80
[  482.480292][ T6665]  do_syscall_64+0x39/0xb0
[  482.484749][ T6665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  482.490676][ T6665] RIP: 0033:0x7fd3e6a8c0c9
[  482.495110][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  482.514737][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  482.523169][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9
[  482.531158][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000
[  482.539144][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000
[  482.547130][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  482.555118][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000
[  482.563126][ T6665]  </TASK>
[  482.631951][ T6665] index not increased! 20ffb000 <= 20ffb000
[  482.642616][ T6665] BUG at mt_find:6473 (1)
[  482.656428][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e
[  482.664887][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  482.726470][ T6665]   0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d
[  482.781632][ T6665]     0-536866815: 0000000000000000
[  482.787233][ T6665]     536866816-536870911: ffff888022f0e0e0
[  482.793181][ T6665]     536870912-553627647: ffff888022f0e1c0
[  482.799509][ T6665]     553627648-553635839: 0000000000000000
[  482.807108][ T6665]     553635840-553627647: ffff8880272dc9a0
[  482.813061][ T6665]     553627648-553644031: ffff8880272dc8c0
[  482.819559][ T6665]     553644032-553648127: ffff88807e16c7e0
[  482.826671][ T6665]     553648128-553652223: ffff888022f0e2a0
03:33:28 executing program 0:
openat$cgroup_root(0xffffff9c, &(0x7f0000000280)='./cgroup/syz0\x00', 0x200002, 0x0)

03:33:28 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x8}, 0x4)

03:33:28 executing program 2:
r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020)

03:33:28 executing program 1:
r0 = openat$ptp0(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, 0x0)

03:33:28 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000280)=@gcm_128={{}, "f32a61d0875b4401", "4842c7a088e2103470ed2a8ea4b2493e", "f5a73d13", "dcf432b971804ba1"}, 0x28)

03:33:28 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)

[  482.832620][ T6665]     553652224-116813594623: 0000000000000000
[  482.839366][ T6665]     116813594624-116817788927: ffff888022f0e380
[  482.845830][ T6665]     116817788928-93825002663935: 0000000000000000
[  482.853576][ T6665]     93825002663936-93825002803199: ffff888022f0e460
[  482.869256][ T6665]     93825002803200-140548063096831: 0000000000000000
03:33:28 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14}, 0x200003d4}}, 0x0)

[  482.895322][ T6665]     140548063096832-140548063100927: ffff888022f0e540
03:33:28 executing program 2:
r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020)

03:33:28 executing program 0:
r0 = openat$ptp0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f00000000c0))

[  482.946403][ T6665]   140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d
03:33:28 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000000100)={0xef8, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xee4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x160, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x800}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '{#-\\#^\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8000}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x400}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '%+\\\x00'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x24}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, '[%\'*-],\x96^#)\x90^/\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe1f9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_VALUE={0x5, 0x4, "d1"}, @ETHTOOL_A_BITSET_VALUE={0xd78, 0x4, "b99c34fc2f28e2a4305bfbad32682e2b97016f6bff5b805062abf0b7821b080fe1b1922e5e7f017a3aae419aa84bbd0aa3556638cafcc8a929c33a3f60a563b9fe0780764da2e9d44a80099fb38c1f171bc98ccaa79acabade35e2c2dd16cfa53939f327a3b998b2e915ed43f847ce75ccdf42d8776f785956457d5e272c1e644f8ede252d5b99af470d2d1880ae2d1854d9c8217e3b5c9abe98f7336cee510b656ed60b83b18e1bab9d24b617831297b16056690e20374406cfbcc2be99f9c5936f935810ee3a3c1c9d66420f8ee2f5b4fdb5ff1382b1d30ac14430dd65a499172ded84b1ebce621e2915f4bbc484d02a4b2eb39f23dc3811d411bbba61226875d86ac33a7a0d0cf9a2a98bed397cdd4cee3a8f8b6da11382226f5cdd3ce6f0cb1f8584df1b6b4c9c712576ded85c9459c9fbd30a1b8ad1c2fa5ae9c0fed45a72440f4bbbec4505a32d75656d738fb584ed2d0405ffb2564b7875d5e83d1b12953eef92cb9ddb956441d9846511227b655588f5b08569b21ae09d17dee18def6b0b01da06fca80e35b2a347205384314249616e14a99186eb3694f7bb8a747015bd54f3878c12f4d9660f54b7a5a2d3e5b0aa6b528dd12d379642c41bc3382db05678570cb765e5430079f8abe87f2b79c254534fb19c5e4ba131bb4656c012b12ed3bbd3bbfa5f88bd5835dff67e5175874be92a1aa7914fd4f16e305a53742b5149ea2903881dd382c028548f28ce5716db2000cbcf0a7bf49479399460709af8087eb4f8d332b871881b419d7e11e4b7578a96a65e85e7b96410957249161d9b93944fcaddd916d9933239c7530bca4e6c815d6fc346d73852158df76f4952b8ea5c2de8a4e2b14625a83e1669b21305aaeeed4cee3e4155f85ba06d21032cf784e775b1ffa3605b7a45629beb3045d244ccd7cea5d2d26ff103ed840d8338c3bfae11fd7ddc06f5d54884dba18f39a187fc8e5147f02abc29ed6a874bdb0cd8d74d24ea3fba4224da3b0bea39050cf32fefc78410bb2ac15ea024c94dceb957e882aee861e46b78bab16a736f15eb7a5052f62f55b8f880f1c4243101e3c04b93cf9bb836532f738a08f243f105d581bb580a60478fed90457ec24e54bc3dea6eeb0f3b07eca7e236a3071b89156e4ff81c0065cbddf4fca26680e637953ed23b087565087daefdad1fd51a4274624c4e33b72b03eead28954e945c2fc9e33412a7fc6b7bbce980c33f4f09d5bc378d4776cacefc260521a303e4240735d19989890a58998baf66ccd733fc027bcd27cb8f02ff82c29eba453a4337f55e75551d00b81cd349ff47d45e777c3a917165c7c4adc353c9547ccbbe869fed37cd2833539969e7ab3203418eff8c02b03195ce88d38d9c5a9adf3bb91c99daa5110ece35eb6f93456ece097ff4a9fb90181bc6fc2c406f4d1b0070753bdee384d3406ed7df09242f1f08d4a86ac604e6936ab7e65c6de66dea7237a6cc2a70a25c4ed9c70f70468b8f6688f0674279ce7e923dbd9cac9a538ed89d7dfac82e3a43420acbd7fac5539a4c32815cff37ac1d8abc66231df657519f6bdd79298e6dc5ab3677364049d6716e50eaddbc2a87dfbf551372cb76f7b17dfafdd4b07a70b4400bfc6e9d00b4978d3ce5a06236ecec2923202f68de8144147761497d13201660bb1b59e0d8999c32ec7e029742c0ade2d77b707b62ab81515d6256e6c68c4a5cc2f4ad51a60410792409d4ef51013c7817209f88a828012b5fe2fc21902ea8b57c433ad331fdb615249e5408c9207755daa503914265b45fd2f603012c3353d7c9d7f9a91c7642f048f450dd6d1d255a3cfc2926fa4eec49f53e30b5a210bf6bb8dbd19c282892c4ad4390052f7c968b3ea04b1f2c714dee07acbab51132256615eca6fe9106cc488907f069de1ab5949401fb2db3bed38b1157b25de2f8f8b159571f597026cbdca85d216b2f64ef800341d87ed03767b6ed1338327868714eaa654e79b81dd9e82101195dc5e8c0ad5d0b62397af5b139f3bdcbd8f875be2831988538e58c7ef1344d7c8cf1756d659473465ccf85c1318080da326126f5bf89d3e7eb384c2c4491ac6b2ca3fd1992d28cc2a977ac26b47d082edc25239ac60121793914588fcd0293defe9c5d5674457e42bd95d0b7fb4f68d54a663f75945692c1d7da41ad89bd4a733e939e991b9c779b4c7370f20eaece943e143a4658add66610d12d522dd8f4cb3266d3a58df38b696ef6c208ce7dcadc6aab408a64c02910df659a3f566efb56b545294dec62412d154bac063cbdc4e5d4edb15a236b730b1f5dd3c6a7347c1eb6437662af97b6c505c65b9803827588920e8bb2c84813b21e0a5f9eefa65455b100f7fbaf0c4711e8cd46f576651cca4798092aca783506278d1542e3bb4fbc038415ff7a8f54b67c90372ce9cfae760bf9b721a3ddcab3903340f4121b5e3d05b941e54bd2fc9f5de3e9ca2641655ce69c583e258e4029c35d0f3962991e6b64c8114cbee6318a58ba586c072f4b10f21fb2be118f9f5e1b563102a47a5100180b13214c0fc60e24825b930aeb143139cadefa5b104ac9425183ea161883bee64050b25e794d5e0e39d358b10fd5165b610f8922d02d5e9b6bacd82d6cd2d2a68a2296650ac4bb534419f9124d72fd82e9990117c45ceb498b8e9c4f310ea153f2130c961f9499066d491cbbe66432c0c702e11a8b6852ed2e581f4547127bb70fa417f0699432de8f574ea59c610a67e4265d119cb245a2ee998e7f7e5686a9614d9dbfcc7362b9e660a1533b6ead9ffb7cc758d2aeae26a25b13d547f11aa56fe83825e5b54884c89af6e1265491b66e2b8f90b02176587abcd2ec285ac321cf5c059b31f07aa4b90f492d2065f664da863a7e566c6a6fe4384aa055abd702678c175285d6fc2da1186383255583623f01d3ab20f6b24770aea024b65740d437e470cde8d2f341ee7838671f465fe30adb16b480f3877266c9a05a44eed3b2b9b783cea013ebf46b23a82796421d39e600b6edf7cc9b9694f1a3b75cc1b0912182b49d8f5fa95fba7e9d4b1dc54db68d386bba6c86a56b33bf77f5b0b19798946d90d5a6f5d649b036269d10237d26f89a09d81a7a739779cfadbca1f21750903212c053c9c8914ff5d54c44642a745abb710832d892bf8cac08d6d05925f1165e2c5e0f97b374823b5f954acf83283122b1803897d452e3668a9c357c0591ad69da9cd7c20a439e70323708f3a15b2bfa277dd0371807b9fbf2057ddd687b7ad901c9d30de9faa61122194fccb6d1b98930f51c39672f6d952b7fe1625a3da3254ca6a8c05495303ad5e28a123ddd2c7509fe0d1196515028dbd1858bab27f55799fde60a4b41cbd3d1cfa655e0f36477c8136dff2f41256ec72279965b294c084dc6b406f01df228fc8ecc8dfb7a6f1cdec4e758a2fbe3a494b5cfdcab8e064097e408cb94df3e8b7186cac70cf8a71d8f6003049041f688639370e2ca08498fff139cd6cdb8b172e1fb2e9e7500e9914ad61c3f13541fec44065be6b71d876751919dccde0009a968ef3a0219ecf4f879b7c76285e1cda181a6a7c68792cd48131b146b7564a9320c27fe3fe3eab80b7b774f1d65f9dc2defb18e8f9c03a9c8b9f4f133f0fe685b4f2d732a7d64f74132d47781348b56bae6690b697126baf1ae15aa65bd2fca637651d37318c96833b5fdc71e18ce510326fd3c4d340d3a31113bef87b650609a55fb367cef86ae2fd5f06a507a2f7a1574267a7e58487f7cca4eea692dd05a89f1ec77fdf99a2a20b36ebd664d61cc924db2e50c61325fe0e9c697db9990731b0cb3fc2fbfb5691df517d78f3dfba8dfe6b6759e79c6af2bec3074eef8fc649eb0f9d68e1bb008007cf6df376c62a9552a3ebcdf3097839e2fd936c59ecdd2bc3762cca89c4456f221be17423811c0809f19a0d29bae5a84cd1fac9dab3518f43f91ca25ed7f2cd7212e968703ef3457efad19158f731ccacbce4117aeb5efb2793315b903f7be1ad1eccc83f37dab71311f86981c93c324a0416c2bf6b6c7b64f31398e91a3486c72e6ac7fb7a1965500accdd904c53243cf8cc0d261b73e843b2ff1dea95f0862afe172078f6f4b539fd3d99ff7695fb0f9a9fd534b21409d2fc3f2315012d2af72e78752999a658508d34ed23a9cbf76c65c2e11fc7e9ca274d7c523ea8ea869dff6d72e2deab84eec923ea857b40c031adc2222d008ce7aaf8d0c5691de3e783f5a30a3301e6a2cc0299031b768b855c630fcd0555e8aa5e3f6ccb7599fb361631732d8c181726772073f7836a385edd72989ab22779d320769e0adca43cceae5d1233ddfa2bd7b88b074952d360e2beabd04643fb46216521d4c8f16790566a1e80d556ccda133b9d419ccd68a5e10ab6eb9ab84fc2713606b22a085108c3cdb67a3f10dc457485cf7f7c0205fec5c87865222e461d3a27cffecb0c3bcd0adbb1ea926cb3ee42d36c9be8de25228c256a0146306f7ca9a8112fe5604efaa9284702b31dfa2db27073a2c64570a0480c41c4c448164fedcd6dc46679ba3d075748e7a46e04e81c3a0b125f93124bfb9a4ce7e8d7e8d840e4a230e2d2e05e4e2f4852d9c524b1e43a02a0c649e105a08c629c45d738aa75c19372789cbe1896cc484974a3222f1d758c9032deab9809c27fbf3cb69349d7f1a6e36fe2ea0c07b04afb8c7a7ca5684e87c0859737a6eb81a59bf1c3944406e755e3e904535368b22caf571c6e9098c540ffd7c2699183540d8aeab223f8ad996857db5112c7d7fcec2b1f2bc457dc62d013ebd4edf94595c88054f2625b997d9261ce53f4d360d8a1e0e551118b9c24f96157c24df879c7cfc3658"}]}]}, 0xef8}, 0x1, 0x0, 0x0, 0x4004}, 0x20048854)

03:33:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='.\x00\x00\x00', @ANYRES16, @ANYBLOB="01"], 0x3c}}, 0x0)

03:33:28 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000000)={'ip_vti0\x00', 0x0, 0x0, 0x7800, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @multicast1}}}})

03:33:28 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)

03:33:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)

03:33:28 executing program 4:
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2)
r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x300, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0)

03:33:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}}, 0x0)

03:33:28 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)

03:33:28 executing program 3:
r0 = openat$ptp0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000080))

03:33:28 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_timeval(r0, 0x1, 0x15, 0x0, &(0x7f0000000140))

[  483.202562][ T6665]     140548063100928-140548071489535: ffff888022f0e620
03:33:28 executing program 4:
openat$ptp0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f00000002c0))

03:33:28 executing program 2:
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)="28614548aaa5cba3e85aa008dca8454ec44f7b598c3a6e317069f70ec5d81d6ba643cd9e0bf95bd8b294618c6c3b709568386dd61a685d1634544c34bfcf774aec822f038ce2fec77234d502893fc58266d482b0cc36de784a29d9de74825f32a6e47a2d85951e4ed26d011676a84976f7413ca48980e9086061b6864a0df9e508333cbd26de5b171ba7fae1f05c7d273a2d")

[  483.261294][ T6665]     140548071489536-140548073586687: ffff888022f0e700
03:33:28 executing program 3:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})

03:33:28 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)

03:33:28 executing program 5:
r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2)
r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r0)
fanotify_init(0x2, 0x0)

[  483.323840][ T6665]     140548073586688-140548075683839: ffff888022f0e7e0
03:33:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000e40)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}}, 0xa0)

03:33:28 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_int(r0, 0x0, 0x0, 0x0, &(0x7f0000000040))

[  483.387081][ T6665]     140548075683840-140548077780991: ffff888022f0e8c0
03:33:28 executing program 3:
r0 = openat$cuse(0xffffff9c, &(0x7f00000046c0), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000004700)=ANY=[@ANYBLOB="2e00000004"], 0x2e)

03:33:28 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r1, 0x1}, 0x14}}, 0x0)

[  483.476063][ T6665]     140548077780992-140548079878143: ffff888022f0e9a0
03:33:28 executing program 0:
process_vm_writev(0x0, &(0x7f0000000740)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0, 0x0, 0x0)

03:33:28 executing program 2:
keyctl$search(0xa, 0x0, &(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0)

03:33:28 executing program 1:
pipe(&(0x7f0000000900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_pressure(r1, &(0x7f00000000c0)={'full'}, 0x2f)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080))

[  483.516320][ T6665]     140548079878144-140548084072447: ffff888022f0ea80
03:33:28 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @rand_addr, {[@noop]}}}}})

03:33:28 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_int(r0, 0x0, 0xf, 0x0, &(0x7f0000000040))

03:33:28 executing program 5:
r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2)
r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r0)
fanotify_init(0x2, 0x0)

[  483.612334][ T6665]     140548084072448-140548084219903: ffff888022f0eb60
03:33:29 executing program 0:
setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, 0x0, 0x0)

03:33:29 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$BLKGETSIZE64(r0, 0x80041272, 0x0)

03:33:29 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)

03:33:29 executing program 2:
r0 = socket(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x24000004, &(0x7f0000000000)={0xa, 0x4e32, 0x0, @ipv4}, 0x1c)

03:33:29 executing program 4:
r0 = socket(0xa, 0x3, 0x7)
getsockopt$inet6_int(r0, 0x29, 0x7, 0x0, &(0x7f00000000c0))

03:33:29 executing program 2:
r0 = socket(0xa, 0x2, 0x0)
connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, @fixed}, 0xa)

03:33:29 executing program 3:
r0 = socket(0xa, 0x3, 0xb)
setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000040)=@routing, 0x8)
setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0)

[  483.731471][ T6665]     140548084219904-140548084948991: ffff888022f0ec40
[  483.765689][ T6665]     140548084948992-140548085284863: ffff888022f0ed20
03:33:29 executing program 4:
r0 = socket(0xa, 0x3, 0x7)
setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000340)=@dstopts, 0x8)

03:33:29 executing program 1:
r0 = socket(0xa, 0x3, 0xb)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x12, 0x0, 0x0)

03:33:29 executing program 0:
prctl$PR_GET_PDEATHSIG(0x39, &(0x7f00000000c0))

[  483.809627][ T8393] udevd[8393]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory