last executing test programs:

1m13.548254423s ago: executing program 4 (id=158):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x1, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000040), 0x20000000}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000340)={r0, &(0x7f0000000180), 0x0}, 0x20)

1m13.257655892s ago: executing program 4 (id=161):
sched_setscheduler(0x0, 0x5, &(0x7f0000000100))
ioprio_set$pid(0x1, 0x0, 0x0)
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r0, r0, 0x0, 0x548)

1m13.17454374s ago: executing program 4 (id=163):
r0 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)

1m13.123078841s ago: executing program 4 (id=164):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00'})
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x200002, &(0x7f0000000340)={[{@noblock_validity}, {@dioread_nolock}, {@noinit_itable}, {@orlov}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20, &(0x7f0000000140)='usrjquota=')

1m12.625275305s ago: executing program 4 (id=171):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001240)=@newqdisc={0x470, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x444, 0x2, [@TCA_TBF_PBURST={0x8}, @TCA_TBF_PRATE64={0xc, 0x5, 0xfb869011a93f6bb6}, @TCA_TBF_RTAB={0x404, 0x2, [0xfffffff7]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x6500, 0xd9f}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x2}}}]}}]}, 0x470}}, 0x0)

1m11.709555869s ago: executing program 4 (id=180):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1080c, &(0x7f0000000180)=ANY=[], 0x3, 0xa53, &(0x7f0000000bc0)="$eJzs3U2MW0cdAPBn73rzWeKUhIa0tAmFtgK62+yG8BFBUzUXoqbiVqniEqVpiUgDIpWgVQ5JTtxoFYUb4kOceqkAIdELinriUolG4tJT4cCBKEiROEBLYhTvjNf+x+6zk9196/XvJ43H783YM8/7/PZ53puZAphY9fZjo/146e2Lh//5yD823Xr+ZCdHs/043bV0K3ctLU+H9/tgajG+cf3s8X5xrZhvP+bl4tlrndduKYriXLGnuFw0i92Xrrzx7vwzR88fubD3vTcPXl2JbQcAgEnz7csH9+/821/u3/7hWw8eKjZ01ufz82Za3prO+w+lE/98/l8vepdrXaHbTMg3nUI95Jvqk6+7nEbOt7H3dbH8mfC+jQH5NpSUP9W1rt92wzjL+3GzqNVne5br9dnZxd/kRft3/Uxt9vTJUy+eqaiiwLL790NFUewRhEkLrW2dL0HldakudH0KAJWK1wtvcy62LNydzrtND1f+tafq/V8Py2C193/lx/fvrcdql1+2/b8574jD8hl+b9q4ovVYbnm78vdoa1qO1xHi/UujHn/y+02F92sMWc9B1xHG5frCoHpOrXI97tSg+sf9Yr36Rorz5/DNkN79/Yl/03H5GwP9/WfNtf9vWqpc5XUZKWwc03oLExxa1Rx2gDEQ75trJTk93tcX0zeUpG8sSd9Ukr65JH1LSTpMst+/8tPi9drS7/z4m/7G9bPtL8uw7WG5ne2eFH9ixPrE9shR2+Pifb+jutvy4/3EsJb98dhzJ776wvNXFu//r3X2/5tpf9+Tlpvpu3U5ZcjthbFdvXPvf7O3nPqAfPeG+tzTJ3/7+Y7efLUdS+9TdB1nbqvHrt7XbRuU74HefM2Qb1MK8SpIPD/ZHF6Xzz/ycTV/XtNhexthO2ZCPfJxZXuKx+tqDGtV3h8H3f+f989dRaP24slTJ55Iy3k//fNUY8Ot9ftWud7A3Ru2/8+uorf/z9bO+ka9+7iwbWl9rfu40Azr5wesX0jL+f/cd6c2tdfPHv/+qReWe+Nhwp159bXvHTt16sQPPfHEE086T6o+MgErbe6Vl38wd+bV1x4/+fKxl068dOL0woEDC/PzB762sH+ufV4/1312D6wnS//0q64JAAAAAAAAAAAAMKwfHTl85a/vfOX9xf7/S/3/cv//fOdv7v//k9D/P/aTz/3gcz/A7X3S23nCAKszIV8jhU+G+u4I5ewMr/tUijvz+KX+/7m4OK5rrs99YX0cvzfnC8MJ3DZeykwYgyTOF/jZFF9I8a8LqFDt5/1Xp7hsfOu8r+fxKYxLMZ7y3y2PZ5LHMcn9vweN65SP/9tXoY4sv9XoTlj1NgL9/WvNjf+93kPXL4bK6yKstXCj1WqtZnmtllk8gLWh6vk/c7tnjk//6Vsbb4Wc7dpTvcfLOH4p3I2q57+srPzcsDip2z9k+cs9/2dn/ruhj39hxrzmnZX7319cfb+r2GL3sOXH7c/jQO8YrfwPU/l5ax4thiu/9atQfrwgNKSPQvmbhyw/bv/FUQtOBf4vlZ8/tsceHrb8xTeo1XvrEduN8/W/2G6c3Qjbn8f2HPnvf4cTNd5M5cMkG5d5Zkc1LvP/DhLvw/hyWs4HwnyfQ5zvZNT65/sr8v+BneH9ayX/38z/O96+nuKy70Oe/zfvj80+y/Wu5Uafz3a9HmtgXH3g+p8w5qF9RrMG6jGOodVqrWyDVolKC6fyz7/q3wlVl1/1518mzv8bz+Hj/L8xPc7/G9Pj/L8xvd2u+NHSpL0xPc7/Gz/POP9vTL8vlBvnB95Vkv7pkvTdJen3l6Q/UJL+mZL0vSXpD5akP1SSfm9J+sMl6Z8rSf98SfojJemPfXz6wo9LXr/e5f4ok7r9MMli/zzff5gc+frPoO//jpJ0YHz97K19Tz//u+80F/v/z3TaQ/J1vENpuZF+O8ffS7H9ZCqlvZOW/x7S13p7B0ySOH5G/P/+aEk6ML7yfV6+3zCBav1H7Bl23KpB5/mMly+k+Isp/lKKH0/xbIrnUrwvxfOrVD9WxtO//cPB12tLv/e3hfRh7yeP/YHiOFELQ9Yntg+Mej97HMdvVHdb/h12BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKhMvf24f/+uWlFcevvi4eeOnpy7tebJTo5m+3G6a6nReV1RPJHiqRT/Mj25cf3s8e74ZoprxXxRK2qd9cWz1zolbSmK4lyxp7hcNIvdl6688e78M0fPH7mw9703D15duU8AAAAA1r//BwAA///3txjh")
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40106e80, 0x0)

1m11.490192349s ago: executing program 32 (id=180):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1080c, &(0x7f0000000180)=ANY=[], 0x3, 0xa53, &(0x7f0000000bc0)="$eJzs3U2MW0cdAPBn73rzWeKUhIa0tAmFtgK62+yG8BFBUzUXoqbiVqniEqVpiUgDIpWgVQ5JTtxoFYUb4kOceqkAIdELinriUolG4tJT4cCBKEiROEBLYhTvjNf+x+6zk9196/XvJ43H783YM8/7/PZ53puZAphY9fZjo/146e2Lh//5yD823Xr+ZCdHs/043bV0K3ctLU+H9/tgajG+cf3s8X5xrZhvP+bl4tlrndduKYriXLGnuFw0i92Xrrzx7vwzR88fubD3vTcPXl2JbQcAgEnz7csH9+/821/u3/7hWw8eKjZ01ufz82Za3prO+w+lE/98/l8vepdrXaHbTMg3nUI95Jvqk6+7nEbOt7H3dbH8mfC+jQH5NpSUP9W1rt92wzjL+3GzqNVne5br9dnZxd/kRft3/Uxt9vTJUy+eqaiiwLL790NFUewRhEkLrW2dL0HldakudH0KAJWK1wtvcy62LNydzrtND1f+tafq/V8Py2C193/lx/fvrcdql1+2/b8574jD8hl+b9q4ovVYbnm78vdoa1qO1xHi/UujHn/y+02F92sMWc9B1xHG5frCoHpOrXI97tSg+sf9Yr36Rorz5/DNkN79/Yl/03H5GwP9/WfNtf9vWqpc5XUZKWwc03oLExxa1Rx2gDEQ75trJTk93tcX0zeUpG8sSd9Ukr65JH1LSTpMst+/8tPi9drS7/z4m/7G9bPtL8uw7WG5ne2eFH9ixPrE9shR2+Pifb+jutvy4/3EsJb98dhzJ776wvNXFu//r3X2/5tpf9+Tlpvpu3U5ZcjthbFdvXPvf7O3nPqAfPeG+tzTJ3/7+Y7efLUdS+9TdB1nbqvHrt7XbRuU74HefM2Qb1MK8SpIPD/ZHF6Xzz/ycTV/XtNhexthO2ZCPfJxZXuKx+tqDGtV3h8H3f+f989dRaP24slTJ55Iy3k//fNUY8Ot9ftWud7A3Ru2/8+uorf/z9bO+ka9+7iwbWl9rfu40Azr5wesX0jL+f/cd6c2tdfPHv/+qReWe+Nhwp159bXvHTt16sQPPfHEE086T6o+MgErbe6Vl38wd+bV1x4/+fKxl068dOL0woEDC/PzB762sH+ufV4/1312D6wnS//0q64JAAAAAAAAAAAAMKwfHTl85a/vfOX9xf7/S/3/cv//fOdv7v//k9D/P/aTz/3gcz/A7X3S23nCAKszIV8jhU+G+u4I5ewMr/tUijvz+KX+/7m4OK5rrs99YX0cvzfnC8MJ3DZeykwYgyTOF/jZFF9I8a8LqFDt5/1Xp7hsfOu8r+fxKYxLMZ7y3y2PZ5LHMcn9vweN65SP/9tXoY4sv9XoTlj1NgL9/WvNjf+93kPXL4bK6yKstXCj1WqtZnmtllk8gLWh6vk/c7tnjk//6Vsbb4Wc7dpTvcfLOH4p3I2q57+srPzcsDip2z9k+cs9/2dn/ruhj39hxrzmnZX7319cfb+r2GL3sOXH7c/jQO8YrfwPU/l5ax4thiu/9atQfrwgNKSPQvmbhyw/bv/FUQtOBf4vlZ8/tsceHrb8xTeo1XvrEduN8/W/2G6c3Qjbn8f2HPnvf4cTNd5M5cMkG5d5Zkc1LvP/DhLvw/hyWs4HwnyfQ5zvZNT65/sr8v+BneH9ayX/38z/O96+nuKy70Oe/zfvj80+y/Wu5Uafz3a9HmtgXH3g+p8w5qF9RrMG6jGOodVqrWyDVolKC6fyz7/q3wlVl1/1518mzv8bz+Hj/L8xPc7/G9Pj/L8xvd2u+NHSpL0xPc7/Gz/POP9vTL8vlBvnB95Vkv7pkvTdJen3l6Q/UJL+mZL0vSXpD5akP1SSfm9J+sMl6Z8rSf98SfojJemPfXz6wo9LXr/e5f4ok7r9MMli/zzff5gc+frPoO//jpJ0YHz97K19Tz//u+80F/v/z3TaQ/J1vENpuZF+O8ffS7H9ZCqlvZOW/x7S13p7B0ySOH5G/P/+aEk6ML7yfV6+3zCBav1H7Bl23KpB5/mMly+k+Isp/lKKH0/xbIrnUrwvxfOrVD9WxtO//cPB12tLv/e3hfRh7yeP/YHiOFELQ9Yntg+Mej97HMdvVHdb/h12BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKhMvf24f/+uWlFcevvi4eeOnpy7tebJTo5m+3G6a6nReV1RPJHiqRT/Mj25cf3s8e74ZoprxXxRK2qd9cWz1zolbSmK4lyxp7hcNIvdl6688e78M0fPH7mw9703D15duU8AAAAA1r//BwAA///3txjh")
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40106e80, 0x0)

56.329324813s ago: executing program 3 (id=298):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)={0x74, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x4a, 0x33, @beacon={{{}, {}, @device_b}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @val, @void, @void, @void, @void, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x0, 0x0, 0x0]}]}, 0x74}}, 0x0)

56.084043215s ago: executing program 3 (id=303):
r0 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000000))
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x6)

55.449017871s ago: executing program 3 (id=313):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x10, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d00)={0x3, 0x3, &(0x7f0000000a80)=@framed={{0x18, 0x0, 0x5}}, &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[r1], 0x0, 0x10, 0x0, @void, @value}, 0x80)

55.395848783s ago: executing program 3 (id=315):
syz_mount_image$cramfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x200004c, &(0x7f0000000380)=ANY=[], 0x1, 0x163, &(0x7f0000000f00)="$eJzsz79rGmEcx/H33WnP1ooHtWCH2kKXo2LrD+xWiraVCrUHLe3SpaAnCGcNcXHJ4JAtf4KE/IBM4hAyZjAmGRIUxPwTWYRsGQK5cD+SkIyZn9d2n889z/P9fv040dFAwfO51VxYNNtts/b6p1Ep/dre2f0j+13oTv8JFRgW4FSBYQDmXb4t/bXYj0C9YZnvqi2rBswLoAPFsJennexLiCdOFpPdLIN7Hv0NjJ5D3bbMrHYva1hmDgJ0IeicjUI9iHufvX6zQzjkjir5UycH/eMf46Ny6u3WS4XlcvLVM4nVld5tnjDVx6UXm0/jCr/Ngw2KEnR6J5Cavh/0Z5Nx5btRMSa5bPaDrWTS6fzMuTdvH/ov4P6fHFy/+Ih4QuXStm3vu+/28z0pAozWzo2mrMaAs/8aTHEaxZvXaEb9RgWp06v+izuraDKKjsQFgiAIgiAIgiAIgvAgVwEAAP//KVNi2w==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x22)

55.117500967s ago: executing program 3 (id=320):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, 0x0)

54.611845869s ago: executing program 3 (id=329):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000010c0)="a7", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000180), 0x4)

54.384490413s ago: executing program 33 (id=329):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000010c0)="a7", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000180), 0x4)

44.448809348s ago: executing program 5 (id=415):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3800004, 0x3032, 0xffffffffffffffff, 0xd063c000)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}}], 0x1, 0x0, 0x0)

43.265509936s ago: executing program 5 (id=419):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000240)='./bus\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c646174615f666c7573682c66617374626f6f742c6a71666d743d76667376312c6e6f696e6c696e655f64656e7472792c7573726a71756f74613d66326673002c00ff371013587045d0d273e856ce75c2b11120ece6d6a76856a2cdd8c835ef14aa3aea583b7f3affd12ff9abc9b21098874a75607f009920ad1a283ce7b8b528e239692ab156e30dd8365f708e6c98cfcd0b30d5304dd70f87da026e2d4e4df1ad07ba72683f43d76541d455d1fa118f0900000009fe28bfded255e7c5806f05b80ec0e186b4f72759eb096a1fe6793e734fe61555f01ff9f23bc11370aa247215e8f1410ea4728bb2a2c2d20bc5e61b0a4c7ddb25da21c75f35f711581d1f5b8db3be07c80000000000000000"], 0x1, 0x54f4, &(0x7f0000005600)="$eJzs3M1rI2UYAPBn2u1+uxbx4G0HFqGFTdj0Y9Fb1V38wC7Fj4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJmZ6tYvhKaNtb8fTJ6ZN2+eed5QCs9MmADOrfn0px+SuBFXImI2Iq5H5PtJueXWivBMRNyMiJnHtqQc/23gYkRcjYgb4+RFzqR865Pbo1ur37/245dfX7pw7dMvvpneqoFpezYietvF/l6viFm7iA/L8fqok8feyqiMxRu9R+VxVsS91maeYa9+OK+ex+V2MT/b3h2MY5LUG+PY7mzl49v94oSDUfswT/6Bh/Wd/LjZ2sxjZ5DlsX1Q1LV/UPxvOxgMizzNMt/7efoYDg9jMd7abxXr2X6Ux0Z/WI4XebNma38cR2UsTxeNrNvM69g8zjf93/Z6p7+7n45aO4NO1k9Xq7XnqrW7ldpO1mwNWyuVeq95dyVdaHfH0yrDVr231s6ydrdVbWS9xXSh3WhUarV04V5rs1Pvp7Vadbl6p7K6WO7dTl9+8HbabaYL4/hip7877HQH6Va2kxafWEyXqsvPL6a3aumb6xvpxhv3769vvPXuvXcevLD+6kvlpD+VlS4s3VlaqtTuVJZqi+do/R+WRU9w/XAsybQLADh79P/ANEyj/9/qTq7/D/3/RJyp/ve89/8nsH44Fv0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC59e3cZ6/kO/PF8bVy/ImIm+Ohp8rjJCJmIuKXvzAbF4/knC3zzP3N/Lk/1PBVEnmG8TkuldvViFgrt5+fPOlvAQAAAP6/Pv/g5sdFt168zE+7IE5TcdFm5vp7E8qXRMTc/HcTyjYzfnl6Qsnyv+8LsT+hbPkFrMsTSlZccrswqWz/yuyRcPmxkBRh5lTLAQAATsXRTuB0uxAAAABO00fTLoDpSOLwVubhveD8l/e/3xC8cuQIAAAAOIOSaRcAAAAAnLi8//+H5/+F5/8BAADA2Vc8/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiVnfvJSR2K4gB8Wuh7vD9GYpy7FWewDJfg0KFhAW6CJeAW3ABrwJlLMGBoS7QGE5PetpF8X9JebkN+nBIm515SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJzsZo/3l89tM3Z7tpJczcAAADAMZtiNS9fTKv5v/r6WX3pop5nEZFHxLHefRS/GpmjOqf44v3FpxqeIsqE/Wf8ro+/EXFdH6/nXX8LAAAAcLrWi+Ws6tar03ToguhTtWiT/79JlJdFRDF9SZSW70+XicLK3/c47hKllQtYk0Rh1ZLbOFXat4waw+TDkFVD3ms5AABAL5qdQL9dCAAAAH26HboAhpHFYSvzsBdc/vP+fUPwT2MGAAAA/EDZ0AUAAAAAnSv7f8//AwAAgNNWPf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALm2K1Xy9WM7a5mx37aS5GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf15R4EQCIMw2Lu+M5n7H1YaNDU1qQLh428MBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu7nNY4qDgD4d2Z2trYqxig5RETBg17sdlNbe/WgBA/+CUJItzW69Ueagy1FyMWb5NyL6FFEUOKt/0PPLfRSbz3soYJnZWZnmmkacLV0Zpt8PvD2fWcY5n3fJIR8570EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2eW8vzoqPhWmcVudu3b+2XvS39/WFGzt3lotWxEmbST8dXm0eJEvdJQIAAMDRkdX1fUTczXdXiz5dKOv/vL6mqPl/eH4a1/X8/rq/7uvav2i//3bv5QcDLUzHKW56YWM8OvVoKr0nN8v59sK/XtErn3z57iUrvyDph9svTfLyeSbf3bz5fr8Mj7WRLQDwf5ys+yqofx8q+mGXiQFwZPQahXdd/2cL3eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IbJdjxbx0lELPf24sLt+9fWD+pv7NxZrtvZ69d3mvcsbpFHxIWN8ehUi3OZd5evXP1sbTwebbYfvBYR3Y1eBR/PcE1ElxkKHjdIq+/1ecnn6Qg6/sEEAMChk1etqOvv5rurxblkMeLvHx+u/99sxDFj/X/vk7O3mmM16/9hazOcf4OtS18OLl+5+vbGpbWLo4ujz99ZGb47PH3uzJlzg/JdycAbEwAAAB5PP4no76v/08VH1/9PNOKYsf7/6vvhN82xMvX/gfYW/brOBAAA4Gh78fW//kwOOJ/0+/H12tbW5nD6WR3H5kp5vNJBqv/Zsao16/9sseusAAAAgDZMtpOH1v/PN+KYcf3/uZ9e+aV5zywijlfr/yfXvxifb286c62NPyfueo4AAAB063jVmuv/ebn/P32w5SGNiLfemMbVvwGcqf7PPvj25+ZYzf3/p9ub4lxKl6bPo+yXInpLXWcEAADAYfZM1Ypi/498d/XTX0981Lf/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBt/wQAAP//K8ZAQg==")
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x59)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000080)={@id={0x2, 0x0, @b}})

41.818762422s ago: executing program 5 (id=428):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x480, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000002c1001c0"])

40.685655746s ago: executing program 5 (id=443):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f00000001c0)=ANY=[@ANYBLOB='iocharset=m^ciceland,discard,discard,namecase=1,errors=remount-ro,discard,discard,dmask=00000000000000000000005,iocharset=maccyrillic,fmask=00000000000000000000005,\x00'], 0x5, 0x1520, &(0x7f00000037c0)="$eJzs3AuYjtX6MPD7Xms9Y0h6m+QwrLXuhzc5LJMkOSSVQ5IkSZJTYpIm2ZKQGHJKGpKQHIbkMITkMDFpnM/nY5IkTZKE5JSs75ris9u1v/3f/9237WvP/buu53rX/a5nred+3vs9rOdx+LbL0FpNat/ViIjgX4K/PiQDQCwADASAawAgAIAKcRXisvtzS0z+1w7C/lwPp13pDNiVxPXP2bj+ORvXP2fj+udsXP+cjeufs3H9czauP2M52ebpha/lLedufP8/J+Pf//8iWWXHfrm27PVd/4khXP+cjev/Xyv4n+zE9c/ZuP45G9c/Z+P65wS5/m4P1z9n4/ozlpNd6fvPf7PFwJXP4Zct139ADv+O7Uq//xhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qxn/GUKAC61r3RejDHGGGOMMcYY+/P4XFc6A8YYY4wxxhhjjP3/hyBAgoIAYiAXxEJuyAMCAK6GfHANROBaiIPrID9cDwWgIBSCwhAPRaAoaDBggSCEYlAconADlIAboSSUgtJQBhyUhQS4CcrBzVAeboEKcCtUhNugElSGKlAVbodqcAdUhzvhLrgbakBNqAW14R6oA/dCXbgP6sH9UB8egAbwIDSEh6ARPAyN4RFoAo9CU3gMmkFzaAEtodX/avyL0ANegp7QC5KhN/SBl6Ev9IP+MAAGwiswCF6FwfAapMAQGAqvwzB4A4bDmzACRsIoeAtGw9swBsbCOBgPqTABJsI7MAnehckwBabCNEiD6TAD3oOZMAtmw/swBz6AuTAP5sMCSIcPYSEsggz4CBbDx5AJS2ApLIPlsAJWwipYDWtgLayD9bABNsIm2AxbYCtsg+2wA3bCLtgNn8Ae+BT2wmewDz7/J8ef/pvxXREQUKBAhQpjMAZjMRbzYB7Mi3kxH+bDCEYwDuMwP+bHAlgAC2EhjMd4LIpF0aBBQsJiWAyjGMUSWAJLYkksjaXRocMETMByeDOWx/JYAStgRayIlbAyVsaqWBWrYTWsjtXxLrwLa2ANrIW18B68B3tjXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yDiZiI7bAdtsf2mIRJ2AE7YEfsiJ2wE3bGztgFu2BX7Ibd8MVcgC/hS9gLa4je2Af7YF9MydUfB+AAfAUH4av4Kr6GKTgEh+Lr+Dq+gcPxFI7AkTgKR2E18TaOwbFIYjymYipOxIk4CSfhZJyCU3AapuF0nIEzcCbOwln4Ps7BD/ADnIfzcAGmYzouxEWYgRm4GE9jJi7BpbgMl+MKXI6rcDWuwrW4DtfiBtyAm3ATbsEtuA234Q7cgbtQAeAn+Cl+iim4D/fhftyPB/AAHsSDmIVZeAgP4WE8jEfwCB7Fo3gMj+MJPI4n8SSewtN4Bs/gOTyH5/H5+K8b7yq1JgVENiWUiBExIlbEijwij8gr8op8Ip+IiIiIE3Eiv8gvCogCopAoJOJFvCgqigojjCARxgCAiIqoKCFKiJKipCgtSgsnnEgQCaKcKCfKi/KigrhVVBS3iUqismjrqoqqoppIdNXFneIucZeoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqIB0VD0Rv748MiuzJNxBBsKoZiM9FcyIvfYK3FcGwj2opE8aQYiSOwvWjtksQzooMYgx3FX8RYfE50FuOxi3hBdBXdRHfxough2rieopeYjL1FHzEN+4p+or8YIGZiTfE+zsldS7wmUsQQMVS8LhbgG2K4eFOMECPFKPGWGC3eFmPEWDFOjBepYoKYKN4Rk8S7YrKYIqaKaSJNTBczxHtippglZov3xRzxgZgr5on5YoFIFx+KhWKRyBAficXiY5EploilYplYLlaIlWKVWC3WiLVinVgvNoiNYpPYLLaIrWKb2C52iJ1il9gtPhF7xKdir/hM7BOfi/3iC3FAfCkOiq9ElvhaHBLfiMPiW3FEfCeOiu/FMXFcnBA/iJPiR3FKnBZnxFlxTvwkzoufxQXhBUiUQkqpZCBjZC4ZK3PLPPIqmVcGF1/da2WcvE7ml9fLArKgLCQLy3hZRBaVWhppJclQFpPFZVTeIEvIG2VJWUqWlmWkk2VlgrxJlpM3y/LyFllB3ioryttkJVlZVpFV5e2ymrxDQuTXY9SQNWUtWVveI+vIe2VdeZ+sJ++X9eUDsoF8UDaUD8lG8mHZWD4im8hHZVP5mGwmm8sWsqVsJR+XreUTso1sKxPlk7KdfEq2l0/LJPmM7CD9xbfIc7KzfF52kS/IrrKb7C5/lheklz1lLwnQW/aRL8u+sp/sLwfIgfIVOUi+KgfL12SKHCKHytflMPmGHC7flCPkSDlKviVHy7flGDlWjpPjZaqcICfKd+Qk+a6cLKfIqXKaTJPTZf+LM82W8h+Of+cPxg/+5eib5Ga5RW6V2+R2uUPulLvkbrlb7pF75F65V+6T++R+uV8ekAfkQXlQZskseUgekoflYXlEHpFH5VF5TB6XZ+UP8qT8UZ6Sp+VpeVaek+fk+YuvAShUQkmlVKBiVC4Vq3KrPOoqlVddrfKpa1REXavi1HUqv7peFVAFVSFVWMWrIqqo0sooq0iFqpgqrqLqBrz4hlGlVRnlVFmVoG76Z8arEupGVVKV+s34S/kl/538WqlWqrVqrdqoNipRJap2qp1qr9qrJJWkOqgOqqPqqDqpTqqz6qy6qC6qq+qquqvuqofqoXqqnipZJas+6mXVV/VT/dUANVC9ogapQWqwGqxSVIoaqoaqYWqYGq6GqxFqhBqlRqnRarQao8aocWqcSlWpaqKaqCapSWqymqymqqkqTaWpGWqGmqlmqtlqtpqj5qi5aq6ar+ardJWuFqqFKkNlqMVqscpUS9QStUwtUyvUCrVKrVJr1Bq1Tq1TG9QGlak2q81qq9qqtqvtaqfaqXar3WqP2qP2qr1qn9qn9qv96oA6oA6qgypLZalD6pA6rA6rI+qIOqqOqmPqmDqhTqiT6qQ6pU6pM+qMOqfOqfPqvLqgLmQv+wIRiEAFKogJYoLYIDbIE+QJ8gZ5g3xBviASRIK4IC7IH1wfFAgKBoWCwkF8UCQoGujABDYQF4seDW4ISgQ3BiWDUkHpoEzggrJBQnBTUC64OSgf3BJUCG4NKga3BZWCykGVoGpwe1AtuCOoHtwZ3BXcHdQIaga1gtrBPUGd4N6gbnBfUC+4P6gfPBA0CB4MGgYPBY2Ch4PGwSNBk+DRoGnwWNAsaB60CFoGrf7U+b0/VfAJ11P30sm6t+6jX9Z9dT/dXw/QA/UrepB+VQ/Wr+kUPUQP1a/rYfoNPVy/qUfokXqUfkuP1m/rMXqsHqfH61Q9QU/U7+hJ+l09WU/RU/U0naan6xn6PT1Tz9Kz9ft6jv5Az9Xz9Hy9QKfrD/VCvUhn6I/0Yv2xztRL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0Tr1L79af6D36U71Xf6b36c/1fv2FPqC/1Af1VzpLf60P6W/0Yf2tPqK/00f19/qYPq5P6B/0Sf2jPqVP6zP6rD6nf9Ln9c/6gvbZi/vsn3ejjDIxJsbEmliTx+QxeU1ek8/kMxETMXEmzuQ3+U0BU8AUMoVMvIk3RU1Rk40MmWKmmImaqClhSpiSpqQpbUobZ5xJMAmmnClnypvypoKpYCqaiqaSqWSqmCrmdnO7ucPcYe40d5q7zd2mpqlpapvapo6pY+qauqaeqWfqm/qmgWlgGpqGppFpZBqbxqaJaWKamqammWlmWpgWppVpZVqb1qaNaWMSTaJpZ9qZ9qa9STJJpoPpYDqajqaT6WQ6m86mi+liupquprvpbnqYHqan6WmSTbLpY/qYvqav6W/6m4FmoBlkBpnBZrBJMSlmqBlqhplhZrgZbkaYkWZU9kLVvG3GmLFmnBlvUk2qmWgmmklmkplsJpupZqpJM2lmhplhZpqZZraZbeaYOWaumWvmm/km3aSbhWahyTAZZrFZbDJNpllqlprlZrlZaVaa1Wa1WWvWmvWw3mw0G81ms9lsNVvNdrPd7DQ7zW6z2+wxe8xes9fsM/vMfrPfHDAHzEFz0GSZLHPIHDKHzWFzxBwxR81Rc8wcMyfMCXPSnDSnzClzxpwx50zBi7+X3sTa3DaPvcrmtVfbfPYa+7dxIVvYxtsitqjVtoAt+JvYWGtL2lK2tC1jnS1rE+xNv4sr2cq2iq1qb7fV7B22+u/iOvZeW9feZ+vZ+21te89v4vr2AdvAPmobIgLY5raxbWmb2EdtU/uYbWab2xa2pW1nn7Lt7dM2yT5jO9hnfxcvtIvsarvGrrXr7B77qT1jz9rD9lt7zv5ke9pedqB9xQ6yr9rB9jWbYof8Lh5l37Kj7dt2jB1rx9nxv4un2mk2zU63M+x7dqad9bs43X5o59gMO9fOs/Ptgl/i7Jwy7Ed2sf3YZtoldqldZpfbFXalXfV/c11mN9iNdpPdbT+xW+02u93usDvtrl/i7PPYaz+z++zn9pD9xh6wX9qD9ojNsl//Emef3xH7nT1qv7fH7HF7wv5gT9of7Sl7+pfzzz73H+zP9oL1FggJSJKigGIoF8VSbspDV1Feupry0TUUoWspjq6j/HQ9FaCCVIgKUzwVoaKkyZAlopCKUXGK0g10aZ1emsqQo7KUQDdRObqZytMtVIFupYp0G1WiylSFqtLtVI3uoOp0J91Fd1MNqkm1qDbdQ3XoXqpL91E9up/q0wPUgB6khvQQNaKHqTE9Qk3oUWpKj1Ezak4tqCW1osepNT1BbagtJdKT1I6eovb0NCXRM9SBnqWO9BfqRM9RZ3qeutAL1JW6UXd6kXrQS9STelEy9aY+9DL1pX7UnwbQQHqFBtGrNJheoxQaQkPpdRpGb9BwepNG0EgaRW/RaHqbxtBYGkfjKZUm0ER6hybRuzSZptBUmkZpNJ1m0Hs0k2bRbHqf5tAHNJfm0XxaQOn0IS2kRZRBH9Fi+pgyaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtBO2kW76RPaQ5/SXvqM9tHntJ++oAP0JR2kryiLvqZD9A0dpm/pCH3ne9H3dIyO0wn6gU7Sj3SKTtMZOkvn6Cc6Tz/TBfIEIYYilKEKgzAmzBXGhrnDPOFVYd7w6jBfeE0YCa8N48Lrwvzh9WGBsGBYKCwcxodFwqKhDk1oQwrDsFhYPIyGN4QlwhvDkmGpsHRYJnRh2TAhvCksF94clg9vCSuEt4YVw9vCSmHl8NH7q4a3h9XCO8Lq4Z1hYnh3WCOsGdYKa4f3hHXCe8O64X1hvfD+sHz4QNggfDBsGD4UNgofDhuHj4RNwkfDpuFjYbOwedgibBm2Ch8PW4dPhG3CtmFi+GTYLnwqbB8+HSaFz4Qdwmd/6X9g0S/9CH/Qnxz2DvuEL4cvh97fJ+dHF0TTox9GF0YXRTOiH0UXRz+OZkaXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0W9r50LHDrhpFMucDEul4t1uV0ed5XL6652+dw1LuKudXHuOpffXe8KuIKukCvs4l0RV9RpZ5x15EJXzBV3UXeDK+FudCVdKVfalXHOlXUJrqVr5Vq51u4J18a1dYnuSfeke8o95Z52T7tnXAf3rOvo/uI6uedcZ/e8e9694Lq6bq67e9H1cBPy/fqZTHZ9XB/X1/V1/V1/N9ANdIPcIDfYDXYpLsUNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOpbpUN9FNdJPcJDfZTXZT3VSX5tLcDDfDzXQzXbVZvx5lrpvr5rv5Lt2lu4Uue82Y4Ra7xS7TZbqlbqlb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+62u51up9vtdrs9/ppfJ3X73H633x1wB9xB95XLcl+7Q+4bd9h9646479xR97075o67E+4Hd9L96E650+6MO+vOuZ/cefezu+C8S41MiEyMvBOZFHk3MjkyJTI1Mi2SFpkemRF5LzIzMisyO/J+ZE7kg8jcyLzI/MiCSHrkw8jCyKJIRuSjyOLIx5HMyJLI0siyyPLIioj3RbaGvpgv7qP+Bl/C3+hL+lK+tC/jnS/rE/xNvpy/2Zf3t/gK/lZf0d/mK/nKvop/zDfzzX0L39K38o/71v4J38a39Yn+Sd/OP+Xb+6d9kn/Gd/DP+o7+L76Tf8539s/7Lv4F39V38939i76Hf8n39L18su/t+/iXfV/fz/f3A/xA/4of5F/1g/1rPsUP8UP9636Yf8MP92/6EX6kHxXzlh996RIZxvtUP8FP9O/4Sf5dP9lP8VP9NJ/mp/sZ/j0/08/ys/37fo7/wM/18/x8v8Cn+w/9Qr/IZ/iP/GL/sc/0Sy7dVPYr/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wO/0uv9t/4vf4T/1e/5nf5z/3+/0X/oD/0h/0X/ks/7U/5L/xh/23/oj/zh/13/tj/rg/4X/wJ/2P/pQ/7c/4s/6c/8mf9z/7C/xv1hhjjDHG/kcmXG6KP+rv/QfPib/auQ8AXL2tcNZf92evKNcX+LXdT8S3iwDAM726PHxpq1EjOTn54r6ZEoLi8wAu/UlQthi4HC+BRHgKkqAtlPvD/PuJbufoH8wfvRUgz1+NiYXL8eX5v/g78z/+5KiFFcMzcf+P+ecBlCx+eUxuuBwvgUSV/dgWyv+d+Qu2/gf55/4yFaDNX43JC5fjy/knwBPwLCT9Zk/GGGOMMcYYY+xX/USVTpeuPy/9jc8/uj6PV5fH5ILL8T+6PmeMMcYYY4wxxtiV91y37k8/npTUttM/36j+vxrFjf/UhvcAl55RAPAvTgjwbz+LLf+WY6Vc/Oj8bdfysz6A/4xS/hmNK/zFxBhjjDHGGPvTXV70//Z5daUSYowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGcqB/x38ndqXPkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/k8AAAD//4NSDCw=")
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))

40.320010978s ago: executing program 5 (id=447):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140))
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)=0x11)

40.01747132s ago: executing program 5 (id=454):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=@setlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x7f}]}}}]}, 0x3c}}, 0x0)

39.713902386s ago: executing program 34 (id=454):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=@setlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x7f}]}}}]}, 0x3c}}, 0x0)

12.823778143s ago: executing program 0 (id=753):
socket$nl_generic(0x10, 0x3, 0x10)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x80000000, 0xffffffffffffffff)

12.36343573s ago: executing program 0 (id=761):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r2, 0x3ba0, &(0x7f0000006500)={0x48, 0x9, 0x0, 0x0, 0xc2d})

12.008755744s ago: executing program 0 (id=764):
open(&(0x7f0000000a40)='./bus\x00', 0x141a42, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000340)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0)
sync_file_range(r0, 0x10, 0xff, 0x1)

11.937420336s ago: executing program 0 (id=765):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="00af268263b121dc03d7d9b98b9cdb76841d31005b31fdfd141b652968fbeae7aac982a517703dc5950f6728aecf5ec337b119ffd66d0a02970718ba573db352906385cece74366e628b6a775c9a6f6fff046416c6240e39a647186c4cf0b360bd17d4cdbd912dc61fd24e6f17d8"], 0x1, 0x152, &(0x7f00000007c0)="$eJzs0E1LKnEUx/Hf3Bnlcq/eBzKwFia0aEjMacRatdBIEtKBwk0rwSYKFCOhXBrRrkXQ1oXlVnwLlrWxRgh7E23cBS0n/o7Rw67977MZ5nsOh2FWlnoqgoAMx3KpuLdvlsvmVnDdSCc3ntrtuOhuAD8/zZ39qziwI54KMDgCRL7xAtu7BXMuXyqI90EcUAEkfjtdg7P7SzSf0+YhSaKp00Bn3Gn6aO9ji47apAIk/r7fsy+AGXHv/9s94BlApRZquZCxbNu2xfeepEJTY5LTm3cZq5sKzwbMUz050fD4ZWTN20skhvPHSDf8EGk1+z0rvWakjV5U1xeimqJpsb5xb6Vi1TMoq54DYPPLPTf8ASULHEvA+XA2uJa8ADr1F6P4Z7E++tfVQzkISJVaPud3NXK+fz8gq5BARERERERERERERERERET0Xa8BAAD//wFeZcY=")
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)

11.766764162s ago: executing program 0 (id=767):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x81, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==")
truncate(&(0x7f0000000140)='./file2\x00', 0x5c00)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
sendfile(r0, r0, 0x0, 0x7a680000)

11.221547009s ago: executing program 0 (id=773):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0xfffc, @empty}], 0x10)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000080)="8c", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000500), 0x4)

11.061589587s ago: executing program 35 (id=773):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0xfffc, @empty}], 0x10)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000080)="8c", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000500), 0x4)

3.036462432s ago: executing program 1 (id=825):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000300)={0x0, &(0x7f0000000240)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000100)={0x0, 0x0, 0x0, r2, 0xcccccccc})

2.911922741s ago: executing program 6 (id=827):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[@assoc={0x18, 0x117, 0x2}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0)

2.702393801s ago: executing program 6 (id=830):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000000), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf0})
fstat(r0, &(0x7f0000000340))

2.14398358s ago: executing program 1 (id=834):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000080)={@my=0x0, 0x1})

2.065578837s ago: executing program 7 (id=835):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

1.912949284s ago: executing program 1 (id=836):
r0 = socket$inet(0x2, 0x80001, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)

1.91258738s ago: executing program 2 (id=837):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x7, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000300000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.751304448s ago: executing program 1 (id=838):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000000180), &(0x7f0000000100)=r0}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000300), 0x0}, 0x20)

1.593962345s ago: executing program 1 (id=839):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008002, &(0x7f0000000bc0)={[{@grpquota}, {@delalloc}, {@resuid}, {@errors_remount}, {@dioread_nolock}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x9}}, {@nomblk_io_submit}, {@data_err_abort}, {@max_dir_size_kb}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
lchown(&(0x7f0000000180)='./file1\x00', 0x0, 0xee01)
rmdir(&(0x7f0000000080)='./file0\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x118823, 0x0)

1.580236589s ago: executing program 2 (id=840):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0xfed8)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10012, r0, 0x0)
truncate(&(0x7f0000000280)='./file1\x00', 0x3f00)

1.451366853s ago: executing program 8 (id=774):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000100), 0x8)
listen(r0, 0x0)
ioctl$sock_TIOCOUTQ(r0, 0x5411, 0x0)

1.364485138s ago: executing program 2 (id=841):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000e40)={{r0}, &(0x7f0000000dc0), &(0x7f0000000e00)=r1}, 0x20)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1}, 0x57)

1.273543088s ago: executing program 2 (id=842):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0xe89c05})

1.255266521s ago: executing program 8 (id=843):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x17, 0x0, 0x1f5c, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000140)={r0, 0x0, 0x0}, 0x20)

1.154908902s ago: executing program 2 (id=844):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000380)={[{@acl}, {@heartbeat_none}, {@err_ro}, {@coherency_full}, {@coherency_full}, {@localflocks}, {@intr}, {@noacl}]}, 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x24)
write$FUSE_DIRENTPLUS(r0, &(0x7f00000025c0)=ANY=[], 0x10)
fallocate(r0, 0x0, 0x0, 0x4)

1.092262503s ago: executing program 8 (id=845):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
sendmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=ANY=[], 0x2008}, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)

1.080930849s ago: executing program 1 (id=846):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000aa877e10702750909711000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000980)={0x44, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

924.200172ms ago: executing program 6 (id=847):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000fff000/0x1000)=nil)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
brk(0x1000000019)

882.536007ms ago: executing program 8 (id=848):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@cred={{0x1c}}], 0x20}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x23, &(0x7f0000000000), 0x4)
sendmsg$unix(r1, &(0x7f0000000480)={0xfffffffffffffffd, 0x0, 0x0}, 0x0)

882.082955ms ago: executing program 7 (id=849):
r0 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresgid(0x0, 0x0, r1)
setregid(0x0, r1)

753.827603ms ago: executing program 7 (id=850):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000e80)={{r0}, &(0x7f0000000e00), &(0x7f0000000e40)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

685.321592ms ago: executing program 8 (id=851):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
modify_ldt$read(0x0, 0x0, 0x0)

641.950137ms ago: executing program 7 (id=852):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x40002, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0})

516.58332ms ago: executing program 7 (id=853):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f0000000140)={&(0x7f0000000080)={0xa, 0x4e26, 0x80000, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="180000000000000029000000040000000000e5ffffffffff170000000000000029"], 0x30}, 0x0)

303.925561ms ago: executing program 7 (id=854):
r0 = socket$kcm(0xa, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
sendmsg$inet(r0, &(0x7f0000000f00)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000100)='f', 0x1}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="20000000000000008400000008"], 0x20}, 0x0)
sendmsg$inet(r0, &(0x7f0000000f00)={&(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000040)='&', 0x1}], 0x1, &(0x7f0000000000)=ANY=[], 0x20}, 0x0)

219.555852ms ago: executing program 6 (id=855):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)='\x00', 0x1}], 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0)
sendmmsg$unix(r0, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000100)='+', 0x1}], 0x1, &(0x7f0000000880)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}}], 0x1, 0x0)

119.958984ms ago: executing program 6 (id=856):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001c000500000000000000000007000000", @ANYRES32=r1, @ANYBLOB="4101000006000500010000000a0002000002"], 0x30}}, 0x0)

39.404022ms ago: executing program 6 (id=857):
r0 = socket(0x10, 0x3, 0x0)
setitimer(0x1, &(0x7f0000000580)={{0x77359400}, {0x0, 0xea60}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001200010a001800000000000080"], 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)

0s ago: executing program 2 (id=858):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x10b, 0x2)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
pread64(r0, &(0x7f0000000180)=""/81, 0x51, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285629, &(0x7f0000000080)={0x3, @pix={0x0, 0x7f, 0x3231564e, 0x0, 0x3b3bf995, 0x8, 0x5, 0x5, 0x0, 0x2, 0x1, 0x3}})

kernel console output (not intermixed with test programs):

p4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[   90.146014][ T6139] loop0: detected capacity change from 0 to 2048
[   90.217064][ T6139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.229693][ T6139] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   90.290950][ T6147] loop1: detected capacity change from 0 to 256
[   90.330492][ T6139] fs-verity (loop0, inode 13): Unknown hash algorithm number: 0
[   90.387082][ T6147] FAT-fs (loop1): Directory bread(block 64) failed
[   90.421302][ T6147] FAT-fs (loop1): Directory bread(block 65) failed
[   90.435171][ T6147] FAT-fs (loop1): Directory bread(block 66) failed
[   90.441950][ T6147] FAT-fs (loop1): Directory bread(block 67) failed
[   90.449023][ T6147] FAT-fs (loop1): Directory bread(block 68) failed
[   90.464397][ T6147] FAT-fs (loop1): Directory bread(block 69) failed
[   90.474569][ T6147] FAT-fs (loop1): Directory bread(block 70) failed
[   90.484165][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.491871][ T6147] FAT-fs (loop1): Directory bread(block 71) failed
[   90.505200][ T6147] FAT-fs (loop1): Directory bread(block 72) failed
[   90.522013][ T6147] FAT-fs (loop1): Directory bread(block 73) failed
[   90.788415][ T6154] loop2: detected capacity change from 0 to 1024
[   91.232783][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout
[   91.469069][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[   91.483923][ T6152] loop0: detected capacity change from 0 to 32768
[   91.510983][ T6152] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.90 (6152)
[   91.533088][ T6169] block nbd4: shutting down sockets
[   91.546768][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[   91.630553][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[   91.644659][ T6172] loop3: detected capacity change from 0 to 512
[   91.705040][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[   91.825525][ T6152] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[   91.839774][ T6152] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   91.859341][ T6172] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.88: corrupted in-inode xattr: invalid ea_ino
[   91.932236][ T6172] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.88: couldn't read orphan inode 15 (err -117)
[   91.938456][ T6160] loop2: detected capacity change from 0 to 32768
[   91.946608][ T6152] BTRFS info (device loop0): disk space caching is enabled
[   92.020090][ T6152] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   92.055986][ T6172] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.090623][ T6160] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   92.150683][ T6187] loop1: detected capacity change from 0 to 512
[   92.177040][ T6187] EXT4-fs: Ignoring removed i_version option
[   92.194790][ T6187] EXT4-fs: Ignoring removed mblk_io_submit option
[   92.242284][ T6187] EXT4-fs: Ignoring removed orlov option
[   92.242999][ T6197] capability: warning: `syz.4.94' uses 32-bit capabilities (legacy support in use)
[   92.266529][ T5858] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.279050][ T6187] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   92.293505][ T6187] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   92.371884][ T6152] BTRFS info (device loop0): rebuilding free space tree
[   92.437445][ T6152] BTRFS info (device loop0): disabling free space tree
[   92.464612][ T6187] EXT4-fs (loop1): 1 orphan inode deleted
[   92.485071][ T6152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   92.495006][ T6187] EXT4-fs (loop1): 1 truncate cleaned up
[   92.496048][ T6187] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.505871][ T6152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   92.568627][ T6219] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[   92.677722][ T6160] XFS (loop2): Ending clean mount
[   92.709019][ T6160] XFS (loop2): Quotacheck needed: Please wait.
[   92.746809][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.877278][ T6160] XFS (loop2): Quotacheck: Done.
[   93.035737][ T5848] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[   93.081205][ T5855] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   93.745520][ T6246] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   93.822381][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[   93.834704][ T6250] loop0: detected capacity change from 0 to 64
[   93.976384][ T6236] loop1: detected capacity change from 0 to 32768
[   94.069933][ T6254] loop4: detected capacity change from 0 to 512
[   94.106748][ T6236] JBD2: Ignoring recovery information on journal
[   94.115103][ T5901] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   94.172387][ T6254] EXT4-fs: journaled quota format not specified
[   94.263490][ T6236] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   94.275203][ T5901] usb 4-1: Using ep0 maxpacket: 8
[   94.296011][ T5901] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   94.354975][ T5901] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   94.380407][ T5901] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   94.420876][ T5901] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   94.434470][ T6264] loop2: detected capacity change from 0 to 1024
[   94.443377][ T5901] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   94.456205][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.473215][ T5849] ocfs2: Unmounting device (7,1) on (node local)
[   94.608453][ T6267] block nbd0: shutting down sockets
[   94.699233][ T5901] usb 4-1: GET_CAPABILITIES returned 0
[   94.704792][ T5901] usbtmc 4-1:16.0: can't read capabilities
[   94.705853][   T11] hfsplus: b-tree write err: -5, ino 4
[   94.921516][    C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[   94.934577][ T6249] usbtmc 4-1:16.0: Unable to send data, error -71
[   94.968838][  T836] usb 4-1: USB disconnect, device number 2
[   95.451037][   T29] audit: type=1326 audit(1730328936.653:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c7097e719 code=0x7ffc0000
[   95.473696][   T29] audit: type=1326 audit(1730328936.663:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c7097e719 code=0x7ffc0000
[   95.495958][   T29] audit: type=1326 audit(1730328936.663:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f4c7097e719 code=0x7ffc0000
[   95.521184][   T29] audit: type=1326 audit(1730328936.663:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c7097e719 code=0x7ffc0000
[   95.544856][   T29] audit: type=1326 audit(1730328936.663:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c7097e719 code=0x7ffc0000
[   95.865070][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[   96.275922][ T6286] loop0: detected capacity change from 0 to 32768
[   96.398636][    T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   96.606967][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.624009][    T8] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   96.644277][ T6315] netlink: 'syz.2.142': attribute type 3 has an invalid length.
[   96.667299][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.702423][    T8] usb 4-1: config 0 descriptor??
[   96.959551][ T6301] loop4: detected capacity change from 0 to 40427
[   96.973231][ T6301] F2FS-fs (loop4): Invalid segment count (0)
[   96.981490][ T6301] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   97.011126][ T6301] F2FS-fs (loop4): invalid crc value
[   97.058025][ T6301] F2FS-fs (loop4): Found nat_bits in checkpoint
[   97.144398][    T8] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor
[   97.177978][    T8] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0001/input/input6
[   97.183349][ T5900] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   97.222249][ T6301] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   97.259161][ T6301] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   97.340544][    T8] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[   97.391314][ T5900] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   97.404970][ T5900] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   97.433729][ T5900] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   97.453825][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.481686][ T6324] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   97.502830][ T5863] syz-executor: attempt to access beyond end of device
[   97.502830][ T5863] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   97.510995][ T5900] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[   97.528067][ T5863] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[   97.558722][   T25] usb 4-1: USB disconnect, device number 3
[   97.662583][ T6342] vti0: entered promiscuous mode
[   97.694531][ T6342] vti0: entered allmulticast mode
[   97.729522][ T5900] usb 2-1: USB disconnect, device number 4
[   97.942311][ T6346] loop0: detected capacity change from 0 to 16
[   98.016163][ T6346] erofs: (device loop0): mounted with root inode @ nid 36.
[   98.048534][ T6058] udevd[6058]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   98.493276][ T6348] loop2: detected capacity change from 0 to 40427
[   98.545356][ T6348] F2FS-fs (loop2): heap/no_heap options were deprecated
[   98.606658][ T6363] loop1: detected capacity change from 0 to 512
[   98.617194][ T6348] F2FS-fs (loop2): invalid crc value
[   98.675208][ T6348] F2FS-fs (loop2): Found nat_bits in checkpoint
[   98.717402][ T6363] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.162: invalid block
[   98.747886][ T6363] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.162: invalid indirect mapped block 4294967295 (level 1)
[   98.775695][ T6371] loop4: detected capacity change from 0 to 512
[   98.782816][ T6371] EXT4-fs: Ignoring removed orlov option
[   98.839218][ T6371] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[   98.859392][ T6371] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.164: invalid indirect mapped block 2683928664 (level 1)
[   98.892483][ T6371] EXT4-fs (loop4): 1 truncate cleaned up
[   98.905710][ T6371] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.936860][ T6363] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.162: invalid indirect mapped block 4294967295 (level 1)
[   98.958654][ T6363] EXT4-fs (loop1): 2 truncates cleaned up
[   98.969303][ T6363] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.087738][ T6371] EXT4-fs: user quota file already specified
[   99.143868][ T6348] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   99.201782][ T5863] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[   99.249534][ T6385] loop3: detected capacity change from 0 to 1024
[   99.278006][ T5863] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz-executor: Invalid block bitmap block 3 in block_group 0
[   99.326650][ T6385] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.376833][ T5863] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   99.422574][ T5855] syz-executor: attempt to access beyond end of device
[   99.422574][ T5855] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   99.450867][ T5863] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor: corrupted in-inode xattr: e_value out of bounds
[   99.475832][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   99.482953][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   99.490436][ T6385] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   99.508343][ T5863] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor: corrupted in-inode xattr: e_value out of bounds
[   99.690795][ T6395] loop0: detected capacity change from 0 to 16
[   99.756059][ T6395] erofs: (device loop0): mounted with root inode @ nid 36.
[   99.758388][ T5858] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.781173][ T6395] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0
[   99.834676][ T6395] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0
[   99.858003][ T6395] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 8200 of nid 36
[   99.904505][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.989416][ T5863] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.190376][ T6399] netlink: 4 bytes leftover after parsing attributes in process `syz.1.177'.
[  100.405033][   T62] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.549932][ T6408] vti0: entered promiscuous mode
[  100.585058][ T6408] vti0: entered allmulticast mode
[  100.727967][ T6414] loop1: detected capacity change from 0 to 256
[  100.860500][ T5868] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  100.863358][ T6409] loop3: detected capacity change from 0 to 32768
[  100.871757][ T5868] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  100.882308][ T5868] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  100.892803][ T5868] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  100.900594][ T5868] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  100.909016][ T5868] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  101.006478][   T62] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.287255][ T6409] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  101.346699][ T6413] loop2: detected capacity change from 0 to 40427
[  101.363132][ T6413] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[  101.369992][ T6413] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  101.377051][   T62] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.429958][ T6413] F2FS-fs (loop2): Found nat_bits in checkpoint
[  101.439974][ T6428] loop0: detected capacity change from 0 to 4096
[  101.497428][ T6413] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  101.512848][ T6413] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  101.559407][ T6409] XFS (loop3): Ending clean mount
[  101.591499][ T6413] syz.2.173: attempt to access beyond end of device
[  101.591499][ T6413] loop2: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  101.603580][ T6409] XFS (loop3): Quotacheck needed: Please wait.
[  101.651899][ T5855] syz-executor: attempt to access beyond end of device
[  101.651899][ T5855] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  101.679247][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  101.690440][ T6409] XFS (loop3): Quotacheck: Done.
[  101.698077][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  101.712067][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  101.714764][   T62] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.725012][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  101.810180][ T5858] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  102.043946][ T6440] loop0: detected capacity change from 0 to 4096
[  102.306624][ T6410] chnl_net:caif_netlink_parms(): no params data found
[  102.491887][   T62] bridge_slave_1: left allmulticast mode
[  102.535300][   T62] bridge_slave_1: left promiscuous mode
[  102.543522][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.626425][   T62] bridge_slave_0: left allmulticast mode
[  102.632157][   T62] bridge_slave_0: left promiscuous mode
[  102.639448][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.987702][ T5851] Bluetooth: hci5: command tx timeout
[  103.011039][ T5901] IPVS: starting estimator thread 0...
[  103.050187][ T6468] IPVS: sed: TCP 127.0.0.1:0 - no destination available
[  103.155180][ T6469] IPVS: using max 19 ests per chain, 45600 per kthread
[  103.185127][ T6474] loop1: detected capacity change from 0 to 2048
[  103.241494][ T6474] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.275956][ T6474] EXT4-fs error (device loop1): ext4_ext_precache:631: inode #2: comm syz.1.204: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  103.315526][ T6474] EXT4-fs (loop1): Remounting filesystem read-only
[  103.342906][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.520948][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.532984][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.552679][   T62] bond0 (unregistering): Released all slaves
[  103.891565][ T6410] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.918237][ T6410] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.942222][ T6410] bridge_slave_0: entered allmulticast mode
[  103.968625][ T6410] bridge_slave_0: entered promiscuous mode
[  104.002786][ T6410] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.043650][ T6410] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.068944][ T6410] bridge_slave_1: entered allmulticast mode
[  104.096661][ T6410] bridge_slave_1: entered promiscuous mode
[  104.232505][ T6492] loop0: detected capacity change from 0 to 4096
[  104.245762][ T5900] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  104.271940][ T6492] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  104.289181][ T6492] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  104.414139][ T6410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.616980][ T6410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.782641][ T6410] team0: Port device team_slave_0 added
[  104.788306][ T6505] loop3: detected capacity change from 0 to 32768
[  104.808194][ T6511] loop1: detected capacity change from 0 to 1024
[  104.861015][   T62] hsr_slave_0: left promiscuous mode
[  104.867315][ T6511] EXT4-fs: Ignoring removed nomblk_io_submit option
[  104.888678][   T62] hsr_slave_1: left promiscuous mode
[  104.914791][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.925432][ T5900] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  104.947209][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.964568][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.986278][ T6505] 
[  104.986278][ T6505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  104.986278][ T6505] 
[  105.007590][ T6511] EXT4-fs (loop1): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.026897][ T5900] usb 3-1: config 0 descriptor??
[  105.042188][ T5900] gspca_main: spca508-2.14.0 probing 8086:0110
[  105.069469][ T6511] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2863: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  105.079021][ T5851] Bluetooth: hci5: command tx timeout
[  105.099660][ T6505] read_mapping_page failed!
[  105.134486][ T6505] ERROR: (device loop3): txCommit: 
[  105.134486][ T6505] 
[  105.186478][ T6505] 
[  105.186478][ T6505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.186478][ T6505] 
[  105.204114][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  105.214175][ T6505] 
[  105.214175][ T6505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.214175][ T6505] 
[  105.215840][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.263436][ T6505] 
[  105.263436][ T6505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.263436][ T6505] 
[  105.275182][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.300313][ T6505] 
[  105.300313][ T6505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.300313][ T6505] 
[  105.328341][ T6505] 
[  105.328341][ T6505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.328341][ T6505] 
[  105.339269][ T6505] 
[  105.339269][ T6505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.339269][ T6505] 
[  105.380779][  T113] 
[  105.380779][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.380779][  T113] 
[  105.395295][ T6505] jfs_mkdir: dtSearch returned -17
[  105.445871][   T62] veth1_macvtap: left promiscuous mode
[  105.472702][   T62] veth0_macvtap: left promiscuous mode
[  105.481697][ T5858] 
[  105.481697][ T5858]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.481697][ T5858] 
[  105.501931][   T62] veth1_vlan: left promiscuous mode
[  105.507902][   T62] veth0_vlan: left promiscuous mode
[  105.555020][ T5858] 
[  105.555020][ T5858]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  105.555020][ T5858] 
[  105.620996][ T5900] gspca_spca508: reg_read err -110
[  105.639987][ T5900] gspca_spca508: reg_read err -32
[  105.660006][ T5900] gspca_spca508: reg_read err -32
[  105.678522][ T5900] gspca_spca508: reg_read err -32
[  105.699288][ T5900] gspca_spca508: reg_read err -32
[  105.735945][ T5900] gspca_spca508: reg write: error -32
[  105.741423][ T5900] spca508 3-1:0.0: probe with driver spca508 failed with error -32
[  105.848012][ T5900] usb 3-1: USB disconnect, device number 2
[  106.467920][   T62] team0 (unregistering): Port device team_slave_1 removed
[  106.506576][   T62] team0 (unregistering): Port device team_slave_0 removed
[  106.923926][ T6410] team0: Port device team_slave_1 added
[  106.939444][ T6531] netlink: 24 bytes leftover after parsing attributes in process `syz.0.221'.
[  107.155065][ T5851] Bluetooth: hci5: command tx timeout
[  107.174326][ T6410] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.192880][ T6410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.221443][ T6410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.274510][ T6410] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.323147][ T6410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.427833][ T6561] loop2: detected capacity change from 0 to 256
[  107.455811][ T6410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.492370][ T6557] warning: `syz.1.231' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  107.537477][ T6559] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.547168][ T6559] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.857190][ T6573] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  107.926542][ T6410] hsr_slave_0: entered promiscuous mode
[  107.936227][ T6410] hsr_slave_1: entered promiscuous mode
[  107.956278][ T6410] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  107.963963][ T6410] Cannot create hsr debugfs directory
[  108.737246][ T6410] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  108.746246][ T6553] loop0: detected capacity change from 0 to 40427
[  108.764627][ T6553] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  108.779402][ T6410] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  108.800588][ T6553] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  108.843858][ T6410] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  108.874472][ T6553] F2FS-fs (loop0): invalid crc value
[  108.893841][ T6410] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  108.914169][ T6553] F2FS-fs (loop0): Found nat_bits in checkpoint
[  109.156176][ T6608] loop3: detected capacity change from 0 to 128
[  109.185404][ T6553] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  109.192502][ T6553] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  109.211400][ T6410] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.244040][ T5851] Bluetooth: hci5: command tx timeout
[  109.329310][ T6614] netlink: 'syz.2.246': attribute type 12 has an invalid length.
[  109.345003][ T6614] netlink: 'syz.2.246': attribute type 29 has an invalid length.
[  109.352891][ T6614] netlink: 148 bytes leftover after parsing attributes in process `syz.2.246'.
[  109.372108][ T6614] netlink: 39 bytes leftover after parsing attributes in process `syz.2.246'.
[  109.393878][ T6410] 8021q: adding VLAN 0 to HW filter on device team0
[  109.437489][ T6410] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  109.448631][ T6410] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.463410][ T4529] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.470593][ T4529] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.493420][ T5848] syz-executor: attempt to access beyond end of device
[  109.493420][ T5848] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  109.535418][ T4529] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.542676][ T4529] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.552262][ T5848] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  110.117813][ T6410] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.272565][ T6636] loop1: detected capacity change from 0 to 4096
[  110.313681][ T6636] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  110.333924][ T6644] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  110.376654][ T6636] ntfs3(loop1): Failed to load $Extend (-22).
[  110.382822][ T6636] ntfs3(loop1): Failed to initialize $Extend.
[  110.395373][ T6644] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  111.083162][ T6672] can0: slcan on ttyS3.
[  111.228091][ T6675] can0 (unregistered): slcan off ttyS3.
[  111.262930][ T6410] veth0_vlan: entered promiscuous mode
[  111.319408][ T6410] veth1_vlan: entered promiscuous mode
[  111.389448][ T6680] loop2: detected capacity change from 0 to 4096
[  111.511813][ T6410] veth0_macvtap: entered promiscuous mode
[  111.537167][ T6410] veth1_macvtap: entered promiscuous mode
[  111.636121][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  111.681207][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.715138][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  111.736590][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.756664][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  111.775930][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.790570][    T8] kernel write not supported for file /amidi2 (pid: 8 comm: kworker/0:0)
[  111.801466][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  111.842925][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.859870][ T6410] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.870757][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  111.881539][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.891659][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  111.902493][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.917934][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  111.928710][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.938940][ T6410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  111.950592][ T6410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.962275][ T6410] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.017076][ T6410] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.042854][ T6410] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.088540][ T6410] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.145100][ T6410] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.474789][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.475062][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.503543][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.517238][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.817063][   T29] audit: type=1326 audit(1730328954.053:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12dbf7e719 code=0x7ffc0000
[  112.871317][   T29] audit: type=1326 audit(1730328954.073:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12dbf7e719 code=0x7ffc0000
[  112.964945][   T29] audit: type=1326 audit(1730328954.083:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12dbf7e719 code=0x7ffc0000
[  113.007677][   T29] audit: type=1326 audit(1730328954.083:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12dbf7e719 code=0x7ffc0000
[  113.055003][   T29] audit: type=1326 audit(1730328954.083:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12dbf7e719 code=0x7ffc0000
[  113.081026][ T6694] loop1: detected capacity change from 0 to 32768
[  113.088866][   T29] audit: type=1326 audit(1730328954.093:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12dbf7e719 code=0x7ffc0000
[  113.111118][   T29] audit: type=1326 audit(1730328954.093:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12dbf7e719 code=0x7ffc0000
[  113.133803][   T29] audit: type=1326 audit(1730328954.093:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f12dbf756e7 code=0x7ffc0000
[  113.156431][   T29] audit: type=1326 audit(1730328954.093:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f12dbf1a099 code=0x7ffc0000
[  113.178550][   T29] audit: type=1326 audit(1730328954.093:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.2.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f12dbf756e7 code=0x7ffc0000
[  113.230930][ T6731] loop5: detected capacity change from 0 to 1024
[  113.238244][ T6731] EXT4-fs: Ignoring removed oldalloc option
[  113.360880][ T6718] loop3: detected capacity change from 0 to 40427
[  113.392115][ T6718] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  113.400156][ T6718] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  113.543474][ T6721] loop0: detected capacity change from 0 to 32768
[  113.559606][ T6694] (syz.1.267,6694,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  113.582655][ T6694] (syz.1.267,6694,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  113.614475][ T6718] F2FS-fs (loop3): Found nat_bits in checkpoint
[  113.650775][ T6694] JBD2: Ignoring recovery information on journal
[  113.685434][ T6731] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.713388][ T6721] XFS (loop0): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  113.778531][ T6731] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  113.791504][ T6718] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  113.810987][ T6760] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  113.811196][ T6694] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  113.837519][ T6718] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  113.931625][ T6721] XFS (loop0): Ending clean mount
[  114.018741][ T6410] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.122124][ T5848] XFS (loop0): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  114.166061][ T6767] loop5: detected capacity change from 0 to 256
[  114.422985][ T6775] loop2: detected capacity change from 0 to 64
[  114.454137][ T5849] ocfs2: Unmounting device (7,1) on (node local)
[  114.524346][ T6777] loop0: detected capacity change from 0 to 1024
[  114.612246][ T6777] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  114.670252][ T6777] UDF-fs: error (device loop0): udf_read_inode: (ino 833) failed !bh
[  114.678617][ T6783] loop5: detected capacity change from 0 to 512
[  114.679319][ T6783] EXT4-fs: Ignoring removed oldalloc option
[  114.784171][ T6783] EXT4-fs error (device loop5): ext4_xattr_inode_iget:436: comm syz.5.289: Parent and EA inode have the same ino 15
[  114.807437][ T6783] EXT4-fs error (device loop5): ext4_xattr_inode_iget:436: comm syz.5.289: Parent and EA inode have the same ino 15
[  114.835927][ T6783] EXT4-fs (loop5): 1 orphan inode deleted
[  114.866394][ T1082] kworker/u8:5: attempt to access beyond end of device
[  114.866394][ T1082] loop2: rw=1, sector=65, nr_sectors = 1 limit=64
[  114.912393][ T6783] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.945778][ T1082] Buffer I/O error on dev loop2, logical block 65, lost async page write
[  114.982138][ T1082] kworker/u8:5: attempt to access beyond end of device
[  114.982138][ T1082] loop2: rw=1, sector=66, nr_sectors = 1 limit=64
[  115.005812][ T6792] program syz.3.291 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  115.015113][ T1082] Buffer I/O error on dev loop2, logical block 66, lost async page write
[  115.015193][ T1082] kworker/u8:5: attempt to access beyond end of device
[  115.015193][ T1082] loop2: rw=1, sector=67, nr_sectors = 1 limit=64
[  115.015220][ T1082] Buffer I/O error on dev loop2, logical block 67, lost async page write
[  115.093922][ T1082] kworker/u8:5: attempt to access beyond end of device
[  115.093922][ T1082] loop2: rw=1, sector=68, nr_sectors = 1 limit=64
[  115.137291][ T1082] Buffer I/O error on dev loop2, logical block 68, lost async page write
[  115.164112][ T6410] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.164468][ T1082] kworker/u8:5: attempt to access beyond end of device
[  115.164468][ T1082] loop2: rw=1, sector=72, nr_sectors = 1 limit=64
[  115.176594][ T6797] netlink: 324 bytes leftover after parsing attributes in process `syz.3.292'.
[  115.235059][ T1082] Buffer I/O error on dev loop2, logical block 72, lost async page write
[  115.243596][ T1082] kworker/u8:5: attempt to access beyond end of device
[  115.243596][ T1082] loop2: rw=1, sector=73, nr_sectors = 1 limit=64
[  115.292685][ T1082] Buffer I/O error on dev loop2, logical block 73, lost async page write
[  115.326374][ T1082] kworker/u8:5: attempt to access beyond end of device
[  115.326374][ T1082] loop2: rw=1, sector=76, nr_sectors = 1 limit=64
[  115.390281][ T1082] Buffer I/O error on dev loop2, logical block 76, lost async page write
[  115.408128][ T6802] Bluetooth: MGMT ver 1.23
[  115.415125][ T1082] kworker/u8:5: attempt to access beyond end of device
[  115.415125][ T1082] loop2: rw=1, sector=77, nr_sectors = 1 limit=64
[  115.454022][ T1082] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  115.478016][ T1082] kworker/u8:5: attempt to access beyond end of device
[  115.478016][ T1082] loop2: rw=1, sector=78, nr_sectors = 976 limit=64
[  115.550461][ T6810] dummy0: entered promiscuous mode
[  115.605211][ T6808] dummy0: left promiscuous mode
[  115.825773][ T6825] block nbd2: NBD_DISCONNECT
[  116.472406][ T6866] loop3: detected capacity change from 0 to 8
[  116.486292][ T6866] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  117.310774][ T6906] sch_tbf: peakrate 6 is lower than or equals to rate 7694164503644904053 !
[  117.522236][   T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.783103][ T6917] loop2: detected capacity change from 0 to 4096
[  117.799539][   T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.897463][ T6925] loop5: detected capacity change from 0 to 1024
[  118.021146][   T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.100631][ T6410] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  118.118910][ T5868] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  118.153755][ T6410] hfsplus: xattr search failed
[  118.178135][ T5868] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  118.187065][ T5868] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  118.209903][ T5868] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  118.219424][ T5868] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  118.222546][ T6410] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  118.236475][ T5868] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  118.275047][ T6410] hfsplus: xattr search failed
[  118.311901][ T6410] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  118.321077][   T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.340312][ T6410] hfsplus: xattr search failed
[  118.382068][ T6410] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  118.403599][ T6914] loop0: detected capacity change from 0 to 32768
[  118.413759][ T6914] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.332 (6914)
[  118.434514][ T6914] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  118.463044][ T6914] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  118.505144][ T6914] BTRFS info (device loop0): using free-space-tree
[  118.512706][ T6410] hfsplus: xattr search failed
[  118.523680][ T6410] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  118.530452][ T6410] hfsplus: xattr search failed
[  118.537019][ T6410] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  118.543583][ T6410] hfsplus: xattr search failed
[  118.549400][ T6410] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  118.556952][ T6410] hfsplus: xattr search failed
[  118.759938][ T6946] loop5: detected capacity change from 0 to 128
[  118.826038][   T35] bridge_slave_1: left allmulticast mode
[  118.831776][   T35] bridge_slave_1: left promiscuous mode
[  118.838576][ T6922] loop1: detected capacity change from 0 to 32768
[  118.856952][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.907925][   T35] bridge_slave_0: left allmulticast mode
[  118.913624][   T35] bridge_slave_0: left promiscuous mode
[  118.919743][ T6922] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.930936][ T6914] BTRFS warning (device loop0): can't clear the free_space_tree feature bit while mounted
[  118.971155][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.020510][ T5848] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  119.260638][ T6922] XFS (loop1): Ending clean mount
[  119.271252][ T6922] XFS (loop1): Quotacheck needed: Please wait.
[  119.450831][ T6922] XFS (loop1): Quotacheck: Done.
[  119.499597][ T6937] loop2: detected capacity change from 0 to 32768
[  119.550362][ T6937] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.341 (6937)
[  119.609110][ T6937] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  119.622116][ T6937] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  119.639218][ T6937] BTRFS info (device loop2): using free-space-tree
[  119.786450][ T5849] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  119.911942][ T6977] loop5: detected capacity change from 0 to 128
[  119.935072][ T6980] loop0: detected capacity change from 0 to 128
[  119.969485][ T6977] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  119.996594][ T6977] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  120.030497][ T6980] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  120.086444][ T6980] ext4 filesystem being mounted at /67/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  120.121589][ T6977] fscrypt (loop5, inode 12): Direct key flag not allowed with different contents and filenames modes
[  120.280890][ T6410] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  120.390484][ T5848] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  120.425392][ T5868] Bluetooth: hci6: command tx timeout
[  120.520753][ T5855] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  120.645440][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  120.717488][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  120.744429][   T35] bond0 (unregistering): Released all slaves
[  120.893275][ T6927] chnl_net:caif_netlink_parms(): no params data found
[  120.955503][ T6995] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  121.161968][ T7005] block device autoloading is deprecated and will be removed.
[  121.762793][ T7031] loop1: detected capacity change from 0 to 256
[  121.793632][ T7027] netlink: 'syz.0.357': attribute type 1 has an invalid length.
[  121.821654][ T6927] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.833655][ T6927] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.851484][ T6927] bridge_slave_0: entered allmulticast mode
[  121.877967][ T6927] bridge_slave_0: entered promiscuous mode
[  121.899987][ T6927] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.913016][   T29] kauditd_printk_skb: 33 callbacks suppressed
[  121.913037][   T29] audit: type=1800 audit(1730328963.143:52): pid=7031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.359" name="bus" dev="loop1" ino=1048616 res=0 errno=0
[  121.951039][ T6927] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.962355][ T6927] bridge_slave_1: entered allmulticast mode
[  121.974579][   T29] audit: type=1804 audit(1730328963.153:53): pid=7031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.359" name="/newroot/73/file1/bus" dev="loop1" ino=1048616 res=1 errno=0
[  121.998005][ T6927] bridge_slave_1: entered promiscuous mode
[  122.052858][   T35] hsr_slave_0: left promiscuous mode
[  122.100505][ T7038] capability: warning: `syz.5.362' uses deprecated v2 capabilities in a way that may be insecure
[  122.111774][   T35] hsr_slave_1: left promiscuous mode
[  122.127318][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.135461][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.173994][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.215135][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.279052][   T35] veth1_macvtap: left promiscuous mode
[  122.284634][   T35] veth0_macvtap: left promiscuous mode
[  122.305029][   T35] veth1_vlan: left promiscuous mode
[  122.320750][   T35] veth0_vlan: left promiscuous mode
[  122.446754][ T7051] netlink: 64 bytes leftover after parsing attributes in process `syz.5.368'.
[  122.505113][ T5868] Bluetooth: hci6: command tx timeout
[  122.656171][ T7029] loop2: detected capacity change from 0 to 32768
[  122.776818][ T7029] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.064593][ T7029] XFS (loop2): Ending clean mount
[  123.072913][ T7029] XFS (loop2): Quotacheck needed: Please wait.
[  123.134212][ T7029] XFS (loop2): Quotacheck: Done.
[  123.308745][ T5855] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.318618][ T5931] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  123.485173][ T5931] usb 6-1: Using ep0 maxpacket: 32
[  123.538921][ T5931] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  123.564657][ T5931] usb 6-1: config 0 has no interface number 0
[  123.592121][ T5931] usb 6-1: config 0 interface 1 altsetting 172 has 0 endpoint descriptors, different from the interface descriptor's value: 20
[  123.631850][ T5931] usb 6-1: config 0 interface 1 has no altsetting 0
[  123.653719][ T5931] usb 6-1: New USB device found, idVendor=0cde, idProduct=0023, bcdDevice=21.32
[  123.674476][ T5931] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.701440][ T5931] usb 6-1: Product: syz
[  123.712541][ T5931] usb 6-1: Manufacturer: syz
[  123.717381][ T5931] usb 6-1: SerialNumber: syz
[  123.751300][ T5931] usb 6-1: config 0 descriptor??
[  124.160394][   T35] team0 (unregistering): Port device team_slave_1 removed
[  124.211407][   T35] team0 (unregistering): Port device team_slave_0 removed
[  124.277320][ T5904] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  124.447510][ T5904] usb 2-1: Using ep0 maxpacket: 8
[  124.470926][ T5904] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  124.498611][ T5904] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  124.508778][ T5904] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  124.518784][ T7093] loop0: detected capacity change from 0 to 4096
[  124.535212][ T5904] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  124.545538][ T5904] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  124.559079][ T5904] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  124.570346][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.592731][ T5868] Bluetooth: hci6: command tx timeout
[  124.827534][ T5904] usb 2-1: GET_CAPABILITIES returned 0
[  124.833114][ T5904] usbtmc 2-1:16.0: can't read capabilities
[  124.850212][ T5931] usb 6-1: USB disconnect, device number 2
[  125.061671][ T5931] usb 2-1: USB disconnect, device number 5
[  125.245014][ T6927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.261782][ T6927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.346171][ T7109] sctp: [Deprecated]: syz.0.389 (pid 7109) Use of struct sctp_assoc_value in delayed_ack socket option.
[  125.346171][ T7109] Use struct sctp_sack_info instead
[  125.350146][ T6927] team0: Port device team_slave_0 added
[  125.394046][ T6927] team0: Port device team_slave_1 added
[  125.510998][ T7114] loop0: detected capacity change from 0 to 2048
[  125.542861][ T6927] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.552458][ T7114] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  125.556837][ T6927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.577497][ T7114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  125.631057][ T6927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.667369][ T6927] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.674468][ T6927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.732457][ T6927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.750290][ T7120] netlink: 'syz.2.394': attribute type 8 has an invalid length.
[  125.850743][ T7102] syz.5.385 (7102) used greatest stack depth: 17680 bytes left
[  125.999099][ T6927] hsr_slave_0: entered promiscuous mode
[  126.015848][ T6927] hsr_slave_1: entered promiscuous mode
[  126.023399][ T6927] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  126.036419][ T6927] Cannot create hsr debugfs directory
[  126.156668][ T7138] loop0: detected capacity change from 0 to 512
[  126.190779][ T7138] EXT4-fs: Ignoring removed oldalloc option
[  126.212884][ T7138] EXT4-fs: Ignoring removed oldalloc option
[  126.226711][ T7138] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  126.274993][ T7138] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.402: invalid indirect mapped block 83886080 (level 1)
[  126.294133][ T7137] loop2: detected capacity change from 0 to 4096
[  126.308513][ T7138] EXT4-fs (loop0): Remounting filesystem read-only
[  126.318986][ T7138] EXT4-fs (loop0): 1 orphan inode deleted
[  126.331637][ T7138] EXT4-fs (loop0): 1 truncate cleaned up
[  126.342437][ T7137] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  126.362051][ T7138] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.418364][ T6927] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  126.435763][ T6927] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  126.447851][ T7147] loop1: detected capacity change from 0 to 1024
[  126.457648][ T6927] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  126.463816][ T7137] ntfs3(loop2): ino=0, attr_set_size
[  126.478204][ T6927] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  126.479851][ T7137] ntfs3(loop2): ino=0, attr_set_size
[  126.512714][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.516288][ T7147] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.543720][ T7137] ntfs3(loop2): ino=0, attr_set_size
[  126.667933][ T5868] Bluetooth: hci6: command tx timeout
[  126.751470][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.808783][ T7159] program syz.2.406 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  126.820481][ T6927] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.846117][ T6927] 8021q: adding VLAN 0 to HW filter on device team0
[  126.889663][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.896900][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.996923][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.004184][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.059362][ T7172] loop5: detected capacity change from 0 to 64
[  127.393598][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.393598][   T11] loop5: rw=1, sector=65, nr_sectors = 1 limit=64
[  127.430999][   T11] Buffer I/O error on dev loop5, logical block 65, lost async page write
[  127.460096][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.460096][   T11] loop5: rw=1, sector=66, nr_sectors = 1 limit=64
[  127.515062][   T11] Buffer I/O error on dev loop5, logical block 66, lost async page write
[  127.553319][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.553319][   T11] loop5: rw=1, sector=67, nr_sectors = 1 limit=64
[  127.601039][   T11] Buffer I/O error on dev loop5, logical block 67, lost async page write
[  127.628738][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.628738][   T11] loop5: rw=1, sector=68, nr_sectors = 1 limit=64
[  127.685246][   T11] Buffer I/O error on dev loop5, logical block 68, lost async page write
[  127.693811][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.693811][   T11] loop5: rw=1, sector=72, nr_sectors = 1 limit=64
[  127.698663][ T6927] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.743096][   T11] Buffer I/O error on dev loop5, logical block 72, lost async page write
[  127.775000][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.775000][   T11] loop5: rw=1, sector=73, nr_sectors = 1 limit=64
[  127.827820][   T11] Buffer I/O error on dev loop5, logical block 73, lost async page write
[  127.857093][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.857093][   T11] loop5: rw=1, sector=76, nr_sectors = 1 limit=64
[  127.885241][   T11] Buffer I/O error on dev loop5, logical block 76, lost async page write
[  127.905281][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.905281][   T11] loop5: rw=1, sector=77, nr_sectors = 1 limit=64
[  127.935055][   T11] Buffer I/O error on dev loop5, logical block 77, lost async page write
[  127.961449][   T11] kworker/u8:0: attempt to access beyond end of device
[  127.961449][   T11] loop5: rw=1, sector=78, nr_sectors = 976 limit=64
[  128.058821][ T5901] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  128.245545][ T5901] usb 2-1: Using ep0 maxpacket: 8
[  128.272450][ T5901] usb 2-1: config 0 has no interfaces?
[  128.288410][ T5901] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  128.310197][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.339582][ T5901] usb 2-1: Product: syz
[  128.353045][ T5901] usb 2-1: Manufacturer: syz
[  128.357108][ T6927] veth0_vlan: entered promiscuous mode
[  128.377960][ T5901] usb 2-1: SerialNumber: syz
[  128.402060][ T6927] veth1_vlan: entered promiscuous mode
[  128.411561][ T5901] usb 2-1: config 0 descriptor??
[  128.503628][ T6927] veth0_macvtap: entered promiscuous mode
[  128.549843][ T6927] veth1_macvtap: entered promiscuous mode
[  128.560298][ T7182] loop2: detected capacity change from 0 to 32768
[  128.617280][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.662442][ T7182] XFS (loop2): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  128.664495][ T5901] usb 2-1: USB disconnect, device number 6
[  128.705108][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.733945][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.773778][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.815144][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.850028][ T7182] XFS (loop2): Ending clean mount
[  128.885750][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.910072][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.951409][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.986310][ T6927] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.006619][ T5855] XFS (loop2): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  129.064594][ T7245] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  129.156996][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  129.197414][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.243105][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  129.275425][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.289047][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  129.300029][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.319647][ T6927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  129.331863][ T6927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.362066][ T6927] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.470836][ T6927] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.498805][ T6927] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.525778][ T6927] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.553680][ T6927] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.737220][ T7227] loop5: detected capacity change from 0 to 40427
[  129.746702][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.754570][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.777728][ T7227] F2FS-fs (loop5): invalid crc value
[  129.798562][ T7227] F2FS-fs (loop5): Found nat_bits in checkpoint
[  129.843228][ T7261] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  129.877445][ T7227] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  129.886270][ T7261] macsec1: entered promiscuous mode
[  129.893268][ T7261] macsec1: entered allmulticast mode
[  129.896241][ T7227] syz.5.419: attempt to access beyond end of device
[  129.896241][ T7227] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  129.913798][ T7261] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  129.923857][ T7227] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  129.935162][ T7261] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[  129.942319][ T7261] mac80211_hwsim hwsim4 wlan0: left promiscuous mode
[  130.048478][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.085212][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.304498][ T7274] netlink: 24 bytes leftover after parsing attributes in process `syz.2.431'.
[  130.482920][   T29] audit: type=1326 audit(1730328971.713:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15f17e719 code=0x7ffc0000
[  130.541943][   T29] audit: type=1326 audit(1730328971.713:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15f17e719 code=0x7ffc0000
[  130.613220][   T29] audit: type=1326 audit(1730328971.753:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc15f17e719 code=0x7ffc0000
[  130.648005][   T29] audit: type=1326 audit(1730328971.753:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15f17e719 code=0x7ffc0000
[  130.692161][   T29] audit: type=1326 audit(1730328971.753:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15f17e719 code=0x7ffc0000
[  130.722720][   T29] audit: type=1326 audit(1730328971.753:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc15f17e719 code=0x7ffc0000
[  130.746519][   T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  130.771310][   T29] audit: type=1326 audit(1730328971.753:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15f17e719 code=0x7ffc0000
[  130.789756][ T5851] Bluetooth: hci7: sending frame failed (-49)
[  130.794442][   T29] audit: type=1326 audit(1730328971.753:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc15f1756e7 code=0x7ffc0000
[  130.803199][ T5868] Bluetooth: hci7: Opcode 0x1003 failed: -49
[  130.822379][   T29] audit: type=1326 audit(1730328971.753:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc15f11a099 code=0x7ffc0000
[  130.875349][ T7296] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  130.948115][   T25] usb 1-1: New USB device found, idVendor=14cd, idProduct=6116, bcdDevice= 1.60
[  130.954600][   T29] audit: type=1326 audit(1730328971.753:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.6.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc15f1756e7 code=0x7ffc0000
[  130.964946][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.038526][   T25] usb 1-1: config 0 descriptor??
[  131.099146][   T25] ums-cypress 1-1:0.0: USB Mass Storage device detected
[  131.155605][ T7303] tipc: Started in network mode
[  131.180311][ T7303] tipc: Node identity 74725f6c656e3a2, cluster identity 4711
[  131.215374][ T7303] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  131.260220][ T7307] loop5: detected capacity change from 0 to 256
[  131.278669][ T7307] exfat: Deprecated parameter 'namecase'
[  131.375085][   T25] usb 1-1: USB disconnect, device number 2
[  131.376046][ T7307] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d)
[  131.393932][ T7289] loop1: detected capacity change from 0 to 40427
[  131.406274][ T7289] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1fffff
[  131.414960][ T7289] F2FS-fs (loop1): Image doesn't support compression
[  131.423863][ T7289] F2FS-fs (loop1): invalid crc value
[  131.436407][ T7289] F2FS-fs (loop1): Found nat_bits in checkpoint
[  131.552345][ T7289] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  131.606000][ T7318] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  131.687399][ T5849] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  131.903719][ T6386] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.055131][   T25] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  132.071084][ T6386] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.237588][   T25] usb 7-1: Using ep0 maxpacket: 8
[  132.254387][   T25] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  132.257392][ T6386] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.285014][   T25] usb 7-1: config 179 has no interface number 0
[  132.301589][   T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  132.340660][ T7339] mkiss: ax0: crc mode is auto.
[  132.355092][   T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  132.395034][   T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  132.434942][   T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  132.479420][   T25] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  132.522600][   T25] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  132.562164][ T6386] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.575145][   T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.631963][ T7324] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  132.806978][ T7356] program syz.1.461 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  132.923597][ T5851] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  132.949488][ T5851] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  132.956079][ T7361] loop2: detected capacity change from 0 to 64
[  132.965067][ T5851] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  133.016702][ T5851] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  133.034041][ T5900] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input8
[  133.055172][ T5851] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  133.062761][ T5851] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  133.066598][ T6386] bridge_slave_1: left allmulticast mode
[  133.083981][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  133.097773][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  133.188776][ T6386] bridge_slave_1: left promiscuous mode
[  133.194733][ T6386] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.252948][  T836] usb 7-1: USB disconnect, device number 2
[  133.253053][    C1] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  133.269532][    C1] dummy_hcd dummy_hcd.6: timer fired with no URBs pending?
[  133.280969][  T836] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  133.334706][ T6386] bridge_slave_0: left allmulticast mode
[  133.340740][ T6386] bridge_slave_0: left promiscuous mode
[  133.348955][ T6386] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.360098][ T7371] loop1: detected capacity change from 0 to 4096
[  133.377169][ T7371] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  134.062502][ T7398] loop6: detected capacity change from 0 to 1024
[  134.288336][ T6386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  134.310273][ T6386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  134.327305][ T6386] bond0 (unregistering): Released all slaves
[  134.354091][ T7367] netlink: 16 bytes leftover after parsing attributes in process `syz.0.463'.
[  134.819893][ T7421] loop0: detected capacity change from 0 to 256
[  134.959412][ T7421] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  135.025590][ T7402] loop2: detected capacity change from 0 to 32768
[  135.104236][ T7402] 
[  135.104236][ T7402]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.104236][ T7402] 
[  135.145314][ T5868] Bluetooth: hci8: command tx timeout
[  135.242116][ T7402] find_entry called with index = 0
[  135.261278][ T7402] read_mapping_page failed!
[  135.273565][ T6386] hsr_slave_0: left promiscuous mode
[  135.275305][ T7402] ERROR: (device loop2): txCommit: 
[  135.275305][ T7402] 
[  135.400965][ T6386] hsr_slave_1: left promiscuous mode
[  135.413653][ T5855] 
[  135.413653][ T5855]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.413653][ T5855] 
[  135.424542][ T7436] loop6: detected capacity change from 0 to 512
[  135.437962][ T6386] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.448129][ T6386] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.458163][ T5855] 
[  135.458163][ T5855]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.458163][ T5855] 
[  135.482994][ T6386] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.500881][ T6386] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.515837][ T7436] EXT4-fs: Ignoring removed i_version option
[  135.588677][ T6386] veth1_macvtap: left promiscuous mode
[  135.603220][ T6386] veth0_macvtap: left promiscuous mode
[  135.614597][ T6386] veth1_vlan: left promiscuous mode
[  135.641050][ T7436] EXT4-fs (loop6): 1 truncate cleaned up
[  135.648294][ T7436] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.675061][ T6386] veth0_vlan: left promiscuous mode
[  135.974163][ T6927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.306005][ T7438] loop1: detected capacity change from 0 to 32768
[  136.376045][ T7438] ERROR: (device loop1): diWrite: ixpxd invalid
[  136.376045][ T7438] 
[  136.420987][ T7438] ERROR: (device loop1): remounting filesystem as read-only
[  136.460228][ T7438] ERROR: (device loop1): txCommit: 
[  136.460228][ T7438] 
[  136.472596][ T7458] loop6: detected capacity change from 0 to 2048
[  136.540520][ T7458] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  137.016013][ T6386] team0 (unregistering): Port device team_slave_1 removed
[  137.063144][ T6386] team0 (unregistering): Port device team_slave_0 removed
[  137.225295][ T5868] Bluetooth: hci8: command tx timeout
[  137.982711][ T7358] chnl_net:caif_netlink_parms(): no params data found
[  138.329178][ T7358] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.360901][ T7358] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.391589][ T7358] bridge_slave_0: entered allmulticast mode
[  138.414646][ T7358] bridge_slave_0: entered promiscuous mode
[  138.449686][ T7358] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.475964][ T7358] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.503300][ T7358] bridge_slave_1: entered allmulticast mode
[  138.524729][ T7358] bridge_slave_1: entered promiscuous mode
[  138.634055][ T7358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.673090][ T7358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.873272][ T7358] team0: Port device team_slave_0 added
[  138.897694][ T7358] team0: Port device team_slave_1 added
[  139.026334][ T7358] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.065102][ T7358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.091043][    C1] vkms_vblank_simulate: vblank timer overrun
[  139.174920][ T7358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.191336][ T7523] netlink: 'syz.6.510': attribute type 2 has an invalid length.
[  139.210438][ T7358] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.236418][ T7523] netlink: 'syz.6.510': attribute type 9 has an invalid length.
[  139.237992][ T7358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.270636][    C1] vkms_vblank_simulate: vblank timer overrun
[  139.275869][ T7523] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.510'.
[  139.307141][ T5868] Bluetooth: hci8: command tx timeout
[  139.384899][ T7358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.487403][ T7502] loop1: detected capacity change from 0 to 40427
[  139.504246][ T7502] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  139.512470][ T7502] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  139.567907][ T7358] hsr_slave_0: entered promiscuous mode
[  139.574162][ T7502] F2FS-fs (loop1): invalid crc value
[  139.598988][ T7358] hsr_slave_1: entered promiscuous mode
[  139.615906][ T7502] F2FS-fs (loop1): Found nat_bits in checkpoint
[  139.652471][ T7358] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  139.682690][ T7358] Cannot create hsr debugfs directory
[  140.075038][ T7531] loop6: detected capacity change from 0 to 32768
[  140.085680][ T7506] loop0: detected capacity change from 0 to 40427
[  140.094652][ T7506] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  140.102460][ T7506] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  140.104264][ T7502] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  140.118856][ T7506] F2FS-fs (loop0): invalid crc value
[  140.130791][ T7502] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  140.140492][ T7506] F2FS-fs (loop0): Found nat_bits in checkpoint
[  140.169946][ T7502] bio_check_eod: 1 callbacks suppressed
[  140.169968][ T7502] syz.1.504: attempt to access beyond end of device
[  140.169968][ T7502] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  140.237616][ T7506] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  140.244841][ T7506] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  140.411700][ T5849] syz-executor: attempt to access beyond end of device
[  140.411700][ T5849] loop1: rw=2051, sector=45096, nr_sectors = 8 limit=40427
[  140.431187][ T5849] F2FS-fs (loop1): Issue discard(5637, 5637, 1) failed, ret: -5
[  140.451289][ T5848] syz-executor: attempt to access beyond end of device
[  140.451289][ T5848] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  140.493675][ T7358] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  140.500665][ T5848] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  140.530589][ T7358] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  140.560745][ T7358] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  140.590446][ T7358] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  140.843098][ T7358] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.929447][ T7358] 8021q: adding VLAN 0 to HW filter on device team0
[  140.986885][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.994033][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.006478][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.013637][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.117151][ T7565] loop1: detected capacity change from 0 to 2048
[  141.132906][ T7358] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  141.165098][ T7358] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  141.221075][ T7565] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  141.375902][ T7575] IPVS: sed: TCP 127.0.0.1:0 - no destination available
[  141.393606][ T5868] Bluetooth: hci8: command tx timeout
[  141.485793][   T29] kauditd_printk_skb: 29 callbacks suppressed
[  141.485814][   T29] audit: type=1326 audit(1730328982.723:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  141.533628][   T29] audit: type=1326 audit(1730328982.723:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  141.588231][ T7358] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.598821][   T29] audit: type=1326 audit(1730328982.753:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  141.653071][   T29] audit: type=1326 audit(1730328982.753:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  141.697128][ T7590] sch_tbf: burst 4 is lower than device lo mtu (65550) !
[  141.735213][   T29] audit: type=1326 audit(1730328982.753:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  141.805773][   T29] audit: type=1326 audit(1730328982.753:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  141.871226][   T29] audit: type=1326 audit(1730328982.763:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  141.934475][   T29] audit: type=1326 audit(1730328982.763:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbd3756e7 code=0x7ffc0000
[  141.956594][    C1] vkms_vblank_simulate: vblank timer overrun
[  142.005556][   T29] audit: type=1326 audit(1730328982.763:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fefbd31a099 code=0x7ffc0000
[  142.065038][   T29] audit: type=1326 audit(1730328982.763:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.1.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbd3756e7 code=0x7ffc0000
[  142.068790][ T7599] loop1: detected capacity change from 0 to 164
[  142.087230][    C1] vkms_vblank_simulate: vblank timer overrun
[  142.170783][ T7599] iso9660: Corrupted directory entry in block 4 of inode 1792
[  142.397211][ T7358] veth0_vlan: entered promiscuous mode
[  142.460988][ T7358] veth1_vlan: entered promiscuous mode
[  142.530727][ T7358] veth0_macvtap: entered promiscuous mode
[  142.595605][ T7358] veth1_macvtap: entered promiscuous mode
[  142.650651][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.683030][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.709314][ T7612] loop2: detected capacity change from 0 to 128
[  142.718389][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.740804][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.767328][ T7612] VFS: Found a Xenix FS (block size = 512) on device loop2
[  142.776045][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.797734][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.810789][ T7612] sysv_free_block: trying to free block not in datazone
[  142.844756][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.861378][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.888872][ T7358] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.936866][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.957918][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.971859][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.982389][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.992322][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.002982][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.012891][ T7358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.023554][ T7358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.036773][ T7358] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.047323][ T7358] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.056335][ T7358] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.065498][ T7358] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.074718][ T7358] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.087033][ T5855] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  143.248059][ T7625] loop0: detected capacity change from 0 to 2048
[  143.285269][ T6386] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.328148][ T6386] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.413628][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.455168][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.989053][ T7648] loop7: detected capacity change from 0 to 1024
[  144.009107][ T7648] EXT4-fs: Ignoring removed orlov option
[  144.096083][ T7648] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.319914][ T7358] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.353662][ T7658] misc userio: Begin command sent, but we're already running
[  144.401414][ T7622] loop6: detected capacity change from 0 to 40427
[  144.427630][ T7622] F2FS-fs (loop6): build fault injection attr: rate: 771, type: 0x1fffff
[  144.458611][ T7622] F2FS-fs (loop6): invalid crc value
[  144.484391][ T7622] F2FS-fs (loop6): Found nat_bits in checkpoint
[  144.628621][ T7622] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  144.712006][ T7675] loop1: detected capacity change from 0 to 512
[  144.778029][ T7677] Driver unsupported XDP return value 0 on prog  (id 50) dev N/A, expect packet loss!
[  144.810997][ T6927] syz-executor: attempt to access beyond end of device
[  144.810997][ T6927] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  144.843503][ T7675] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.845634][ T6927] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  144.858784][ T7675] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.072982][ T7687] input: syz0 as /devices/virtual/input/input11
[  145.136178][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.330546][ T7696] loop0: detected capacity change from 0 to 256
[  145.783028][ T7704] loop6: detected capacity change from 0 to 4096
[  145.803802][ T7707] loop7: detected capacity change from 0 to 2048
[  145.852119][ T7712] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  145.870061][ T7707] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  146.256667][ T7723] netlink: 4 bytes leftover after parsing attributes in process `syz.2.581'.
[  146.262690][ T7694] loop1: detected capacity change from 0 to 32768
[  147.031315][ T7719] loop0: detected capacity change from 0 to 32768
[  147.088818][ T7719] XFS (loop0): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  147.140168][ T7719] XFS (loop0): Ending clean mount
[  147.201480][ T7755] mmap: syz.1.592 (7755) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  147.271204][ T5848] XFS (loop0): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  147.400931][ T7735] loop2: detected capacity change from 0 to 32768
[  147.435091][ T7735] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.587 (7735)
[  147.572486][ T7735] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  147.607443][ T7735] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  147.648276][ T7735] BTRFS info (device loop2): using free-space-tree
[  147.919513][ T5855] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  148.434059][ T7797] loop0: detected capacity change from 0 to 4096
[  148.455404][ T7797] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  148.596686][ T7797] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  148.605443][   T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  148.623992][ T7797] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  148.679075][ T7808] loop2: detected capacity change from 0 to 512
[  148.702048][ T7808] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.608: casefold flag without casefold feature
[  148.723587][ T7808] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.608: couldn't read orphan inode 15 (err -117)
[  148.740146][ T1082] ntfs3(loop0): ino=1a, ntfs3_write_inode failed, -22.
[  148.742420][ T7808] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.775276][   T25] usb 2-1: Using ep0 maxpacket: 32
[  148.782486][   T25] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  148.786229][ T5848] ntfs3(loop0): ino=1a, ntfs_sync_fs failed, -22.
[  148.795403][   T25] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  148.809214][   T25] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  148.833528][   T25] usb 2-1: Product: syz
[  148.837832][   T25] usb 2-1: Manufacturer: syz
[  148.842567][   T25] usb 2-1: SerialNumber: syz
[  148.851459][   T25] usb 2-1: config 0 descriptor??
[  148.857371][ T7799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  148.919428][ T7816] loop7: detected capacity change from 0 to 1024
[  148.947461][ T7816] EXT4-fs: Ignoring removed orlov option
[  148.965489][ T7816] EXT4-fs: Ignoring removed nomblk_io_submit option
[  148.975820][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.003011][ T7819] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  149.086394][ T7816] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.192698][    T8] usb 2-1: USB disconnect, device number 7
[  149.210192][ T7816] EXT4-fs error (device loop7): ext4_expand_extra_isize_ea:2793: inode #14: comm syz.7.611: corrupted in-inode xattr: bad magic number in in-inode xattr
[  149.289348][ T7816] EXT4-fs error (device loop7): ext4_clear_blocks:876: inode #14: comm syz.7.611: attempt to clear invalid blocks 1634560256 len 1
[  149.386285][ T7358] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.502368][ T7842] loop2: detected capacity change from 0 to 512
[  149.524804][ T7842] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  149.548942][ T7842] EXT4-fs (loop2): 1 truncate cleaned up
[  149.567626][ T7842] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.640920][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.795519][ T7838] loop6: detected capacity change from 0 to 32768
[  149.812473][ T7838] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.620 (7838)
[  149.836657][ T7838] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  149.847282][ T7838] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  149.856071][ T7838] BTRFS info (device loop6): using free-space-tree
[  150.224151][ T6927] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  150.810717][ T7896] loop2: detected capacity change from 0 to 16
[  150.821345][ T7893] loop6: detected capacity change from 0 to 2048
[  150.843115][ T7896] erofs: (device loop2): mounted with root inode @ nid 36.
[  150.861427][ T7893] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  150.883461][ T7899] input: syz0 as /devices/virtual/input/input12
[  150.895987][ T7893] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  150.924211][ T7893] UDF-fs: Scanning with blocksize 512 failed
[  150.984134][ T7893] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  151.194289][ T7907] netlink: 'syz.7.645': attribute type 2 has an invalid length.
[  151.232121][ T7907] netlink: 'syz.7.645': attribute type 1 has an invalid length.
[  151.300295][ T7909] loop1: detected capacity change from 0 to 128
[  151.327025][ T7909] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  151.369949][ T7909] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.548447][ T7905] loop2: detected capacity change from 0 to 32768
[  151.559708][ T7905] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.643 (7905)
[  151.589818][ T7909] fscrypt (loop1, inode 12): Direct key flag not allowed with different contents and filenames modes
[  151.619176][ T7905] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  151.635048][ T7905] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  151.665397][ T7905] BTRFS info (device loop2): using free-space-tree
[  151.687185][ T5849] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  152.013566][ T5855] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  152.271378][ T7955] hsr0: entered promiscuous mode
[  152.301351][ T7955] hsr0: left promiscuous mode
[  153.035729][ T7975] loop7: detected capacity change from 0 to 4096
[  153.080158][ T7975] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  153.126491][ T7982] loop2: detected capacity change from 0 to 16
[  153.143716][ T7975] ntfs3(loop7): failed to convert "c46c" to iso8859-13
[  153.180363][   T29] kauditd_printk_skb: 34 callbacks suppressed
[  153.180384][   T29] audit: type=1326 audit(1730328994.413:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7983 comm="syz.1.673" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x0
[  153.214579][ T7982] erofs: (device loop2): mounted with root inode @ nid 36.
[  153.261602][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.672'.
[  153.523614][ T8001] loop7: detected capacity change from 0 to 128
[  153.573401][ T7358] sysv_free_block: flc_count > flc_size
[  153.582516][ T7358] sysv_free_block: flc_count > flc_size
[  153.589013][ T7358] sysv_free_block: flc_count > flc_size
[  153.594958][ T7358] sysv_free_block: flc_count > flc_size
[  153.600940][ T7358] sysv_free_block: flc_count > flc_size
[  153.607467][ T7358] sysv_free_block: flc_count > flc_size
[  153.625153][ T7358] sysv_free_block: flc_count > flc_size
[  153.630766][ T7358] sysv_free_block: flc_count > flc_size
[  153.642834][ T7358] sysv_free_block: flc_count > flc_size
[  153.649022][ T7358] sysv_free_block: flc_count > flc_size
[  153.663221][ T7358] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  153.785148][    T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  153.945845][    T8] usb 1-1: Using ep0 maxpacket: 8
[  153.961803][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.989128][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  154.008901][    T8] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  154.028323][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.049728][    T8] usb 1-1: config 0 descriptor??
[  154.289553][ T8009] loop7: detected capacity change from 0 to 32768
[  154.313507][ T8009] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.684 (8009)
[  154.367471][ T8009] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  154.386266][ T8009] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm
[  154.401812][ T8009] BTRFS info (device loop7): using free-space-tree
[  154.413292][ T8007] loop2: detected capacity change from 0 to 40427
[  154.421381][ T8016] netlink: 'syz.1.689': attribute type 3 has an invalid length.
[  154.444391][ T8016] netlink: 3 bytes leftover after parsing attributes in process `syz.1.689'.
[  154.452752][ T8007] F2FS-fs (loop2): Found nat_bits in checkpoint
[  154.486154][    T8] hid-picolcd 0003:04D8:F002.0002: item fetching failed at offset 2/5
[  154.524707][    T8] hid-picolcd 0003:04D8:F002.0002: device report parse failed
[  154.533021][    T8] hid-picolcd 0003:04D8:F002.0002: probe with driver hid-picolcd failed with error -22
[  154.570856][ T8007] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  154.608124][   T29] audit: type=1804 audit(1730328995.843:138): pid=8007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.685" name="/newroot/164/file2/file0" dev="loop2" ino=10 res=1 errno=0
[  154.629791][    C1] vkms_vblank_simulate: vblank timer overrun
[  154.694145][   T25] usb 1-1: USB disconnect, device number 3
[  154.711796][ T5855] syz-executor: attempt to access beyond end of device
[  154.711796][ T5855] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  154.735947][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  154.790093][ T7358] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.536687][   T29] audit: type=1326 audit(1730328996.773:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8065 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  155.603222][   T29] audit: type=1326 audit(1730328996.773:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8065 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  155.676458][   T29] audit: type=1326 audit(1730328996.773:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8065 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  155.698657][    C1] vkms_vblank_simulate: vblank timer overrun
[  155.735093][   T29] audit: type=1326 audit(1730328996.773:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8065 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  155.777968][   T29] audit: type=1326 audit(1730328996.773:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8065 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbd37e719 code=0x7ffc0000
[  155.800162][    C1] vkms_vblank_simulate: vblank timer overrun
[  155.815065][    T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  155.999035][    T8] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  156.024063][ T8053] loop7: detected capacity change from 0 to 32768
[  156.041712][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.054112][    T8] usb 1-1: Product: syz
[  156.060377][ T8085] loop6: detected capacity change from 0 to 128
[  156.067346][    T8] usb 1-1: Manufacturer: syz
[  156.072003][    T8] usb 1-1: SerialNumber: syz
[  156.090940][ T8085] VFS: Found a Xenix FS (block size = 512) on device loop6
[  156.113446][ T8053] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  156.132351][    T8] usb 1-1: config 0 descriptor??
[  156.135689][ T8085] syz.6.712: attempt to access beyond end of device
[  156.135689][ T8085] loop6: rw=0, sector=8767744, nr_sectors = 1 limit=128
[  156.168827][ T8085] Buffer I/O error on dev loop6, logical block 8767744, async page read
[  156.212498][ T8085] syz.6.712: attempt to access beyond end of device
[  156.212498][ T8085] loop6: rw=0, sector=13269809, nr_sectors = 1 limit=128
[  156.227926][ T8085] Buffer I/O error on dev loop6, logical block 13269809, async page read
[  156.237662][ T8085] syz.6.712: attempt to access beyond end of device
[  156.237662][ T8085] loop6: rw=0, sector=1157, nr_sectors = 1 limit=128
[  156.251129][ T8085] Buffer I/O error on dev loop6, logical block 1157, async page read
[  156.260066][ T8085] syz.6.712: attempt to access beyond end of device
[  156.260066][ T8085] loop6: rw=0, sector=3211264, nr_sectors = 1 limit=128
[  156.276196][ T8085] Buffer I/O error on dev loop6, logical block 3211264, async page read
[  156.284682][ T8085] syz.6.712: attempt to access beyond end of device
[  156.284682][ T8085] loop6: rw=0, sector=8768635, nr_sectors = 1 limit=128
[  156.299480][ T8085] Buffer I/O error on dev loop6, logical block 8768635, async page read
[  156.308578][ T8085] syz.6.712: attempt to access beyond end of device
[  156.308578][ T8085] loop6: rw=0, sector=13466417, nr_sectors = 1 limit=128
[  156.322450][ T8085] Buffer I/O error on dev loop6, logical block 13466417, async page read
[  156.331214][ T8085] syz.6.712: attempt to access beyond end of device
[  156.331214][ T8085] loop6: rw=0, sector=209285, nr_sectors = 1 limit=128
[  156.344082][ T8053] XFS (loop7): Ending clean mount
[  156.384420][ T8085] Buffer I/O error on dev loop6, logical block 209285, async page read
[  156.402563][ T5901] XFS (loop7): Metadata CRC error detected at xfs_rmapbt_read_verify+0x41/0xd0, xfs_rmapbt block 0x14 
[  156.421301][ T5901] XFS (loop7): Unmount and run xfs_repair
[  156.421930][ T8085] syz.6.712: attempt to access beyond end of device
[  156.421930][ T8085] loop6: rw=0, sector=8767744, nr_sectors = 1 limit=128
[  156.427417][ T5901] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  156.460129][ T5901] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  156.471690][ T5901] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80  ..P.............
[  156.487029][ T5901] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  156.495159][ T8085] Buffer I/O error on dev loop6, logical block 8767744, async page read
[  156.512326][ T8085] syz.6.712: attempt to access beyond end of device
[  156.512326][ T8085] loop6: rw=0, sector=13269809, nr_sectors = 1 limit=128
[  156.524407][ T5901] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  156.535815][ T8085] Buffer I/O error on dev loop6, logical block 13269809, async page read
[  156.551112][ T5901] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  156.555400][ T8085] Buffer I/O error on dev loop6, logical block 1157, async page read
[  156.560127][ T5901] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  156.590534][   T29] audit: type=1800 audit(1730328997.823:144): pid=8085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.712" name="/" dev="loop6" ino=2 res=0 errno=0
[  156.610646][ T5901] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  156.628403][ T5901] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  156.642913][ T8105] loop2: detected capacity change from 0 to 2048
[  156.655311][ T8053] XFS (loop7): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x14 len 4 error 74
[  156.672407][ T8107] loop1: detected capacity change from 0 to 1024
[  156.673661][ T8053] XFS (loop7): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  156.685505][ T8107] EXT4-fs: Ignoring removed mblk_io_submit option
[  156.704268][ T6927] sysv_free_block: trying to free block not in datazone
[  156.709686][ T8105] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  156.719946][ T6927] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  156.725343][ T8105] UDF-fs: Scanning with blocksize 512 failed
[  156.727901][ T8107] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  156.734396][ T8053] XFS (loop7): Please unmount the filesystem and rectify the problem(s)
[  156.778897][ T8107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.821835][ T8105] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  156.906278][ T7358] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  156.962055][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.998025][    T8] usb 1-1: Firmware version (0.0) predates our first public release.
[  157.009093][    T8] usb 1-1: Please update to version 0.2 or newer
[  157.045765][ T8115] netlink: 12 bytes leftover after parsing attributes in process `syz.6.722'.
[  157.116847][    T8] usb 1-1: USB disconnect, device number 4
[  157.411026][ T8123] netlink: 'syz.2.724': attribute type 1 has an invalid length.
[  157.423355][ T8123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.724'.
[  157.781076][ T8142] loop7: detected capacity change from 0 to 24
[  157.792357][ T8137] loop2: detected capacity change from 0 to 2048
[  158.317537][ T8164] loop0: detected capacity change from 0 to 128
[  158.339354][ T8164] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  158.357406][ T8164] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  158.548732][ T5848] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  158.677518][ T8175] loop0: detected capacity change from 0 to 512
[  158.841681][ T8175] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.745: invalid indirect mapped block 256 (level 2)
[  158.885332][ T8175] EXT4-fs (loop0): 2 truncates cleaned up
[  158.898658][ T8175] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.997630][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.093514][ T8196] loop6: detected capacity change from 0 to 128
[  159.119565][ T8196] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  159.163454][ T8196] ext4 filesystem being mounted at /77/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  159.384311][ T6927] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  159.602745][ T8214] loop7: detected capacity change from 0 to 512
[  159.636010][ T8214] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  159.729195][ T8207] loop2: detected capacity change from 0 to 32768
[  159.738421][ T8207] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.758 (8207)
[  159.739459][ T8214] EXT4-fs (loop7): 1 truncate cleaned up
[  159.759765][ T8207] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  159.770282][ T8207] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  159.771253][ T8215] loop1: detected capacity change from 0 to 4096
[  159.779111][ T8207] BTRFS info (device loop2): using free-space-tree
[  159.796298][ T8214] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.820417][ T8215] ntfs3: Unknown parameter '18446744073709551615ÿÿÿÿÿÿ'
[  159.865107][    T8] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  159.893454][ T8214] fscrypt (loop7, inode 18): Unsupported encryption flags (0x10)
[  159.928447][ T8215] mkiss: ax0: crc mode is auto.
[  159.948335][ T8237] loop0: detected capacity change from 0 to 16
[  159.955492][ T8237] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  160.003608][ T7358] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.025258][    T8] usb 7-1: Using ep0 maxpacket: 16
[  160.035960][    T8] usb 7-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  160.063956][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.090756][ T5855] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  160.095262][    T8] usb 7-1: Product: syz
[  160.113291][    T8] usb 7-1: Manufacturer: syz
[  160.139273][    T8] usb 7-1: SerialNumber: syz
[  160.161505][    T8] usb 7-1: config 0 descriptor??
[  160.180857][    T8] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  160.398156][    T8] gp8psk: usb in 128 operation failed.
[  160.405138][    T8] gp8psk: usb in 137 operation failed.
[  160.410626][    T8] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  160.428162][    T8] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  160.439127][    T8] usb 7-1: media controller created
[  160.462001][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  160.495556][    T8] gp8psk_fe: Frontend revision 1 attached
[  160.502805][    T8] usb 7-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  160.512992][    T8] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  160.522893][ T8249] netlink: 64 bytes leftover after parsing attributes in process `syz.2.772'.
[  160.729884][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.833869][    T8] gp8psk: usb in 137 operation failed.
[  160.840042][    T8] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  160.852595][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.864383][    T8] gp8psk: found Genpix USB device pID = 201 (hex)
[  160.876474][    T8] usb 7-1: USB disconnect, device number 3
[  161.028490][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.080226][ T5851] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  161.098941][ T5851] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  161.109827][ T5851] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  161.111401][    T8] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  161.143031][ T5851] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  161.184050][ T5851] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  161.224131][ T5851] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  161.241007][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.310837][ T8266] netlink: 4 bytes leftover after parsing attributes in process `syz.1.780'.
[  161.436493][ T8264] loop2: detected capacity change from 0 to 4096
[  161.461244][ T8264] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  161.556513][   T35] bridge_slave_1: left allmulticast mode
[  161.563002][   T35] bridge_slave_1: left promiscuous mode
[  161.569367][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.590594][   T35] bridge_slave_0: left allmulticast mode
[  161.597387][   T35] bridge_slave_0: left promiscuous mode
[  161.603109][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.896579][ T8264] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  161.934333][ T8264] ntfs3(loop2): Failed to load $Extend (-22).
[  161.949413][ T8264] ntfs3(loop2): Failed to initialize $Extend.
[  161.991767][ T8277] Dead loop on virtual device ip6_vti0, fix it urgently!
[  162.039254][ T8269] loop1: detected capacity change from 0 to 32768
[  162.063246][ T8269] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.781 (8269)
[  162.119658][ T8269] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  162.130615][ T8269] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  162.139546][ T8269] BTRFS info (device loop1): using free-space-tree
[  162.337792][ T8298] loop6: detected capacity change from 0 to 2048
[  162.344643][ T5849] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  162.413517][ T8298] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.648462][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  162.681217][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  162.713664][   T35] bond0 (unregistering): Released all slaves
[  162.738447][ T8294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.786'.
[  162.802100][ T8294] wireguard0: entered promiscuous mode
[  162.808139][ T8294] wireguard0: entered allmulticast mode
[  162.931848][ T8256] chnl_net:caif_netlink_parms(): no params data found
[  163.101162][ T8306] loop1: detected capacity change from 0 to 16
[  163.109146][ T8306] erofs: (device loop1): mounted with root inode @ nid 36.
[  163.122346][   T29] audit: type=1800 audit(1730329004.353:145): pid=8306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.797" name="file1" dev="loop1" ino=86 res=0 errno=0
[  163.304983][ T5868] Bluetooth: hci9: command tx timeout
[  163.334434][ T8310] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  163.384131][ T8310] macsec1: entered promiscuous mode
[  163.393127][ T6386] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  163.419714][ T8310] macsec1: entered allmulticast mode
[  163.429688][ T8310] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  163.445424][ T6386] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  163.479870][ T8310] mac80211_hwsim hwsim2 wlan0: left allmulticast mode
[  163.495991][ T6386] EXT4-fs (loop6): This should not happen!! Data will be lost
[  163.495991][ T6386] 
[  163.506245][ T8310] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  163.521731][ T6386] EXT4-fs (loop6): Total free blocks count 0
[  163.528002][ T6386] EXT4-fs (loop6): Free/Dirty block details
[  163.534020][ T6386] EXT4-fs (loop6): free_blocks=2415919104
[  163.547486][ T6386] EXT4-fs (loop6): dirty_blocks=4592
[  163.552830][ T6386] EXT4-fs (loop6): Block reservation details
[  163.570367][   T35] hsr_slave_0: left promiscuous mode
[  163.580720][ T6386] EXT4-fs (loop6): i_reserved_data_blocks=287
[  163.590238][   T35] hsr_slave_1: left promiscuous mode
[  163.616699][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  163.641380][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  163.655815][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  163.682042][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  163.690409][ T6386] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[  163.828700][   T35] veth1_macvtap: left promiscuous mode
[  163.834281][   T35] veth0_macvtap: left promiscuous mode
[  163.845046][   T35] veth1_vlan: left promiscuous mode
[  163.850394][   T35] veth0_vlan: left promiscuous mode
[  163.904973][ T8311] loop1: detected capacity change from 0 to 32768
[  164.014218][ T8311] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.183865][ T8311] XFS (loop1): Ending clean mount
[  164.192962][ T8311] XFS (loop1): Quotacheck needed: Please wait.
[  164.269434][ T8311] XFS (loop1): Quotacheck: Done.
[  164.349297][ T8316] loop7: detected capacity change from 0 to 32768
[  164.377654][   T29] audit: type=1804 audit(1730329005.613:146): pid=8311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.789" name="/newroot/161/bus/bus" dev="loop1" ino=9291 res=1 errno=0
[  164.459401][ T5849] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.493477][ T8316] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.775167][ T8316] XFS (loop7): Ending clean mount
[  164.812445][ T8316] XFS (loop7): Quotacheck needed: Please wait.
[  164.936237][ T8316] XFS (loop7): Quotacheck: Done.
[  164.952585][ T8325] loop6: detected capacity change from 0 to 32768
[  164.959905][ T8325] XFS: ikeep mount option is deprecated.
[  165.099333][ T8325] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  165.120381][ T7358] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  165.261169][ T8325] XFS (loop6): Ending clean mount
[  165.308728][ T8325] XFS (loop6): Quotacheck needed: Please wait.
[  165.389084][ T5868] Bluetooth: hci9: command tx timeout
[  165.416120][ T8325] XFS (loop6): Quotacheck: Done.
[  165.507885][   T35] team0 (unregistering): Port device team_slave_1 removed
[  165.549262][ T6927] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  165.668839][   T35] team0 (unregistering): Port device team_slave_0 removed
[  166.522187][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.530067][ T8256] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.540520][ T8256] bridge_slave_0: entered allmulticast mode
[  166.548041][ T8256] bridge_slave_0: entered promiscuous mode
[  166.561428][ T8256] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.587637][ T8256] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.596227][ T8256] bridge_slave_1: entered allmulticast mode
[  166.604046][ T8256] bridge_slave_1: entered promiscuous mode
[  166.676893][ T8256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.753943][ T8256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.900804][ T8256] team0: Port device team_slave_0 added
[  166.911760][ T8256] team0: Port device team_slave_1 added
[  166.959101][ T8375] loop7: detected capacity change from 0 to 1024
[  166.981682][ T8375] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.032416][ T8256] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.063807][ T8256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.090146][ T8256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.103492][ T8256] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.110601][ T8256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.136737][ T8256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.183689][ T7358] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.226416][ T8256] hsr_slave_0: entered promiscuous mode
[  167.240351][ T8256] hsr_slave_1: entered promiscuous mode
[  167.258079][ T8256] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  167.269463][ T8382] loop2: detected capacity change from 0 to 16
[  167.274937][ T8256] Cannot create hsr debugfs directory
[  167.325825][ T8382] erofs: (device loop2): mounted with root inode @ nid 36.
[  167.361775][ T5868] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 0] out[9000]
[  167.378936][ T8382] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  167.465005][ T5868] Bluetooth: hci9: command tx timeout
[  167.465027][ T8382] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 89
[  167.544115][   T29] audit: type=1800 audit(1730329008.773:147): pid=8382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.809" name="file3" dev="loop2" ino=89 res=0 errno=0
[  167.552560][   T35] IPVS: stop unused estimator thread 0...
[  167.877299][ T8256] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  167.898718][ T8256] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  167.937650][ T8256] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  167.951579][ T8256] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  168.158626][ T8256] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.200069][ T8256] 8021q: adding VLAN 0 to HW filter on device team0
[  168.221640][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.228845][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.230322][ T8387] loop1: detected capacity change from 0 to 40427
[  168.277770][ T1105] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.285079][ T1105] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.297488][ T8387] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  168.318435][ T8387] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  168.373416][ T8387] F2FS-fs (loop1): Found nat_bits in checkpoint
[  168.490265][ T8413] netlink: 8 bytes leftover after parsing attributes in process `syz.6.822'.
[  168.626371][ T8387] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  168.644086][ T8387] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  168.754591][ T8256] 8021q: adding VLAN 0 to HW filter on device batadv0
[  169.081327][ T8434] loop7: detected capacity change from 0 to 512
[  169.163553][ T8434] EXT4-fs error (device loop7): ext4_xattr_ibody_find:2240: inode #15: comm syz.7.828: corrupted in-inode xattr: invalid ea_ino
[  169.173801][ T8256] veth0_vlan: entered promiscuous mode
[  169.192889][ T8434] EXT4-fs error (device loop7): ext4_orphan_get:1393: comm syz.7.828: couldn't read orphan inode 15 (err -117)
[  169.204618][ T8256] veth1_vlan: entered promiscuous mode
[  169.258291][ T8256] veth0_macvtap: entered promiscuous mode
[  169.271681][ T8434] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.312958][ T8256] veth1_macvtap: entered promiscuous mode
[  169.399598][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.434557][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.457744][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.478980][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.494514][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.525385][    T8] IPVS: starting estimator thread 0...
[  169.534769][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.545953][ T5868] Bluetooth: hci9: command tx timeout
[  169.574139][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.576095][ T8434] EXT4-fs: Can't set or change test_dummy_encryption on remount
[  169.613374][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.625355][ T8446] IPVS: using max 18 ests per chain, 43200 per kthread
[  169.655303][ T8256] batman_adv: batadv0: Interface activated: batadv_slave_0
[  169.679350][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.720530][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.742602][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.753246][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.763863][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.775084][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.785265][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.795873][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.808402][ T8256] batman_adv: batadv0: Interface activated: batadv_slave_1
[  169.820857][ T8256] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  169.829696][ T8256] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  169.843320][ T8256] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  169.847929][ T7358] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.853175][ T8256] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.120788][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.146404][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.206658][ T6386] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.245165][ T6386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.278915][ T8440] loop6: detected capacity change from 0 to 32768
[  170.298769][ T8440] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.830 (8440)
[  170.352801][ T8440] BTRFS info (device loop6): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  170.389665][ T8465] loop1: detected capacity change from 0 to 1024
[  170.396862][ T8440] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  170.407440][ T8440] BTRFS info (device loop6): using free-space-tree
[  170.425923][ T8465] EXT4-fs: Ignoring removed nomblk_io_submit option
[  170.474520][ T8465] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.575103][ T8465] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.839: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  170.606181][ T8465] EXT4-fs (loop1): Remounting filesystem read-only
[  170.806305][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.012847][ T6927] BTRFS info (device loop6): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  171.256354][    T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  171.445131][    T8] usb 2-1: Using ep0 maxpacket: 16
[  171.454721][    T8] usb 2-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[  171.478113][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.497458][    T8] usb 2-1: config 0 descriptor??
[  171.527250][    T8] gspca_main: sq905c-2.14.0 probing 2770:9050
[  171.590470][ T8493] loop2: detected capacity change from 0 to 32768
[  171.661183][ T8493] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  171.852029][ T5855] ocfs2: Unmounting device (7,2) on (node local)
[  172.144959][    C0] 
[  172.147346][    C0] =============================
[  172.152221][    C0] [ BUG: Invalid wait context ]
[  172.157086][    C0] 6.12.0-rc5-next-20241030-syzkaller #0 Not tainted
[  172.163671][    C0] -----------------------------
[  172.168547][    C0] syz.6.857/8526 is trying to lock:
[  172.173742][    C0] ffffffff8ea733d8 (stack_list_lock){-.-.}-{3:3}, at: __set_page_owner+0x5cb/0x800
[  172.183089][    C0] other info that might help us debug this:
[  172.188991][    C0] context-{2:2}
[  172.192509][    C0] no locks held by syz.6.857/8526.
[  172.197640][    C0] stack backtrace:
[  172.201391][    C0] CPU: 0 UID: 0 PID: 8526 Comm: syz.6.857 Not tainted 6.12.0-rc5-next-20241030-syzkaller #0
[  172.211493][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  172.221676][    C0] Call Trace:
[  172.224967][    C0]  <TASK>
[  172.227902][    C0]  dump_stack_lvl+0x241/0x360
[  172.232606][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.237819][    C0]  ? __pfx__printk+0x10/0x10
[  172.242417][    C0]  ? stack_trace_save+0x118/0x1d0
[  172.247452][    C0]  __lock_acquire+0x15a8/0x2100
[  172.252317][    C0]  ? __alloc_pages_noprof+0x292/0x710
[  172.257703][    C0]  lock_acquire+0x1ed/0x550
[  172.262226][    C0]  ? __set_page_owner+0x5cb/0x800
[  172.267275][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  172.272346][    C0]  _raw_spin_lock_irqsave+0xd5/0x120
[  172.277644][    C0]  ? __set_page_owner+0x5cb/0x800
[  172.282940][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  172.288852][    C0]  ? __kmalloc_cache_noprof+0x243/0x390
[  172.294402][    C0]  ? __set_page_owner+0x55f/0x800
[  172.299441][    C0]  __set_page_owner+0x5cb/0x800
[  172.304308][    C0]  ? __pfx___set_page_owner+0x10/0x10
[  172.309704][    C0]  post_alloc_hook+0x1f3/0x230
[  172.314487][    C0]  get_page_from_freelist+0x3725/0x3870
[  172.320048][    C0]  ? __lock_acquire+0x1397/0x2100
[  172.325105][    C0]  __alloc_pages_noprof+0x292/0x710
[  172.330403][    C0]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  172.336133][    C0]  ? is_bpf_text_address+0x26/0x2a0
[  172.341335][    C0]  ? kernel_text_address+0xa7/0xe0
[  172.346454][    C0]  ? arch_stack_walk+0xfd/0x150
[  172.351311][    C0]  alloc_pages_mpol_noprof+0x3e8/0x680
[  172.356783][    C0]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  172.362788][    C0]  ? stack_trace_save+0x118/0x1d0
[  172.367828][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  172.373210][    C0]  ? alloc_pages_noprof+0x43/0x170
[  172.378349][    C0]  stack_depot_save_flags+0x666/0x830
[  172.383740][    C0]  kasan_save_stack+0x4f/0x60
[  172.388472][    C0]  ? kasan_save_stack+0x3f/0x60
[  172.393347][    C0]  ? __kasan_record_aux_stack+0xac/0xc0
[  172.398910][    C0]  ? task_work_add+0xd9/0x490
[  172.403603][    C0]  ? run_posix_cpu_timers+0x6ac/0x810
[  172.408987][    C0]  ? tick_nohz_handler+0x37c/0x500
[  172.414114][    C0]  ? __hrtimer_run_queues+0x551/0xd50
[  172.419531][    C0]  ? hrtimer_interrupt+0x396/0x990
[  172.424656][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[  172.430837][    C0]  ? sysvec_apic_timer_interrupt+0x52/0xc0
[  172.436668][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  172.442910][    C0]  ? __phys_addr+0xba/0x170
[  172.447440][    C0]  __kasan_record_aux_stack+0xac/0xc0
[  172.452832][    C0]  task_work_add+0xd9/0x490
[  172.457349][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  172.462405][    C0]  ? __pfx_task_work_add+0x10/0x10
[  172.467534][    C0]  run_posix_cpu_timers+0x6ac/0x810
[  172.472749][    C0]  ? __pfx_run_posix_cpu_timers+0x10/0x10
[  172.478479][    C0]  ? sched_balance_trigger+0x1a3/0x890
[  172.483985][    C0]  tick_nohz_handler+0x37c/0x500
[  172.488934][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[  172.494408][    C0]  __hrtimer_run_queues+0x551/0xd50
[  172.499614][    C0]  ? ktime_get_update_offsets_now+0x3c/0x250
[  172.505628][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  172.511393][    C0]  hrtimer_interrupt+0x396/0x990
[  172.516359][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[  172.522363][    C0]  sysvec_apic_timer_interrupt+0x52/0xc0
[  172.528020][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  172.534020][    C0] RIP: 0033:0x7fc15f049398
[  172.538452][    C0] Code: 54 24 08 49 8d 75 50 48 01 f2 48 39 d3 72 16 eb 49 90 0f b7 03 83 c0 03 25 fc ff 01 00 48 01 c3 48 39 d3 73 35 66 83 7b 02 01 <75> e6 0f b7 5b 04 66 85 db 74 25 31 c9 ba 00 10 00 00 89 ef e8 cf
[  172.558066][    C0] RSP: 002b:00007fc15feb7f60 EFLAGS: 00000297
[  172.564163][    C0] RAX: 0000000000000000 RBX: 00007fc15feb8024 RCX: 0000000000000000
[  172.572137][    C0] RDX: 00007fc15feb8068 RSI: 00007fc15feb8010 RDI: 00007fc15feb99c8
[  172.580133][    C0] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[  172.588125][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200000c0
[  172.596198][    C0] R13: 00007fc15feb7fc0 R14: 000000000000000c R15: 0000000000000000
[  172.604214][    C0]  </TASK>
[  172.657982][    T8] usb 2-1: USB disconnect, device number 8