last executing test programs:

3.2318552s ago: executing program 0 (id=2146):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf253000000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x40040c0}, 0x4000000)

3.230931908s ago: executing program 5 (id=2147):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x17fd147c801ae9ab, 0x0)

3.015705881s ago: executing program 0 (id=2148):
syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, &(0x7f0000000600)=ANY=[], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$userio(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)

2.657085006s ago: executing program 0 (id=2154):
syz_mount_image$xfs(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x4800802, &(0x7f0000000500)={[{@nolazytime}, {@pqnoenforce}, {@uquota}, {@allocsize={'allocsize', 0x3d, [0x35, 0x35, 0x36, 0x6d]}}]}, 0x4, 0x986e, &(0x7f0000002d00)="$eJzs3Qnc5XPBuP8zYzD2pUQbsqXVmiUl+1JS1siePWtIKPtSlooSKgpFUgqhIlLZs5N93/d9X/+vMUNMF3l+/+d59Mx1XS9zn+17n/tzf97n83Wf+d5zzkqLLbfQYDDpYGQvn/6zMw64afXlJ1pqixP3G3blIXsvfe+oq8cZeTLZAqNOFxx1utBgMBgy6n6GjLxu2PwnnDh0MGww4r9/NuF44w+dcDAYf9TFUfczmHvkyQRHvrzdi6PFA512xJfba+Sfl5poxJ2MOLPqms9vOhgMhr/q80eMa9Z/+UalLbbkQsv/0+oVt6Gjbh7yz9teOh028s8Ehw8GExw6eP3Hx4htx37V5/5vNuJrTjr9YIWb3oKv/X+ulRZcfMnR/EesxbFGXTf3iDU++ho0NvrjfO/lNrp71BQOGTVxw161Xt6Kx/3/UystuNhSg9dfx4OlF93+rhdf2m8OW2QwGLboYDBsscFg2OJvtUf99/SWPviqqqrqLWnBheYY8Zx96Gg/Dwx/+eda+rnwnOdmu20wGLb0yOeJw9Z8+blgVVVVVVVVVf1ntuBCcywMz/8nfaPn/9OesttkPf+vqqqqqqqq+r/TkgsuNMeI5/qjPf+f6o2e/z90zzFHjPzd/wXmHvlZL7y130RVVVVVVVVVvWGLLYnP/6d9o+f/550w7YU9/6+qqqqqqqr6v9Oycyy28OBVr7M36uqZX76dnv+feucNq71V462qqqqqqqqq/3ov3H/yaf98zfepB6O93vtLjfp7gSHHnn7xxW/ZQP8zGvKvfx+y01s9pv+/jXAefvS0g8GmK7zVQ6m3oP8zr1Vf/yPl7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7iXuf4/yuv/3/q8Wu//F7w759xjqtO/udnvvTe/8OWXvL+nd+iob8VjanH/wcbDhkMRvlOuuFgMFh6wWWXn3kwGJx81RwzzjB45bZ5Rtw23+RjvfQG8S//M5FFJ+M73mm6kacjHiiDt79yH8e+dP9LvnjYWENGG8SrmuykI47YYKUn5xz9dKbX/z6GvnJuohPvefnfsgwdbaPhr/PJL9//y9/L6M6jxj7ziLHPstUmm8+y5bbbfWTDTdZaf93119103tnnmm3Oeeeda65Z1ttw43VnHfnx9eZs2pc+Lvxm5mzC0efs/gVfPWejf2+vN2fTvvGcvXSP+587/FMvz9mw/+KcLfzGczbthqO+0GQLjD1Y86W5GTIYTLbI2INtRlyYbdzBYLJFR2071YhtPzH50MFg339+oyPOjfvKY3DITiO2WWmx5RYauZsaDP55+s9e5/3sxxk18gVGnS446nShkV9m0sE/H4rD5j/hxKEj5uI10zHheOMPnXAwGH/UxVH3M5h35Mn4p7y83eu8z/poA33pZVb2GvnnpSYaDAYTjDgz9Vqn7j5i6v8X3qf9/+n////iNc+QVx6PQ0b9GbXNSK8FF1/yn1/rpWkYMXdjjbpu7hEm/81vbf+a/mW80w4fTPsG432D18V5KXp8bXzyFLv8d70uDo13qjcY7xu8ju/rjnfF2w66e+Rd/beNd7R93VIvfVzgzezrBm+8rxuL7mDdC947+r7uM68/xNfsLl+eo3FH2+j19nVTHTzNTiPuf4E33tctNWLsY79mXzd0MJhs4Zf3dSN2fIuNPdh3xIXZR1xYfOzBUSMuzPHShfEGp4+48NG1N9t4nRFXLPGvj4OZh7zmFzRhnS022job8qrvfchov985bOTpBIe//B5Or7PfHDLq2/q3+wp63E76BuN9g/efwnkecd06xw2f4r/r/adovMPfeLyv937ZrzvefZ449ab/5vG+ss7GftV0LfFm1tm0r11nI77FsV61Mt7sz2HrwPYjz0/1yr1tvcM9r/xMMfZo9/vvfqZY4o3X2aQbjvZ5ex46GPJGc7P4m5mb9/zLPmjnV8/Nm/15a+bpR94+1hvMzbjzrj7Ty3Mzzn9xbhb/r87NAoOxXjs3wwaLDgaDGUbtHxZ7M3Mz1RvPzZt93IwP2488v+4rVy2y99FnvTw3o8/Fv5ubxf6rczPtK4+bGV66bbqhg3HGGWyz1lZbbTHbyI8vX5x95Mc3XoOLvJm5nPS/Zy7fNez15vKfD9UJb7vw8H+zBv9ln/7y/S/yX53LwStzOdhw9MVS/6n193/u8neXv7v83eXvLn93+Yt7neP/r7z+/4GTzrffqL/cGPvCaabc460e71vcGH38f5Tva47/7zHlNBcOHbxy2xsenx25zX/k8dm5R55McOTL241+fJAH+vrHZw+dd+7d/peOz/4/9fJafRN/D9f+313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/udY7/z/ry7wHcOdsyj4w6EDr2vbuussxbPd63uDH6+P8o39cc/19mlV3vHTp45bY3PP4/chvH8f9bnl1sn//k4/8vr9WO/9e/KX936D/6a4DUGFvr313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yF/c6x/8XePn3AI455qDtXv59gMsn2+vkt3q8b3Fj6vH/3v/fW/t/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7iXjv+P/DfCr/6Xwp/vcYHB8f//2436/Y/BaP7L5I9Z/JfNnxo6GDj8l8sfs6z/5fPHLP4r5I9Z/FfMH7P4fyF/zOK/Uv6YxX/l/DGL/xfzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/L+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6YxX/9/DGL/wb5Yxb/DfPHLP5fzh+z+G+UP2bx3zh/zOK/Sf6YxX/TN/Yf/j89rP/ULP6btf4xi//m+WMW/6/kj1n8t8gfs/hvmT9m8d8qf8zi/9X8MYv/1vljFv+v5Y9Z/LfJH7P4b5s/ZvHfLn/M4v/1/DGL/zfyxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOK/c/6YxX+X/DGL/675Yxb/3fLHLP67549Z/PfIH7P4fzN/zOL/rfwxi/+e+WMW/73yxyz+e+ePWfz3yR+z+H87f8zi/538MYv/d/PHLP775o9Z/PfLH7P4fy9/zOL//fwxi//++WMW/x/kj1n8D8gfs/gfmD9m8T8of8zi/8P8MYv/j/LHLP4/zh+z+B+cP2bxPyR/zOL/k/wxi/9P88cs/ofmj1n8D8sfs/gfnj9m8f9Z/pjF/+f5Yxb/I/LHLP5H5o9Z/H+RP2bxPyp/zOL/y/wxi//R+WMW/1/lj1n8f50/ZvE/Jn/M4v+b/DGL/2/zxyz+x+aPWfyPyx+z+B+fP2bx/13+mMX/hPwxi/+J+WMW/5Pyxyz+v88fs/j/IX/M4v/H/DGL/8n5Yxb/U/LHLP5/yh+z+J+aP2bxPy1/zOL/5/wxi//p+WMW/7/kj1n8/5o/ZvH/W/6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5v/K03wqvMW//Pyxyz+f88fs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bx/0f+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljEv8hg/wxi/+Q/DGL/9D8MYv/WPljFv9h+WMW/7Hzxyz+4+SPWfzHzR+z+A/PH7P4j5c/ZvEfP3/M4j9B/pjFf8L8MYv/RPljFv+J88cs/pPkj1n8J80fs/hPlj9m8Z88f8zi/7b8MYv/2/PHLP5T5I9Z/N+RP2bxnzJ/zOI/Vf6Yxf+d+WMW/3flj1n8350/ZvF/T/6Yxf+9+WMW/6nzxyz+0+SPWfynzR+z+L8vf8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+M+WPWfzfnz9m8Z85f8zi/4H8MYv/B/PHLP4fyh+z+H84f8zi/5H8MYv/R/PHLP6z5I9Z/GfNH7P4z5Y/ZvGfPX/M4j9H/pjFf878MYv/x/LHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4v/x/DGL/3z5Yxb/T+SPWfw/mT9m8Z8/f8zi/6n8MYv/AvljFv8F88cs/gvlj1n8F84fs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/yXzxyz+n84fs/h/Jn/M4r9U/pjF/7P5Yxb/pfPHLP6fyx+z+H8+f8ziv0z+mMV/2fwxi/9y+WMW/+Xzxyz+K+SPWfxXzB+z+H8hf8ziv1L+mMV/5fwxi/8X88cs/qvkj1n8V80fs/ivlj9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/y/lj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/w3zxyz+X84fs/hvlD9m8d84f8ziv4nOf7w3tZXFf1Od/5vL4r9Z/pjFf/P8MYv/V/LHLP5b5I9Z/LfMH7P4b5U/ZvH/av6YxX/r/DGL/9fyxyz+2+SPWfy3zR+z+G+XP2bx/3r+mMX/G/ljFv/t88cs/jvkj1n8d8wfs/jvlD9m8d85f8ziv0v+mMV/1/wxi/9u+WMW/93zxyz+e+SPWfy/mT9m8f9W/pjFf8/8MYv/XvljFv+988cs/vvkj1n8v50/ZvH/Tv6Yxf+7+WMW/33zxyz+++WPWfy/lz9m8f9+/pjFf//8MYv/D/LHLP4H5I9Z/A/MH7P4H5Q/ZvH/Yf6Yxf9H+WMW/x/nj1n8D84fs/gfkj9m8f9J/pjF/6f5Yxb/Q/PHLP6H5Y9Z/A/PH7P4/yx/zOL/8/wxi/8R+WMW/yPzxyz+v3it/x3/6+P6D83if1TrH7P4/zJ/zOJ/dP6Yxf9X+WMW/1/nj1n8j8kfs/j/Jn/M4v/b/DGL/7H5Yxb/4/LHLP7H549Z/H+XP2bxPyF/zOJ/Yv6Yxf+k/DGL/+/zxyz+f8gfs/j/MX/M4n9y/pjF/5T8MYv/n/LHLP6n5o9Z/E/LH7P4/zl/zOJ/ev6Yxf8v+WMW/7/mj1n8/5Y/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfk/i/VP7/msR/yPn5Yxb/C/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv9/5I9Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfmP1rBRpw7/6/LHLOv/+vwxi/8N+WMW/xvzxyz+N+WPWfxvzh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHJP4vnc3/X7P4D8kfs/gPzR+z+I+VP2bxH5Y/ZvEfO3/M4j9O/pjFf9z8MYv/8Pwxi/94+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6YxX/S/DGL/2T5Yxb/yfPHLP5vyx+z+L89f8ziP0X+mMX/HfljFv8p88cs/lPlj1n835k/ZvF/V/6Yxf/d+WMW//fkj1n835s/ZvGfOn/M4j9N/pjFf9r8MYv/+/LHLP7T5Y9Z/KfPH7P4z5A/ZvGfMX/M4j9T/pjF//35Yxb/mfPHLP4fyB+z+H8wf8zi/6H8MYv/h/PHLP4fyR+z+H80f8ziP0v+mMV/1vyxIWccMPZgMBjj/WfLH7Os/9nzxyz+c+SPWfznzB+z+H8sf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+H88fs/jPlz9m8f9E/pjF/5P5Yxb/+fPHLP6fyh+z+C+QP2bxXzB/zOK/UP6YxX/h/DGL/yL5Yxb/RfPHLP6L5Y9Z/BfPH7P4L5E/ZvFfMn/M4v/p/DGL/2fyxyz+S+WPWfw/mz9m8V86f8zi/7n8MYv/5/PHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/F/LHLP4r5Y9Z/FfOH7P4fzF/zOK/Sv6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvH/Uv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4b5A/ZvHfMH/M4v/l/DGL/0b5Yxb/jfPHLP6b5I9Z/DfNH7P4b5Y/ZvHfPH/M4v+V/DGL/xb5Yxb/LfPHLP5b5Y9Z/L+aP2bx3zp/zOL/tfwxi/82+WMW/23zxyz+2+WPWfy/nj9m8f9G/pjFf/v8MYv/DvljFv8d88cs/jvlj1n8d84fs/jvkj9m8d81f8ziv1v+mMV/9/wxi/8e+WMW/2/mj1n8v5U/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9v549Z/L+TP2bx/27+mMV/3/wxi/9++WMW/+/lj1n8v58/ZvHfP3/M4v+D/DGL/wH5Yxb/A/PHLP4H5Y9Z/H+YP2bx/1H+mMX/x/ljFv+D88cs/ofkj1n8f5I/ZvH/af6Yxf/Q/DGL/2H5Yxb/w/PHLP4/yx+z+P88f8zif0T+mMX/yPwxi/8v8scs/kflj1n8f5k/ZvE/On/M4v+r/DGL/6/zxyz+x+SPWfx/kz9m8f9t/pjF/9j8MYv/cfljFv/j88cs/r/LH7P4n5A/ZvE/MX/M4n9S/pjF//f5Yxb/P+SPWfz/mD9m8T95pP9Eb9Ww/lOz+J/S+scs/n/KH7P4n5o/ZvE/LX/M4v/n/DGL/+n5Yxb/v+SPWfz/mj9m8f9b/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zi//f8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/3/kj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/JvEfa5A/ZvEfkj9m8R+aP2bxHyt/zOI/LH/M4j92/pjFf5z8MYv/uPljFv/h+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6YxX+S/DGL/6T5Yxb/yfLHLP6T549Z/N+WP2bxf3v+mMV/ivwxi/878scs/lPmj1n8p8ofs/i/M3/M4v+u/DGL/7vzxyz+78kfs/i/N3/M4j91/pjFf5r8MYv/tPljFv/35Y9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjFf6b8MYv/+/PHLP4z549Z/D+QP2bx/2D+mMX/Q/ljFv8P549Z/D+SP2bx/2j+mMV/lvwxi/+s+WMW/9nyxyz+s+ePWfznyB+z+M+ZP2bx/9gb+4/7Pz6u/9As/nO1/kdv7IHIf+78MYv/PPljFv9588cs/h/PH7P4z5c/ZvH/RP6Yxf+T+WMW//nzxyz+n8ofs/gvkD9m8V8wf8ziv1D+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bxXzJ/zOL/6fwxi/9n8scs/kvlj1n8P5s/ZvFfOn/M4v+5/DGL/+fzxyz+y+SPWfyXzR+z+C+XP2bxXz5/zOK/Qv6YxX/F/DGL/xfyxyz+K+WPWfxXzh+z+H8xf8ziv0r+mMV/1fwxi/9q+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bx/1L+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+G+QP2bx3zB/zOL/5fwxi/9G+WMW/43zxyz+m+SPWfw3zR+z+G+WP2bx3zx/zOL/lfwxi/8W+WMW/y3zxyz+W+WPWfy/mj9m8d86f8zi/7X8MYv/NvljFv9t88cs/tvlj1n8v54/ZvH/Rv6YxX/7/DGL/w75Yxb/HfPHLP475Y9Z/HfOH7P475I/ZvHfNX/M4r9b/pjFf/f8MYv/HvljFv9v5o9Z/L+VP2bx3zN/zOK/V/6YxX/v/DGL/z75Yxb/b+ePWfy/kz9m8f9u/pjFf9/8MYv/fvljFv/v5Y9Z/L+fP2bx3z9/zOL/g/wxi/8B+WMW/wPzxyz+B+WPWfx/mD9m8f9R/pjF/8f5Yxb/g/PHLP6H5I9Z/H+SP2bx/2n+mMX/0Pwxi/9h+WMW/8Pzxyz+P8sfs/j/PH/M4n9E/pjF/8j8MYv/L/LHLP5H5Y9Z/H+ZP2bxPzp/zOL/q/wxi/+v88cs/sfkj1n8f5M/Nsb7D3/p7Fi/zR8b4/1HNtax+WMW/+Pyxyz+x+ePWfx/lz9m8T8hf8zif2L+mMX/pPwxi//v88cs/n/IH7P4/zF/zOJ/cv6Yxf+U/DGL/5/yxyz+p+aPWfxPyx+z+P85f8zif3r+mMX/L/ljFv+/5o9Z/P+WP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4/z1/zOJ/fv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/x/5Yxb/K/LHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfs/uPx1Rb/F+3+r5PEf9ggf8ziPyR/zOI/NH/M4j9W/pjFf1j+mMV/7Pwxi/84+WMW/3Hzxyz+w/PHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv9J88cs/pPlj1n8J88fs/i/LX/M4v/2/DGL/xT5Yxb/d+SPWfynzB+z+E+VP2bxf2f+mMX/XfljFv93549Z/N+TP2bxf2/+mMV/6vwxi/80+WMW/2nzxyz+78sfs/hPlz9m8Z8+f8ziP0P+mMV/xvwxi/9M+WMW//fnj1n8Z84fs/h/IH/M4v/B/DGL/4fyxyz+H84fs/h/JH/M4v/R/DGL/yz5Yxb/WfPHLP6z5Y9Z/GfPH7P4z5E/ZvGfM3/M4v+x/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4fzx/zOI/X/6Yxf8T+WMW/0/mj1n8588fs/h/Kn/M4r9A/pjFf8H8MYv/QvljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/+n88cs/p95A3/z48Liv5Tc+fWy+H82f8ziv3T+mMX/c/ljFv/P549Z/JfJH7P4L5s/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv8v5I9Z/FfKH7P4r5w/ZvH/Yv6YxX+V/DGL/6r5Yxb/1fLHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4v+l/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvHfIH/M4r9h/pjF/8v5Yxb/jfLHLP4b549Z/DfJH7P4b5o/ZvHfLH/M4r95/pjF/yv5Yxb/LfLHLP5b5o9Z/LfKH7P4fzV/zOK/df6Yxf9r+WMW/23yxyz+2+aPWfy3yx+z+H89f8zi/438MYv/9vljFv8d8scs/jvmj1n8d8ofs/jvnD9m8d8lf8ziv2v+mMV/t/wxi//u+WMW/z3yxyz+38wfs/h/K3/M4r9n/pjFf6/8MYv/3vljFv998scs/t/OH7P4fyd/zOL/3fwxi/+++WMW//3yxyz+38sfs/h/P3/M4r9//pjF/wf5Yxb/A/LHLP4H5o9Z/A/KH7P4/zB/zOL/o/wxi/+P88cs/gfnj1n8D8kfs/j/JH/M4v/T/DGL/6H5Yxb/w/LHLP6H549Z/H+WP2bx/3n+mMX/iPwxi/+R+WMW/1/kj1n8j8ofs/j/Mn/M4n90/pjF/1f5Yxb/X+ePWfyPyR+z+P8mf8zi/9v8MYv/sfljFv/j8scs/sfnj1n8f5c/ZvE/IX/M4n9i/pjF/6T8MYv/7/PHLP5/yB+z+P8xf8zif3L+mMX/lPwxi/+f8scs/qfmj1n8T8sfs/j/OX/M4n96/pjF/y/5Yxb/v+aPWfz/lj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+P89f8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf8f+WMW/yvyxyz+V+aPWfyvyh+z+F+dP2bxvyZ/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj0n8xx7kj1n8h+SPWfyH5o9Z/MfKH7P4D8sfs/iPnT9m8R8nf8ziP27+mMV/eP6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4j9p/pjFf7L8MYv/5PljFv+35Y9Z/N+eP2bxnyJ/zOL/jvwxi/+U+WMW/6nyxyz+78wfs/i/K3/M4v/u/DGL/3vyxyz+780fs/hPnT9m8Z8mf8ziP23+mMX/ffljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8Z8pf8zi//78MYv/zPljFv8P5I9Z/D+YP2bx/1D+mMX/w/ljFv+P5I9Z/D+aP2bxnyV/zOI/a/6YxX+2/DGL/+z5Yxb/OfLHLP5z5o9Z/D+WP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/j+ePWfznyx+z+H8if8zi/8n8MYv//PljFv9P5Y9Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8l8gfs/gvmT9m8f90/pjF/zP5Yxb/pfLHLP6fzR+z+C+dP2bx/1z+mMX/8/ljFv9l8scs/svmj1n8l8sfs/gvnz9m8V8hf8ziv2L+mMX/C/ljFv+V8scs/ivnj1n8v5g/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv818scs/mvmj1n818ofs/h/KX/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/hvmD9m8f9y/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8N8sfs/hvnj9m8f9K/pjFf4v8MYv/lvljFv+t8scs/l/NH7P4b50/ZvH/Wv6YxX+b/DGL/7b5Yxb/7fLHLP5fzx+z+H8jf8ziv33+mMV/h/wxi/+O+WMW/53yxyz+O+ePWfx3yR+z+O+aP2bx3y1/zOK/e/6YxX+P/DGL/zfzxyz+38ofs/jvmT9m8d8rf8ziv3f+mMV/n/wxi/+388cs/t/JH7P4fzd/zOK/b/6YxX+//DGL//fyxyz+388fs/jvnz9m8f9B/pjF/4D8MYv/gfljFv+D8scs/j/MH7P4/yh/zOL/4/wxi//B+WMW/0Pyxyz+P8kfs/j/NH/M4n9o/pjF/7D8MYv/4fljFv+f5Y9Z/H+eP2bxPyJ/zOJ/ZP6Yxf8X+WMW/6Pyxyz+v8wfs/gfnT9m8f9V/pjF/9f5Yxb/Y/LHLP6/yR+z+P82f8zif2z+mMX/uPwxi//x+WMW/9/lj1n8T8gfs/ifmD9m8T8pf8zi//v8MYv/H/LHLP5/zB+z+J+cP2bxPyV/zOL/p/wxi/+p+WMW/9Pyxyz+f84fs/ifnj9m8f9L/pjF/6/5Yxb/v+WPWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP5/zx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvH/R/6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMS/3EG+WMW/yH5Yxb/ofljFv+x8scs/sPyxyz+Y+ePWfzHyR+z+I+bP2bxH54/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/hPmj9m8Z8sf8ziP3n+mMX/bfljFv+3549Z/KfIH7P4vyN/zOI/Zf6YxX+q/DGL/zvfhP+w/8lx/Ydm8X9X6x+z+L87f8zi/578MYv/e/PHLP5T549Z/KfJH7P4T5s/ZvF/X/6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/GfKH7P4vz9/zOI/c/6Yxf8D+WMW/w/mj1n8P5Q/ZvH/cP6Yxf8j+WMW/4/mj1n8Z8kfs/jPmj9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/4/lj1n858ofs/jPnT9m8Z8nf8ziP2/+mMX/4/ljFv/58scs/p/IH7P4fzJ/zOI/f/6Yxf9T+WMW/wXyxyz+C+aPWfwXyh+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP5L5o9Z/D+dP2bx/0z+mMV/qfwxi/9n88cs/kvnj1n8P5c/ZvH/fP6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/FfIH7P4r5g/ZvH/Qv6YxX+l/DGL/8r5Yxb/L+aPWfxXyR8bQ/2HjGY9zqr5Y2Oo/0u9ev2vlj9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/y/lj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/w3zxyz+X84fs/hvlD9m8d84f8ziv0n+mMV/0/wxi/9m+WMW/83zxyz+X8kfs/hvkT9m8d8yf8ziv1X+mMX/q/ljFv+t88cs/l/LH7P4b5M/ZvHfNn/M4r9d/pjF/+v5Yxb/b+SPWfy3zx+z+O+QP2bx3zF/zOK/U/6YxX/n/DGL/y75Yxb/XfPHLP675Y9Z/HfPH7P475E/ZvH/Zv6Yxf9b+WMW/z3zxyz+e+WPWfz3zh+z+O+TP2bx/3b+mMX/O/ljFv/v5o9Z/PfNH7P475c/ZvH/Xv6Yxf/7+WMW//3zxyz+P8gfs/gfkD9m8T8wf8zif1D+mMX/h/ljFv8f5Y9Z/H+cP2bxPzh/zOJ/SP6Yxf8n+WMW/5/mj1n8D80fs/gflj9m8T88f8zi/7P8MYv/z/PHLP5H5I9Z/I/MH7P4/yJ/zOJ/VP6Yxf+X+WMW/6Pzxyz+v8ofs/j/On/M4n9M/pjF/zf5Yxb/3+aPWfyPzR+z+B+XP2bxPz5/zOL/u/wxi/8J+WMW/xPzxyz+J+WPWfx/nz9m8f+Dz3/HN7ORxf+PPv83lcX/5Pwxi/8p+WMW/z85/R/8dxtY/E91+v/bLP6n5Y9Z/P+cP2bxPz1/zOL/l/wxi/9f88cs/n/LH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8/54/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zi/4/8MYv/FfljFv8r88cs/lflj1n8r84fs/hfkz9m8b82f8zif13+mMX/+vwxi/8N+WMW/xvzxyz+N+WPWfxvzh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f+wl/8FgjPd/LP/BeHCdZf0/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6YxH/cQf6YxX9I/pjFf2j+mMV/rPwxi/+w/DGL/9j5Yxb/cfLHLP7j5o9Z/Ifnj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+k+aPWfwny39Uw19zyeI/ef6Yxf9t+WMW/7fnj1n8p8gfs/i/I3/M4j9l/pjFf6r8MYv/O/PHLP7vyh+z+L87f8zi/578MYv/e/PHLP5T549Z/KfJH7P4T5s/ZvF/X/6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/GfKH7P4vz9/zOI/c/6Yxf8D+WMW/w/mj1n8P5Q/ZvH/cP6Yxf8j+WMW/4/mj1n8Z8kfs/jPmj9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/4/lj1n858ofs/jPnT9m8Z8nf8ziP2/+mMX/4/ljFv/58scs/p/IH7P4fzJ/zOI/f/6Yxf9T+WMW/wXyxyz+C+aPWfwXyh+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP5L5o9Z/D+dP2bx/0z+mMV/qfwxi/9n88cs/kvnj1n8P5c/ZvH/fP6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/FfIH7P4r5g/ZvH/Qv6YxX+l/DGL/8r5Yxb/L+aPWfxXyR+z+K+aP2bxXy1/bMz3H2/Eh3FXzx8b8/1fatw18scs/mvmj1n818ofs/h/KX/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/hvmD9m8f9y/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8N8sfs/hvnj9m8f9K/pjFf4v8MYv/lvljFv+t8scs/l/NH7P4b50/ZvH/Wv6YxX+b/DGL/7b5Yxb/7fLHLP5fzx+z+H8jf8ziv33+mMV/h/wxi/+O+WMW/53yxyz+O+ePWfx3yR+z+O+aP2bx3y1/zOK/O/r3iLD475E2ZvH/Zv6Yxf9b+WMW/z3zxyz+e+WPWfz3zh+z+O+TP2bx/3b+mMX/O/ljFv/v5o9Z/Pc1+o/77zex+O9n9H8TWfy/lz9m8f9+/pjFf//8MYv/D/LHLP4H5I9Z/A/MH7P4H5Q/ZvH/Yf6Yxf9H+WMW/x/nj1n8D84fs/gfkj9m8f9J/pjF/6f5Yxb/Q/PHLP6H5Y9Z/A/PH7P4/yx/zOL/8/wxi/8R+WMW/yPzxyz+v8gfs/gflT9m8f9l/pjF/+j8MYv/r/LHLP6/zh+z+B+TP2bx/03+mMX/t/ljFv9j88cs/sflj1n8j88fs/j/Ln/M4n9C/pjF/8T8MYv/SfljFv/f549Z/P+QP2bx/2P+mMX/5Pwxi/8p+WMW/z/lj1n8T80fs/iflj9m8f9z/pjF//T8MYv/X/LHLP5/zR+z+P8tf8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bx/3v+mMX//Pwxi/8F+WMW/wvzxyz+F+WPWfwvzh+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/z/yxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfk/gPH+SPWfyH5I9Z/Ifmj1n8x8ofs/gPyx+z+I+dP2bxHyd/zOI/bv6YxX94/pjFf7z8MYv/+PljFv8J8scs/hPmj1n8J8ofs/hPnD9m8Z8kf8ziP2n+mMV/svwxi//k+WMW/7flj1n8354/ZvGfIn/M4v+O/DGL/5T5Yxb/qfLHLP7vzB+z+L8rf8zi/+78MYv/e/LHLP7vzR+z+E+dP2bxnyZ/zOI/bf6Yxf99+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bxnyl/zOL//vwxi//M+WMW/w/kj1n8P5g/ZvH/UP6Yxf/D+WMW/4/kj1n8P5o/ZvGfJX/M4j9r/pjFf7b8MYv/7PljFv858scs/nPmj1n8P5Y/ZvGfK3/M4j93/pjFf578MYv/vPljFv+P549Z/OfLH7P4fyJ/zOL/yfwxi//8+WMW/0/lj1n8F8gfs/gvmD9m8V8of8ziv3D+mMV/kfwxi/+i+WMW/8Xyxyz+i+ePWfyXyB+z+C+ZP2bx//Qb+U/xwosv/i8M7T8xi/9nWv+YxX+p/DGL/2fzxyz+S+ePWfw/lz9m8f98/pjFf5n8MYv/svljFv/l8scs/svnj1n8V8gfs/ivmD9m8f9C/pjFf6X8MYv/yvljFv8v5o9Z/FfJH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/mvljFv+18scs/l/KH7P4r50/ZvFfJ3/M4r9u/pjFf738MYv/+vljFv8N8scs/hvmj1n8v5w/ZvHfKH/M4r9x/pjFf5P8MYv/pvljFv/N8scs/pvnj1n8v5I/ZvHfIn/M4r9l/pjFf6v8MYv/V/PHLP5b549Z/L+WP2bx3yZ/zOK/bf6YxX+7/DGL/9fzxyz+38gfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi//O+WMW/13yxyz+u+aPWfx3yx+z+O+eP2bx3yN/zOL/zfwxi/+38scs/nvmj1n898ofs/jvnT9m8d8nf8zi/+38MYv/d/LHLP7fzR+z+O+bP2bx3y9/zOL/vfwxi//388cs/vvnj1n8f5A/ZvE/IH/M4n9g/pjF/6D8MYv/D/PHLP4/yh+z+P84f8zif3D+mMX/kPwxi/9P8scs/j/NH7P4H5o/ZvE/LH/M4n94/pjF/2f5Yxb/n+ePWfyPyB+z+B+ZP2bx/0X+mMX/qPwxi/8v88cs/kfnj1n8f5U/ZvH/df6Yxf+Y/DGL/2/yxyz+v80fs/gfmz9m8T8uf8zif3z+mMX/d/ljFv8T8scs/ifmj1n8T8ofs/j/Pn/M4v+H/DGL/x/zxyz+J+ePWfxPyR+z+P8pf8zif2r+mMX/tPwxi/+f88cs/qfnj1n8/5I/ZvH/a/6Yxf9v+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL/9/zxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/P+RP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+Y9s+GsvWvzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMS//EG+WMW/yH5Yxb/ofljFv+x8scs/sPyxyz+Y+ePWfzHyR+z+I+bP2bxH54/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/hPmj9m8Z8sf8ziP3n+mMX/bfljFv+3549Z/KfIH7P4vyN/zOI/Zf6YxX+q/DGL/zvzxyz+78ofs/i/O3/M4v+e/DGL/3vzxyz+U+ePWfynyR+z+E+bP2bxf1/+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfxnyh+z+L8/f8ziP3P+mMX/A/ljFv8P5o9Z/D+UP2bx/3D+mMX/I/ljFv+P5o9Z/GfJH7P4z5o/ZvGfLX/M4j97/pjFf478sZf8pxkMBmO4/5z5Y5b1/7H8MYv/XPljFv+588cs/vPkj1n8580fs/h/PH/M4j9f/pjF/xP5Yxb/T+aPWfznzx+z+H8qf8ziv0D+mMV/wfwxi/9C+WMW/4Xzxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6YxX/J/DGL/6fzxyz+n8kfs/gvlT9m8f9s/pjFf+n8MYv/5/LHLP6fzx+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP5fyB+z+K+UP2bxXzl/zOL/xfwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+K+RP2bxXzN/zOK/Vv6Yxf9L+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6YxX/D/DGL/5fzxyz+G+WPWfw3zh+z+G+SP2bxHyd/zOK/Wf6YxX/z/DGL/1fyH71hA5H/FvljFv8t88cs/lvlj1n8v5o/ZvHfOn/M4v+1/DGL/zb5Yxb/bfPHLP7b5Y9Z/L+eP2bx/0b+mMV/+/wxi/8O+WMW/x3zxyz+O+WPWfx3zh+z+O+SP2bx3zV/zOK/W/6YxX/3/DGL/x75Yxb/b+aPWfy/lT9m8d8zf2zIGQc8MersGO2/V/6YZf3vnT9m8d8nf8zi/+38MYv/d/LHLP7fzR+z+O+bP2bx3y9/zOL/vfwxi//388cs/vvnj1n8f5A/ZvE/IH/M4n9g/pjF/6D8MYv/D/PHLP4/yh+z+P84f8zif3D+mMX/kPwxi/9P8scs/j/NH7P4H5o/ZvE/LH/M4n94/pjF/2f5Yxb/n+ePWfyPyB+z+B+ZP2bx/0X+mMX/qPwxi/8v88cs/kfnj1n8f5U/ZvH/df6Yxf+Y/DGL/2/yxyz+v80fs/gfmz9m8T8uf8zif3z+mMX/d/ljFv8T8scs/ifmj1n8T8ofs/j/Pn/M4v+H/DGL/x/zxyz+J+ePWfxPyR+z+P8pf8zif2r+mMX/tPwxi/+f88cs/qfnj1n8/5I/ZvH/a/6Yxf9v+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL/9/zxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/P+RP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMR//EH+mMV/SP6YxX9o/pjFf6z8MYv/sPwxi//Y+WMW/3Hyxyz+4+aPWfyH549Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/pPmj1n8J8sfs/hPnj9m8X9b/pjF/+35Yxb/KfLHLP7vyB+z+E+ZP2bxnyp/zOL/zvwxi/+78scs/u/OH7P4vyd/zOL/3vwxi//U+WMW/2nyxyz+0+aPWfzflz9m8Z8uf8ziP33+mMV/hvwxi/+M+WMW/5nyxyz+788fs/jPnD9m8f9A/pjF/4P5Yxb/D+WPWfw/nD9m8f9I/pjF/6P5Yxb/WfLHLP6z5o9Z/GfLH7P4z54/ZvGfI3/M4j9n/pjF/2P5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvH/eP6YxX++/DGL/yfyxyz+n8wfs/jPnz9m8f9U/pjFf4H8MYv/gvljFv+F8scs/gvnj1n8F8kfs/gvmj9m8V8sf8ziv3j+mMV/ifwxi/+S+WMW/0/nj1n8P5M/ZvFfKn/M4v/Z/DGL/9L5Yxb/z+WPWfw/nz9m8V8mf8ziv2z+mMV/ufwxi//y+WMW/xXyxyz+K+aPWfy/kD9m8V8pf8ziv3L+mMX/i/ljFv9V8scs/qvmj1n8V8sfs/ivnj9m8V8jf8ziv2b+mMV/rfwxi/+X8scs/mvnj1n818kfs/ivmz9m8V8vf8ziv37+mMV/g/wxi/+G+WMW/y/nj1n8N8ofs/hvnD9m8d8kf8ziv2n+mMV/s/wxi//m+WMW/6/kj1n8t8gfs/hvmT9m8d8qf8zi/9X8MYv/1vljFv+v5Y9Z/LfJH7P4b5s/ZvHfLn/M4v/1/DGL/zfyxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOK/c/6YxX+X/DGL/675Yxb/3fLHLP67549Z/PfIH7P4fzN/zOL/rfwxi/+e+WMW/73yxyz+e+ePWfz3yR+z+H87f8zi/538MYv/d/PHLP775o9Z/PfLH7P4fy9/zOL//fwxi//++WMW/x/kj1n8D8gfs/gfmD9m8T8of8zi/8P8MYv/j/LHLP4/zh+z+B+cP2bxPyR/zOL/k/wxi/9P88cs/ofmj1n8D8sfs/gfnj9m8f9Z/pjF/+f5Yxb/I/LHLP5H5o9Z/H+RP2bxPyp/zOL/y/wxi//R+WMW/1/lj1n8f50/ZvE/Jn/M4v+b/DGL/2/zxyz+x+aPWfyPyx+z+B+fP2bx/13+mMX/hPwxi/+J+WMW/5Pyxyz+v88fs/j/IX/M4v/H/DGL/8n5Yxb/U/LHLP5/yh+z+J+aP2bxPy1/zOL/5/wxi//p+WMW/7/kj1n8/5o/ZvH/W/6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvE/L3/M4v/3/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv9/5I9Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyHwzG+terLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj43p/muMPDv+A/ljY7r/qMZ/MH/M4v9Q/pjF/+H8sTHZf9x/Xjv+I/ljY7L/q9f/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YPybxn2CQP2bxH5I/ZvAfdzCYYGj+mMF/xPofK3/M4j8sf8ziP3b+mMV/nPwxi/+4+WMW/+H5Yxb/8fLHLP7j549Z/CfIH7P4T5g/ZvGfKH/M4j9x/pjFf5L8MYv/pPljFv/J8scs/pPnj1n835Y/ZvF/e/6YxX+K/DGL/zvyxyz+U+aPWfynyh+z+L8zf8zi/678MYv/u/PHLP7vyR+z+L83f8ziP3X+mMV/mvwxi/+0+WMW//flj1n8p8sfs/hPnz9m8Z8hf8ziP2P+mMV/pvwxi//788cs/jPnj1n8P5A/ZvH/YP6Yxf9D+WMW/w/nj1n8P5I/ZvH/aP6YxX+W/DGL/6z5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvH/WP6YxX+u/DGL/9z5Yxb/efLHLP7z5o9Z/D+eP2bxny9/zOL/ifwxi/8n88cs/vPnj1n8P5U/ZvFfIH/M4r9g/pjFf6H8MYv/wvljFv9F8scs/ovmj1n8F8sfs/gvnj9m8V8if8ziv2T+mMX/0/ljFv/P5I9Z/JfKH7P4fzZ/zOK/dP6Yxf9z+WMW/8/nj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMV/hfwxi/+K+WMW/y/kj1n8V8ofs/ivnD9m8f9i/pjFf5X8MYv/qvljFv/V8scs/qvnj1n818gfs/ivmT9m8V8rf8zi/6X8MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMX/y/ljFv+N8scs/hvnj1n8N8kfs/hvmj9m8d8sf8ziv3n+mMX/K/ljFv8t8scs/lvmj1n8t8ofs/h/NX/M4r91/pjF/2v5Yxb/bfLHLP7b5o+Nuf6Xvfhq/+3yx8Zc/9eu/6/nj1n8v5E/ZvHfPn/M4r9D/pjFf8f8MYv/TvljFv+d88cs/rvkj1n8d80fs/jvlj9m8d89f8ziv0f+mMX/m/ljFv9v5Y9Z/PfMH7P475U/ZvHfO3/M4r9P/pjF/9v5Yxb/7+SPWfy/mz9m8d83f8ziv1/+mMX/e/ljFv/v549Z/PfPH7P4/yB/zOJ/QP6Yxf/A/DGL/0H5Yxb/H+aPWfx/lD9m8f9x/pjF/+D8MYv/IfljFv+f5I9Z/H+aP2bxPzR/zOJ/WP6Yxf/w/DGL/8/yxyz+P88fs/gfkT9m8T8yf8zi/4v8MYv/UfljFv9f5o9Z/I/OH7P4/yp/zOL/6/wxi/8x+WMW/9/kj1n8f5s/ZvE/Nn/M4n9c/pjF//j8MYv/7/LHLP4n5I9Z/E/MH7P4n5Q/ZvH/ff6Yxf8P+WMW/z/mj1n8T84fs/ifkj/2sv9g+GAwJvv/KX/Msv5PzR+z+J+WP2bx/3P+mMX/9Pwxi/9f8scs/n/NH7P4/y1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvH/e/6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/C/OH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/P/7Vv4eDyP+KwDGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4Xyv0H/omtrH4Xyf0fzNZ/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88dG+g8Gg53GbP/b8scs6//2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHJP4TDvLHLP5D8scs/kPzxyz+Y+WPWfyH5Y9Z/Md+Hf8rrxprjf+tof0nZvEfp/WPWfzHzR+z+A/PH7P4j5c/ZvEfP3/M4j9B/pjFf8L8MYv/RPn/SzuJ/CfOH7P4T5I/ZvGfNH/M4j9Z/pjFf/L8MYv/2/LHLP5vzx+z+E+RP2bxf0f+mMV/yvwxi/9U+WMW/3fmj1n835U/ZvF/d/6Yxf89+WMW//fmj1n8p84fs/hPkz9m8Z82f8zi/778MYv/dPljFv/p88cs/jPkj1n8Z8wfs/jPlD9m8X9//pjFf+b8MYv/B/LHLP4fzB+z+H8of8zi/+H8MYv/R/LHLP4fzR+z+M+SP2bxnzV/zOI/W/6YxX/2/DGL/xz5Yxb/OfPHLP4fyx+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/8fzxyz+8+WPWfw/kT9m8f9k/pjFf/78sTHTf6T0q/0/lT82ZvqP7NX+C+SPWfwXzB+z+C+UP2bxXzh/zOK/SP6YxX/R/DGL/2L5Yxb/xfPHLP5L5I9Z/JfMH7P4fzp/zOL/mfwxi/9S+WMW/8/mj1n8l84fs/h/Ln/M4v/5/DGL/zL5Yxb/ZfPHLP7L5Y9Z/JfPH7P4r5A/ZvFfMX/M4v+F/DGL/0r5Yxb/lfPHLP5fzB+z+K+SP2bxXzV/zOK/Wv6YxX/1/DGL/xr5Yxb/NfPHLP5r5Y9Z/L+UP2bxXzt/zOK/jtH/TXzDFv91jf5vIov/evljFv/188cs/hvkj1n8N8wfs/h/OX/M4r9R/pjFf+P8MYv/JvljFv9N88cs/pvlj1n8N88fs/h/JX/M4r9F/pjFf8v8MYv/VvljFv+v5o9Z/LfOH7P4fy1/zOK/Tf6YxX/b/DGL/3b5Yxb/r+ePWfy/kT9m8d8+f8ziv0P+mMV/x/wxi/9O+WMW/53zxyz+u+SPWfx3zR+z+O+WP2bx3z1/zOK/R/6Yxf+b+WMW/2/lj1n898wfs/jvlT9m8d87f8ziv0/+mMX/2/ljFv/v5I9Z/L+bP2bx3zd/zOK/X/6Yxf97+WMW/+/nj1n8988fs/j/IH/M4n9A/pjF/8D8MYv/QfljFv8f5o9Z/H+UP2bx/3H+mMX/4Pwxi/8h+WMW/5/kj1n8f5o/ZvE/NH/M4n9Y/pjF//D8MYv/z/LHLP4/zx+z+B+RP2bxPzJ/zOL/i/wxi/9R+WMW/1/mj1n8j84fs/j/Kn/M4v/r/DGL/zH5Yxb/3+SPWfx/mz9m8T82f8zif1z+mMX/+Pwxi//v8scs/ifkj1n8T8wfs/iflD9m8f99/pjF/w/5Yxb/P+aPWfxPzh+z+J+SP2bx/1P+mMX/1Pwxi/9p+WMW/z/nj1n8T88fs/j/JX/M4v/X/LHR/Md7q8fz/7vX8f9b/phl/Z+RP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7n5Y9Z/P+eP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4v+P/DGL/xX5Yxb/K/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzxyT+Ew3yxyz+Q/LHLP5D88cs/mPlj1n8h+WPWfzHzh+z+I+TP2bxHzd/zOI/PH/M4j9e/pjFf/z8MYv/BPljFv8J88cs/hPlj1n8J84fs/hPkj9m8Z80f8ziP1n+mMV/8vwxi//b8scs/m/PH7P4T5E/ZvF/R/6YxX/K/DGL/1T5Yxb/d+aPWfzflT9m8X93/pjF/z35Yxb/9+aPWfynzh+z+E+TP2bxnzZ/zOL/vvwxi/90+WMW/+nzxyz+M+SPWfxnzB+z+M+UP2bxf3/+mMV/5vwxi/8H8scs/h/MH7P4fyh/zOL/4fwxi/9H8scs/h/NH7P4z5I/ZvGfNX/M4j9b/pjFf/b8MYv/HPljFv8588cs/h/LH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/x/PHLP7z5Y9Z/D+RP2bx/2T+mMV//vwxi/+n8scs/gvkj1n8F8wfs/gvlD9m8V84f8ziv0j+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfyXzB+z+H86f8zi/5n8MYv/UvljFv/P5o9Z/JfOH7P4fy5/zOL/+fwxi/8y+WMW/2Xzxyz+y+WPWfyXzx+z+K+QP2bxXzF/zOL/hfwxi/9K+WMW/5Xzxyz+X8wfs/ivkj9m8V81f8ziv1r+mMV/9fwxi/8a+WMW/zXzxyz+a+WPWfy/lD9m8V87f8ziv07+mMV/3fwxi/96+WMW//Xzxyz+G+SPWfw3zB+z+H85f8ziv1H+mMV/4/wxi/8m+WMW/03zxyz+m+WPWfw3zx+z+H8lf8ziv0X+mMV/y/wxi/9W+WMW/6/mj1n8t84fs/h/LX/M4r9N/pjFf9v8MYv/dlb/4W98s8X/61b/f5PF/xv5Yxb/7fPHLP475I9Z/HfMH7P475Q/ZvHfOX/M4r9L/pjFf9f8MYv/bvljFv/d88cs/nvkj1n8v5k/ZvH/Vv6YxX/P/DGL/175Yxb/vfPHLP775I9Z/L+dP2bx/07+mMX/u/ljFv9988cs/vvlj42p/sNH8/9e/tiY6j8Yzf/7+WMW//3zxyz+P8gfs/gfkD9m8T8wf8zif1D+mMX/h/ljFv8f5Y9Z/H+cP2bxPzh/zOJ/SP6Yxf8n+WMW/5/mj1n8D80fs/gflj9m8T88f8zi/7P8MYv/z/PHLP5H5I9Z/I/MH7P4/yJ/zOJ/VP6Yxf+X+WMW/6Pzxyz+v8ofs/j/On/M4n9M/pjF/zf5Yxb/3+aPWfyPzR+z+B+XP2bxPz5/zOL/u/wxi/8J+WMW/xPzxyz+J+WPWfx/nz9m8f9D/pjF/4/5Yxb/k/PHLP6n5I9Z/P+k9B/+b7ew+J+q9P/3WfxPyx+z+P85f8zif3r+mMX/L/ljFv+/5o9Z/P+WP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4/z1/zOJ/fv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/x/5Yxb/K/LHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyf/l5p2tMsW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf0ziP/Egf8ziPyR/zOI/NH/M4j9W/pjFf1j+mMV/7Pwxi/84+WMW/3Hzxyz+w/PHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv9J88cs/pPlj1n8J88fs/i/LX/M4v/2/DGL/xT5Yxb/d+SPWfynzB+z+E+VP2bxf2f+mMX/XfljFv93549Z/N+TP2bxf2/+mMV/6vwxi/80+WMW/2nzxyz+78sfs/hPlz9m8Z8+f8ziP0P+mMV/xvwxi/9M+WMW//fnj1n8Z36t/4tj/a8P7D8zi/8HWv+Yxf+D+WMW/w/lj1n8P5w/ZvH/SP6Yxf+j+WMW/1nyxyz+s+aPWfxnyx+z+M+eP2bxnyN/zOI/Z/6Yxf9j+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bx/3j+mMV/vvwxi/8nXvbvQfCaLP6fjB6z+M+fP2bx/1T+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/T+ePWfw/kz9m8V8qf8zi/9n8MYv/0vljFv/P5Y9Z/D+fP2bxXyZ/zOK/bP6YxX+5/DGL//L5Yxb/FfLHLP4r5o9Z/L+QP2bxXyl/zOK/cv6Yxf+L+WMW/1Xyxyz+q+aPWfxXyx+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/5fyxyz+a+ePWfzXyR+z+K+bP2bxXy9/bMgZB6w8ycizY7T/+vljlvW/Qf6YxX/D/DGL/5fzxyz+G+WPWfw3zh+z+G+SP2bx31TvvyNea/HfTO/PWfw3zx+z+H8lf8ziv0X+mMV/y/wxi/9W+WMW/6/mj1n8t84fs/h/LX/M4r9N/pjFf9v8MYv/dvljFv+v549Z/L+RP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/nfPHLP675I9Z/HfNH7P475Y/ZvHfPX/M4r9H/pjF/5v5Yxb/b+WPWfz3zB+z+O+VP2bx3zt/zOK/T/6Yxf/b+WMW/+/kj1n8v5s/ZvHfN3/M4r9f/pjF/3v5Yxb/7+ePWfz3zx+z+P8gf8zif0D+mMX/wPwxi/9B+WMW/x/mj1n8f5Q/ZvH/cf6Yxf/g/DGL/yH5Yxb/n+SPWfx/mj9m8T80f8zif1j+mMX/8Pwxi//P8scs/j/PH7P4H5E/ZvE/Mn/M4v+L/DGL/1H5Yxb/X+aPWfyPzh+z+P8qf8zi/+v8MYv/MfljFv/f5I9Z/H+bP2bxPzZ/zOJ/XP6Yxf/4/DGL/+/yxyz+J+SPWfxPzB+z+J+UP2bx/33+mMX/D/ljFv8/5o9Z/E/OH7P4n5I/ZvH/k9p/3Ne9xeJ/qtr/9bP4n5Y/ZvH/c/6Yxf/0/DGL/1/yxyz+f80fs/j/LX/M4n9G/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/iflz9m8f97/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxif+QwWCn/CGJ/8RXtP4xi/+V+WMW/6vyx8Zc/9doT3x1/tiY6//a9X9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+T+E8yyB+z+A/JH7P4D80fs/iPlT9m8R+WP2bxHzt/zOI/Tv6YxX/c/DGL//D8MYv/ePn/f+zcf7jWdX3H8ZvfhJJ+bFOXNhwac21GIqNRC1FRPP44ZaKZv1GPQILID0kwFTdaqWPTpW6WbGrpmLNVSx1url8rGpY1WyO2VjnFtTDGHCw0Z+w6cA5xzt6eq/Nl36/N9+PxB5z7Pr7vkOf18r65uK5CWfqP0D+Upf8e+oey9N9T/1CW/iP1D2Xp/0r9Q1n676V/KEv/vfUPZelf9A9l6b+P/qEs/V+lfyhL/5/RP5Sl/8/qH8rSf1/9Q1n676d/KEv//fUPZen/c/qHsvR/tf6hLP0P0D+Upf+B+oey9H+N/qEs/X9e/1CW/qP0D2Xpf5D+oSz9f0H/UJb+o/UPZel/sP6hLP0P0T+Upf9r9Q9l6T9G/1CW/r+ofyhL/0P1D2Xp/0v6h7L0f53+oSz9f1n/UJb+v6J/KEv/w/QPZen/ev1DWfqP1T+Upf8b9A9l6X+4/qEs/cfpH8rS/wj9Q1n6j9c/lKX/r+ofytJ/gv6hLP3fqH8oS/9f0z+Upf9E/UNZ+r9J/1CW/m/WP5Sl/6/rH8rS/y36h7L0n6R/KEv/I/UPZek/Wf9Qlv5H6R/K0v9o/UNZ+h+jfyhL/yn6h7L0P1b/UJb+x+kfytJ/qv6hLP2P1z+UpX+b/qEs/U/QP5Sl/4n6h7L0P0n/UJb+J+sfytK/Xf9Qlv5v1T+Upf/b9A9l6X+K/qEs/d+ufyhL/1P1D2XpP03/UJb+p+kfytL/dP1DWfq/Q/9Qlv5n6B/K0v+d+oey9D9T/1CW/mfpH8rS/2z9Q1n6n6N/KEv/c/UPZel/nv6hLP3P1z+Upf90/UNZ+l+gfyhL/wv1D2Xpf5H+oSz9O/QPZel/sf6hLP1n6B/K0n+m/qEs/WfpH8rS/136h7L0v0T/UJb+s/UPZek/R/9Qlv6X6h/K0n+u/qEs/S/TP5Sl/zz9Q1n6z9c/lKX/Av1DWfov1D+Upf/l+oey9F+kfyhL/3frH8rS/wr9Q1n6L9Y/lKX/Ev1DWfpfqX8oS//36B/K0v8q/UNZ+l+tfyhL/2v0D2Xpv1T/UJb+1+ofytL/N/QPZen/m/qHsvRfpn8oS//36h/K0v+39A9l6f8+/UNZ+r9f/1CW/tfpH8rS/3r9Q1n636B/KEv/39Y/lKX/cv1DWfr/jv6hLP1/V/9Qlv436h/K0v8m/UNZ+v+e/qEs/T+gfyhL/5v1D2Xpf4v+oSz9b9U/lKX/7+sfytL/D/QPZel/m/6hLP0/qH8oS/8P6R/K0v92/UNZ+q/QP5Sl/x/qH8rS/4/0D2Xpf4f+oSz979Q/lKX/XfqHsvT/sP6hLP0/on8oS/+7e/cf1fCv66dUlv732H8oS/8/1j+Upf9K/UNZ+v+J/qEs/e/VP5Sl/5/qH8rS/z79Q1n6f1T/UJb+f6Z/KEv/j+kfytL/4/qHsvT/hP6hLP3/XP9Qlv6f1D+Upf/9+oey9H9A/1CW/g/qH8rS/y/0D2Xpv0r/UJb+D+kfytL/L/UPZen/V/qHsvR/WP9Qlv5/rX8oS/9P6R/K0v/T+oey9P+M/qEs/T+rfyhL/8/pH8rS/2/0D2Xp/3n9Q1n6f0H/UJb+q/UPZen/Rf1DWfr/rf6hLP3X6B/K0v8R/UNZ+n9J/1CW/l/WP5Sl/6P6h7L0/4r+oSz9v6p/KEv/v9M/lKX/Y/qHsvT/mv6hLP3/Xv9Qlv5f1z+Upf8/6B/K0n+t/qEs/b+hfyhL/3X6h7L0/0f9Q1n6/5P+oSz9v6l/KEv/f9Y/lKX/t/QPZen/bf1DWfp/R/9Qlv6P6x/K0v9f9A9l6f+E/qEs/Z/UP5Sl/3r9Q1n6P6V/KEv/f9U/lKX/d/UPZen/b/qHsvT/nv6hLP036B/K0v9p/UNZ+n9f/1CW/hv1D2Xp/+/6h7L036R/KEv//9A/lKX/M/qHsvT/T/1DWfpv1j+Upf8W/UNZ+v+X/qEs/X+gfyhL/636h7L0f1b/UJb+z+kfytL/h/qHsvR/Xv9Qlv7/rX8oS/8X9A9l6f8j/UNZ+m/TP5Sk/94t/UNZ+g/QP5Sl/0D9Q1n6D9I/lKX/YP1DWfoP0T+Upf9Q/UNZ+g/TP5Sl/3D9Q1n6v0L/UJb+I/QPZem/h/6hLP331D+Upf9I/UNZ+r9S/1CW/nvpH3rZ9QcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhps2Dxkkumz57dMd8XvvCFL3Z+8VL/lwkAAPi/9uMP/S/1rwQAAAAAAAAAAAAAAAAAAADyauL/Tuyl/ncEAAAAAAAAAAAAAID/79raj9o4aECPpwbt+uA1j3Zs/3n81jNm3n33g6X7565vnxi85MBdH2zbtm3bimcmTel6OKzVanX+r+3d9Xh47+PO11866vb9dzwqkz9/6+PnTht50vwHbhr8jRU3tD89ZPuzQ1rnXzxrdscbBrZa5ZghrSs6Hxw+oNUqxw1p3dj5YFzng6lDWis7Hxyx/cErWp/pfPD6C+fOvqjzieMr/57By0Vb+9LWoB6LbfX4r8Gu+1866omZ3T/38ZLdrza41bX/0Q98ab9e3+v2Ivvvfv1yVO/99/tfEHhR/dv/c+u6f+7jJf/X+/+H12xdEn3vxfff/frlaPuH+gSf/3tstPfn/l6f/w8KXnLn/ZHD19zcuf+20+49sOupwT/J5/8fv345pvf+B/b4/N/5OX5K9+f/Ya1WOXY3fzsglbb2azf29f7f9/4Hv7rXzYBd93/XV9bv2bn/e55vLet6akg/9z+lr/f/63r9WoH+aWu/c1uv9/9+7L81JnjJnfvf8MDI7Z//19934b67fK8/+z+29/7HLpxz2dgFi5ccNmvO9BkdMzounThuwuHjJ06cMGHs9k8EO37czd8USGL33v9bI3rdDGi1Onber773himd+9/00LKPdD01vJ/7P67P9/+DvP9DaPTA1tChrSumL1w4//AdP3Y/HLfjxx3/WLD/fvz5/+BDu/6x7r8zHNBq7b/zfsy5E4d17v/KeWVV11ND+7n/qX3uf3LPv6sE+mc33/8v6nXTY/9Hbrh6Uef+D/nBPuu7nurvn/+P73P/d3j/h93R1t6q9U20c/9HDLv2hGrXpc3f/0F9mtj/qM03bql2XU6wf6hPE/uftvzNF1S7LifaP9Snif0/OOe85dWuy0n2D/VpYv8vvGrLAdWuy8n2D/VpYv+Pffepu6tdl3b7h/o0sf8P3tZ+RLXr8lb7h/o0sf/DLn92UrXr8jb7h/o0sf+L9zh1ZbXrcor9Q32a2P8J247et9p1ebv9Q32a2P+Aa7+3tNp1OdX+oT5N7P/J6cvnVrsu0+wf6tPE/leOGvNctetymv1DfZrY/7Kn3zi12nU53f6hPk3s/6u33P5YtevyDvuH+jSx/0+cvc/t1a7LGfYP9Wli/z8c/dCIatflnfYP9Wli/2vXrry/2nU50/6hPk3sf8XKQaOrXZez7B/q08T+rzl+xqPVrsvZ9g/1aWL/4yd8+axq1+Uc+4f6NLH//T/3raeqXZdz7R/q08T+T3140YJq1+U8+4f6NLH/RQd8/EfVrsv59g/1aWL/b+k4YGa16zLd/qE+Tey/3DRibbXrcoH9Q32a2P+Zm+6cXO26XGj/UJ8m9r9qry98rNp1ucj+oT5N7H/zvEsnVrsuHfYP9Wli/9957zXvq3ZdLrZ/qE8T+7/5+a+Xatdlhv1DfZrY/4ZxZ55d7brMtH+oTxP7v/OkZx6pdl1m2T/Up4n9L1/1+MJq1+Vd9g/1aWL/q1ef+ES163KJ/UN9mtj/IWPGjuz57LM/4XWZbf9Qnyb2P/eMZR+qdl3m2D/Up4n9H3PfLa+tdl0utX+oTxP7H/61SZ+sdl3m2j/Up4n9f3rS+z9V7bpcZv9Qnyb2v2XywYdWuy7z7B/q08T+190/7tZq12W+/UN9mtj/Bx65reJ1WWD/UJ8m9j/vdS9sqnZdFto/1KeJ/b9p2umLq12Xy+0f6tPE/ve9Y+oXq12XRfYP9Wli/+d8+/unVLsu77Z/qE8T+z94vwsOrHZdrrB/qE8T+585a8311a7LYvuH+jSx/ykr1o2vdl2W2D/Up4n97/XkgruqXZcr7R/q08T+Nw7a7+Rq1+U99g/1aWL/91z18DerXZer7B/q08T+r7/uox3VrsvV9g/1aWL/n906dHO163KN/QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAsQAAAACAMH/rIHo3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CgAAP//IgLqsg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x20100, 0x4)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd6f0, 0x0, 0x0, 0xfffffffd})
symlinkat(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

2.579933749s ago: executing program 5 (id=2156):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6tnl0\x00', <r1=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f0000000100)={&(0x7f0000000080)=@canfd={{0x4, 0x1}, 0x4b, 0x1, 0x0, 0x0, "ade3822092c67b3ceeb43f2f30c4a5a7694b1abaaf71ef50a7b1b6ce40258a168859d252dc84e31bfbab48eb0c95f6fa68fc83b1fa3d9c9ed650bcbc0a14d63f"}, 0x48}}, 0x20008804)

2.495829274s ago: executing program 5 (id=2157):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000040)={[{@nobh}, {@abort}]}, 0xff, 0x258, &(0x7f0000000780)="$eJzs3T9oHmUcB/Df3fu+xiQvEnURxD8gIhoIcRNc4qIQkBBEBBUiIi5KIsQEt8TJxUFnLZm6hNKtaceSJXRpKXRK2wzpUmhDh4YO7XDlfS+BJG/6J33f3pXc5wPH3SV393uO3Pe5G3L3BFBZQxExFhG1iBiOiEZEJHs3eDefhnZWl/rXpiKy7Ks7SXu7fD23u99gRCxGxCcRsZom8Us9Yn7lu81761988Pdc4/2TK9/2F3qSO7Y2N77cPjHx15nxj+cvXbk1kcRYNPedV+8lh/ysnkS89jyKvSCSetkt4GlM/nH6aiv3r0fEe+38NyKN/I/3z+xLq4346P9H7fvv7ctvFtlWoPeyrNG6By5mQOWkEdGMJB2JiHw5TUdG8mf4a7WB9NeZ2d+Hf56Zm/6p7J4K6JVmxMbn5/rODh7I/81ann/g+Grl/+vJ5eut5e1a2a0BCvFWPmvlf/iHhQ9D/qFy5B+qS/6huo6Yf//RAceI+z9U12Py/3JZbQKK0Zn/RtlNAgri+R8qKcuyTP6hwuQfqmtv/gGAasn6yn4DGShL2f0PAAAAAAAAAAAAAAAAAADQaal/bWp3Kqrmhf8itj7LRxfprF9rj0e8+znygbvJvkFIkh4MSvL9O10eoEunSn77+pUb5da/+Ha59RemIxb/jIjRer3z+kt2rr9n9+oTft/4scsCR5QcWP/0m2LrH/Rgudz64+sR51v9z+hh/U8ab7Tnh/c/zR58Mf23+10eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMI8DAAA//84UXFU")
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x18)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)=@v1={0x2, @aes128, 0x3, @auto='\t\x00'})

2.288026373s ago: executing program 4 (id=2160):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x3)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000009, 0x8012, r0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x1)

2.236810002s ago: executing program 2 (id=2163):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000001340)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0)
io_setup(0x6, &(0x7f0000000540)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(r0, 0x1, &(0x7f0000000880)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r1, 0x0}])

2.220420493s ago: executing program 4 (id=2164):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0xb7b56000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
lseek(r0, 0xffffff53, 0x1)

2.070819644s ago: executing program 1 (id=2165):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00'}, 0x48)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000080)=r0, 0x4)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x8}, {@in=@remote, 0x0, 0x32}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0)

2.069974688s ago: executing program 4 (id=2166):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000cc0)={'syz1\x00', {0x8}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x3f9, 0x100, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x1, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x8, 0x7f, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x2000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffd, 0x6fff, 0x71, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x9b0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1000, 0x10000, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd, 0x400, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4]}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000000))

1.992217797s ago: executing program 5 (id=2167):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00')
readv(r0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='fd/3\x00')
preadv(r1, &(0x7f0000000300)=[{&(0x7f0000000200)=""/46, 0x2e}], 0x1, 0xf44, 0x2)

1.977962431s ago: executing program 2 (id=2168):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffd000/0x1000)=nil)
capget(&(0x7f0000000280)={0x20080522}, 0x0)

1.907695469s ago: executing program 1 (id=2169):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x9, 0xa, 0x42, 0x40, 0x2}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x200, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x3, r0}, 0x38)

1.745409862s ago: executing program 4 (id=2170):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x1c802, &(0x7f0000002740)=ANY=[@ANYBLOB="71756f74612c646973636172642c646973636172642c696f636861727365743d6b6f69382d72752c646973636172642c00f4193eb3ba2a0d5fd0cd7374288ff89ec513a53e007345decb720900f8312da2463eb0edf52fad1a00ebd41c14b3ce75d0cffefd379624b16f7260c835713b263352e03b5cb8fa0c042bd1225ed4ded2b62e12fea4d7e61b738e40781e58d5fff112364ac140f419e5dafecd283b3fab6b142ddbc893b35a81fe9265591ef35fa2928e095fee4c10b22e4212378de59bca0307cc644b9620b63f0000007bbbd422d87856b71348b8f45398b9660b6b3e8ee8a8c32f3234cb46e2cd827ec25c1ca4d046bc004f8df7b1ee690a5e50510700d80c7fa65fa724d0e1b4369f1b64fe249a0312010000004ac983de925f52d735b03fea941b1e948ad8d19cfda5b799325fd69d14fcf6cdde7700a63150eb3699e5314e0827750e244150ec19f3f3f1d8be542c084b5e40bfaa8ad206d2a33b0ddbd7f8e07dc7d17174a4549ffaf5976949cb6d658c42ec7cd9fe8ad82852cefb04646edb3a41eb514eb6a772b3ee9f21e25822b54ec33e592d5c040946721101d53aff21f90351c95aa0f73f1853d6afcbf9448b220e988466066fa5c09e6198fc4520d199b93bdedee87c4043815aa05668a06f8da96680ccc1a139ade90f5c79af46208f9762f54e7c29088d9de69bd2d51c6b9c42209ddc3880051303b855853407d959a5777dce25201c5ea1faa084c36e3e349915ebec53435eb2910c59394ee84ba3baf9c440ae5833c23f46b0eaac543ce0c80ba0603213e53ea59755070b18bc10b9224aa082d967206115b492d825751fcc00000000000000e63d51c5bffa4f712c2d7fafb9cf506c06e1ddad4fc19038407786fedb9afdfb11a5f182676dd84c919f71d5eee2f3b740b68ee7f6518eb9d8baa26f1c3871f863b134ee942eb3af92d19e70d8268839cd7b4637f0627299f99b1873ca165e410f8bd421e1a4859fd9bd6bb34d25c07e1a52b9668a530b10b8585d797124a6975a71aedbe557a17b06bbfe547aa553c3d08b8921a4b0d938c03687bd48a9a387b4c066c056f457fba5738775b900a1e82a89aae1494b05c4bb0fc8ed1a93688bf850a4f7b0942eda1f16ecf043efa6b8c1f9e0fba31f4a58ed0031180fb1b8a00e4a86826b030000002dd1272a3d1609bebb749daef202e0412a73d545b86ca7a6bf569ed35d0000ca23b0de742f6008fdf20928370d88f8c04bc3b97b9a9e0062e8fc5fd2337d85a66bd20730f3153db2459fb34c134c06c19364e9645e83040dd16ee08f18f0ba69ac9ca3e25e15442b07000000d30d38a64613b535fa808a9b3bae00bc371271d45db200a5cbf433e2f6dd03b7c7fcc040781e5151c9badb787e7e1e2f39d60998919aa8dbd156f31a5b7fa5f9e5ec01e8c799edc322703c7fc4a81ab9bc02dd96714ee9d7e75d28d040ff3566404fd6db547a4b553197c1f316d20ea54f9459cd81351a510d101e90eabe6dc6c6ac3ffa189c073a5fb3fc382df620bf5af9e638819c77a051e6875866a849f6f578c068c0e4c7cfbc15033997efa853c96297b3201dd30ea40dc94d010a0c33da9f63a10b8f813dc789b80be3bb3f00ee58b30d5c03a6ddbf418ac1b3d4a13839e4b273c4f914bed13f8806295495d41609478798396aeec06e8d342efd8ac6b422f6c23a011b1400000000000000bc2a02094e19a1ee8bb3c3c0c088ae8efaf68c85001faf7cf5426fb7c5c367ed93eb25c48a293549d15b91b59f1b574b3f6171f8e56a402ec56bdf51d90312b3ca5398f4050000007504be21456ec953bf06f12fff20c31e7c8b55fee5c49aa939830b09995ff149258118f9aae29206f9731288b56b10de51525665fdb4e289b1c177de97af3085f82045fbd012f1dde94ffecd90b7b63d8197d9c24a6fe5915ac7d7240847f6d0bf9099ee117c83e363f2ad36a4a9f4faa5734afe9770c38c565cae87a408d0acbb2db7db9174acab60a344814ee643fa82ba41706d2360269ed276e13dd83abbc258f07b0d58ab0b65200b18b7f9f871bcb43fec5a2e3789ecd0c1069d2da80b93c86dff8933e70c2108346003ddf6b60379eee63b66e7341cdd8f87ed9f11894c9ae040976321d87405b492f419ebfa77eb367ca6e360b8f8451102f54893d7d1695c24bcc184b1e7d19940a2b6931ade8638dd2b85a86dc511dbb97f50520f91fbf7201fc9621d0aee9735d07ca024076e8581db332b1c5f135fe6b2e9d2c18c9d5d5a524d3d5b2657e4b28f1a09696bd5b076a1471c8b2ab2ca3ba57843af1d03590f4e8985e1c463c781bb03ad7ec816ea70bbe06411aae001e0ca72ee7e828ad14bb7a092d883ad000554bf7f00000000000075cc01f8a2e1802192f09e77bc488b3bd3f08a9ce88ba2e2bcc23cf5d7372b339ce1f5003db0ad70fa6e93aa908a2ced81f5514e23e2f94ff03c1c02f5a9195f4735563efd0a1fc7dafcfb3dae043fe0c172ec3a12747d7abf4382bf7453c13df994641017a0f461add956ef8f834b762af30408af6a61f317fd3c7b0816236a768601b7c6606ba52ff126eb13d33c915c5da99d118db488da3f3d7783a608282a93fcbe0910f0389c3ef91de7c84e23daa6554c42b2b3e9f70a9f790f29011a0b510146e8b23bfeba6e52877ed8a188958e39375dd203d434bef4dc82cc8a21fc40c6e6e6a2475f70bf1503beb9555036e63bdc937f8a4d61b21d06a9d3239d1df6f2e9ef16dee590b15ac028c6d873bb2965374b733d8e11ba763ab157ed91dd871b098c0543dcbba4cf67db8c83c84369dc67735fa4faa0fdcf34b1c6a862ccae9fe4fa28746504643b57f02623a2ef34ea90f2e7f7dd771f8f75217c799d978a3533fcfab6c6f5391b626d61b400f08172fc675e2a062d06c31b85452804f7b125c291f60a02a5d62271e96fe70d64bae36e28b42e197259169ebee8f64355544fbad8b83c1c8fad02cd1a2e56a6f6e82ec7719a48a1bea803546b8af7a89faf7cef94d8ada45fc0a98a79ba90c95262f0110725c6bf7c81237534dcd6a8a113bd8ac48b7db5526ab762cec103674742476cd6b92b8c7abcfb1f8e08f0a05c1b209187049f3206bd545e8c20f8db6d8a7cdd0c9ecbb9011b611a013cd581521dfcb028d59d5c69d286fb93e4c498b3aaff7e0cdcf1f41fec65ebdbe4c2bf453140251cdd94c32b87c4634d6500000000000000000000000000000000816e6c33f92dca3e03c40000005e538c77b2b14f63d253705363846bc4e9cd3284ff329330812d2211ae34106e03061a6a2b1cfe60a09becae2b05ec9adcac47612af85f598a880fa97891a7a290b6e730800542aea761aeb463f5ff5bdf5099ae8ad4afe99db9e9c4e703cb900e9ae272742fe2ff81d1a4f15668392cdafd2e1757706f47f9f84e532f25e2737cb6f6e89378f8d79ab8507b109c7f1f3653a5bc9d54ccc633de6263526eac1051"], 0x1, 0x5f5b, &(0x7f0000003100)="$eJzs3U9vHGcdB/Df7K7Xf0rTqEJViDikKZSW0vxPoPxryoEDHEBCOZPIdatAClUSEK0i4ioHxAV4CXDphUPfSI+cES+ASAmnHCiDxn6eZLxeZ53G3tn18/lIzsxvnh3vM/l6PLuemX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgf/fBnp6uIuPzbtOBwxBeiH9GLWG7qY9HMXMyPH0TEkdhojhcior8Y0ay/8c9zEeci4tNDEffu31ptFp/ZZT/On7p5/bMf/+Cff/jznSO/ePvnH4+2//SLZz/54+2Iwz9545PPbu/NtgMAAEAp6rquq/Q2/2h6f9/rulMAwFTk43+d5OVqtVqt3tP6T73Z6o+60LqtHu92u4iI9fY6zWsGp+MBYM6sx4Ouu0CH5F+0QUQ803UngJlWdd0B9sW9+7dWq5Rv1T4eHNtsz3+n3JL/evXw/o6dppOMXmMyrZ+vO9GP53foz/KU+jBLcv690fwvb7YP0+P2O/9p2Sn/4eatT8XJ+fdH8x+xJf+/RMTc5t8bm3+pcv6DJ8l/vT/H+7/8AQAAAAA4+PLf/w93fP538ek3ZVced/732JT6AAAAAAAAAAB77WnH/3vI+H8AAAAws5r36o2/vv/o0892+iy2ZvmlKuLZ5vGHptM/YAalm2VWuu4HAAAAAAAAAAAAAJRksHkN76UqYiEinl1Zqeu6+WobrZ/U064/70rffihZ17/kAQBg06eHRu7lryKWIuJS+qy/BysrK3W9tLxSr9TLi/n17HBxqV5uva/N02bZ4nAXL4gHw7r5Zkut9domvV+e1D76/ZrnGtb9XXRsOjoMHAAiYvNodM8R6QCpNnJ9Lrp+lcN8sP8fPPZ/dqPrn1MAAABg/9V1XVfp47yPpnP+va47BQBMw1I+/o+eF1Cr1Wq1Wn3w6rZ6vNvtIiLW2+s0rxkMxw8Ac2Y9HnTdBTok/6INIuJI150AZlrVdQfYF/fu31qtUr5V+3iQxnfP14JsyX+92lgvrz9uOsnoNSbT+vm6E/14fof+vDClPsySnH9vNP/Lm+3D9Lj9zn9adsq/2c7DHfSnazn//mj+Iw5O/r2x+Zcq5z94ovz78gcAAAAAgBmW//5/2PnfvMkAAAAAAAAAMHfu3b+1mu97zef/vzzmcVV7zv2fB0bOv9p1/u7/PUhy/r3R/EcuyOm35u++9Sj//9y/tfrxzX9/KU9nPv+F/rB57oWq1x+ka37qhXfialyLtTi17fGDLe2nt7UvbGk/M6H97Lb2YdO+nNtPxGr8Oq7F2w/bFydcGLU0ob2e0J7z79v/i5TzH7S+mvxXUns1Mm3c/ai3bb9vT8c9z8W///fl7XvX9N2J/sNta2u273gH/dn4P3lmGL+5sXb9xO+u3Lx5/XSkyZalZyJN9ljOfyF95fxfeWmzPf/eb++vdz8aPnH+s+JODHbM/6XWfLO9r065b13I+Q/TV84/H4HG7//znP/O+/9rHfQHAAAAAAAAAAAAAAAAHqeu641bRC9GxIV0/09X92YCANOVj/91kper1XtZ5yWz0h+1Wq0utW6rx3tz499qfXO9pa3rNK8Zfj/umwEAs+x/EfGvrjtBZ+RfsPx5f830K113BpiqGx98+Msr166tXb/RdU8AAAAAAAAAgM8rj/95rDX+88Z1QCPjRm8Z//WtODa343/2hv2Nsc7TBr0Yjx//+3g8fvzvwYTnW5jQPpzQvrh90T/axdKE9cfe6NGS838xZZzzP5o2rKTxX1/poD9dy/kfT2M95/y/NvK4dv713+Y5/96W/E/efO/9kzc++PD1q+9deXft3bVfnT514dzZ8+fOnj9/8p2r19ZObf7bYY/3V84/j33tOtCy5Pxz5vIvS87/q6mWf1ly/i+nWv5lyfnn13vyL0vOP7/3kX9Zcv6vplr+Zcn5fz3V8i9Lzv+1VMu/LDn/b6Ra/mXJ+b+eavmXJed/ItXyL0vO/2Sq5V+WnH8+wyX/suT885UN8i9Lzv9MquVflpz/2VTLvyw5/3Opln9Zcv7nUy3/suT8L6Ra/mXJ+X8z1fIvS87/W6mWf1ly/m+kWv5lyfl/O9XyL0vO/zupln9Zcv7fTbX8y5Lz/16q5V+WnP/3Uy3/suT830y1/Mvy6PP/zZgxYybPdP2bCQAAAAAAAAAAAAAYNY3LibveRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7PDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1Eaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwd3cxcpX3GcDPfnptSHADIYQ4wTaGOGFhd/0FDnEwSUgpaVNKQtq0pMax18aJv+pdJ4BQWQptiYJUpPaCXjRNojSK1FagKFJTiUZIjdTelatE3EStxIWlQuWgpFKqwFZnzvu+OzM7O7O2d+0z5/x+CP+9M2dm3jlzZnaftZ4ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg2aaPTf/5QJZl+f+NP9Zn2eX539dme/Mv53Zd6hUCAAAAF+rNxp//cEU6Ye8yLtS0zb+97z++Pz8/P5994Y0zb/3l/Hw6Y2OWDa3JssZ50b//8hfzzdsET2ZjA4NNXw/2uPmhHucP9zh/pMf5oz3OX9Pj/LEe5y/aAYusLX4f07iyLY2/ri92aXZVNtI4b0uHSz05sGZwMP4up2GgcZn5kUPZkexoNp1NLrrMQOO/LHtxU35bd2fxtgabbmtDlmVnf/bYgbiGgbCPt2QtN9bQ/Ni9fme28Y2fPXbgO7OvvbvT7LkbFq00y7Zuztf5VJYt/LoqG8jWpH0S1znYtM4NHdY51LLOgcbl8r+3r/PsMtcZ7/dYWOfLXda5IZz28PVZls1lS27T7slsMFvXdqtpf48VR0R+HflD+Y5s+JyOk03LOE7yy7x6fetx0n5Mxv2/KeyT4SXW0PxwvP7E6KL9fr7HSX6vy3Cs5td9b36jY2PNv1ptOVbzbR67YeljoONj1+EYSMdy0zGwudcxMDg61DgGBhfWvLnlGJhadJnBbKBxW2du6H4MTMweOzkx88ijNx85tv/w9OHp41OTu3Zs37lj+86dE4eOHJ2eLP48t13aR9Zlg+kY3Bxea+Ix+P62bZsPyflvrtzzYKwkz4P8vn/mxnxBlw9mSxzj+TZPbb3w50H6vt/0PBhueh50fE3t8DwYXsbzIN/m7Nblfc8cbvq/0xpW67VwfdMxcCm/H+a3+cAHln4t3BDW9fQHz/X74dCiYyDerYHw3MtPST/vjd0W9svi4+La/IzLRrPTM9Onbnl4/+zsqaksjIviyqbHqv14Wdd0n7JFx8vgOR8ve//+Vzde2+H09WFfjd3U/bHKt9kx3v2xary6t+7P0azYny2nbsvCWGEXe392+m6W78+UJbrsz3ybp26+8J8FUy5pev0b6fX6NzQyXLz+DaW9MdLy+rf4oRlqrCzLzt68vNe/kfD/xX79u6okr3/5vnrglu7HQL7N0xPnegwMd339uz7MgbCeD4TEMNaU+99qnD9XHKZNj2XP42Z4eCQcN8PxFluPm+2LLpNfW37bWyfP77jZen3rY9Xyc0sFj5t8X/3VZPfjJt/mpakLf+1YG//a9Nox2usYGBkazdc7kg6C4vVufm08Bm7JDmQnsqPZwXSZ/FHOb2t82/KOgdHw/8V+7bimJMdAvq+e29b9GMi3+dH2lf3ZaWs4JW3T9LNT++8Xlsr81w4vXF/7blvpzJ+v8+M//lQ6rVOGyLd5bce55ozu++mmcMplHfZT+/NnqWP6YHZx9tM1YZ1Hd3b/3VS+zVW7lnk87c2y7JWpVxq/7wq/3/3e6R9/v+X3vp1+p/zK1Cv3TNz3k3NZPwAA5++txp9zo8XPmk3/Yr2cf/8HAAAA+kLM/YNhJvI/AAAAVEbM/UNhJvI/AAAAVEbM/cNhJjXJ/w/dtvv5Nx/P0rsBzgfx/Lgb7v1IsV3seM+FrzfOL8hP/+i3R57/6uPLu+3BLMt+dc97Om7/0Efiugon4zo/1Hr6Itdct6zbf/D+he2a3z/h7O7i+uP9We5hELvKL05sa1zvxkemGvOle7LGvG/u6SeL6y++jtuf2V5s/zfhTUv2HhpoufzWsJ4tYW4M7ylz796F/ZDPeLnnN7zvX6/87MLtxcsNbH57424+98fF9cb3iHr2ymL7eL+XWv+/fO27z+fbP3xD5/U/Pth5/WfC9b4a5i/3FNs37/OvNq3/T8P64+3Fy93yrR92XP8L7yq2fyEcF98Is339d/7Fe9/s9HjF29l7e3G5ePuT/7ujcbl4ffH629c/9vhUy/5ov/6X3iiuZ8+Xfz7UvH08Pd5O9ODtrcf3QHh8W3rkWZZ998+ylv2cfbi43D+3rT9e38nbO6//prZ1nhy4rnH5hfuzvuV+ff3vtnW8v3E9e/9xfcv9efausP/emPhRfr1n7gvHYzj//14urq/9vUxfuKv19SZu/431xfM2Xt9E2/qfbVv/3HX5vuu9/rvfKNb/wh1rWta/9xPheLq7mL3Wf/hvr2i5/De/Uzwep74yfvzEzOkjB5v2avPzeM3Y2nWXXf62t18RXkvbv953Yvah6VMbJzdOZtnGPnzLwNVe/7fC/J9izK38LRR+8vPiuHvmk8X3rff/ovj62XD6g+HxjN8fv/7XIy3Ha/vjPndHMS90/R8M61iud33tv65b1oZnPv/i6X/6k9fafy6I9+fkO8ca9++5TVc3zht4qTi//fWql/98Z+vz+qfDk435g7Bf58M7M2++uri99uuP703yzKeL52/8SS5ePmt7P5H1Q63340LX/9Pwc8wPr2l9/YvHxw8eb3s35/XZQL6EufD6kM0V58et4v5+5uzVHW8vvg9PNvfuc1nmkmYemZk4euT46YcnZqdnZidmHnl037ETp4/P7mu8d+m+L/a6/MLze13j+X1weteOrPFsP1GMVXap13/y/gMHb5288eD0of2nD83ef3L61OEDMzMHpg/O3Lj/0KHpr/S6/JGDe6a27d5+67bxw0cO7rlt9+7tu8ePHD+RL6NYVA+7Jr80fvzUvsZFZvbs2D21c+eOyfFjJw5O77l1cnL8dK/LN743jeeX/vL4qemj+2ePHJsenzny6PSeqd27dm3r+e6Px04emtk4cer08YnTM9OnJor7snG2cXL+va/X5amHmRPh9a7NQPjp/HM37Urvj5v79hNLXlWxSeuPp9nr4b2g4ve3Xl/H3D8SZlKT/A8AAAB1EHN/eOP/hTPkfwAAAKiMmPvXhJnI/wAAAFAZMfcXyX8sffx7XfL/SvX/n9D/b9D/1//P9P8T/X/9/0z/X/+/B/1//f9+Xr/+v/4/vZWt/x9yf7Y2y/z7PwAAAFRUzP3rwkzkfwAAAKiMmPsvCzOR/wEAAKAyYu6/PMykJvnf5//r/+v/d+v/x231/zP9/zL0/7f8t/7/Ivr/+v+Z/v95u9T9+X5ffwn7/2v1/ymbsvX/Y+5/W5hJTfI/AAAA1EHM/W8PM5H/AQAAoDJi7r8izET+BwAAgMqIuX99mElN8r/+v/6//r/P/9f/75v+v8//70D/X/8/0/8/b5e6P9/v6y9h/9/n/1M6Zev/x9z/a2EmNcn/AAAAUAcx978jzET+BwAAgMqIuf/KMBP5HwAAACoj5v6rwkxqkv/r2f9/Ncsy/f9M/1//v22d+v/6/6tB/1//vxv9f/3/fl6//r/+P72Vrf8fc/87w0xqkv8BAACgDmLuvzrMRP4HAACAyoi5/11hJvI/AAAAVEbM/deEmdQk/9ez/+/z//X/C/r/revU/9f/Xw36//r/3ej/l7H/n69Q/1//X/+flVG2/n/M/e8OM6lJ/gcAAIA6iLn/2jAT+R8AAAAqI+b+94SZyP8AAABQGTH3bwgzqUn+1//X/9f/1//X/9f/X0391f8fXPIc/f+C/n+rlev/zy0s4JL3/33+v/6//j8rp2z9/5j73xtmUpP8DwAAAHUQc//7wkzkfwAAAKiMmPuvCzOR/wEAAKAyYu7fGGZSk/yv/6//r/+v/6//r/+/mvqr/780/f+C/n+ran7+v/6//r/+PyunbP3/mPs3hZnUJP8DAABAHcTcvznMRP4HAACAyoi5//owE/kfAAAAKiPm/i1hJjXJ//r/+v/6//r/+v/6/6upGv3/gUr2/0e6baj/vyz6//r/+v/6/3RXtv5/zP03hJnUJP8DAABAHcTcf2OYifwPAAAAlRFz//vDTOR/AAAAqIyY+7eGmdQk/+v/6//r//dx/39I/z/T/y+9avT/ff5/PFn/v9UF9/9H9f/7ef36//r/9Fa2/n/M/R8IM6lJ/gcAAIA6iLn/g2Em8j8AAABURsz9N4WZyP8AAABQGTH3j4eZ1CT/6//r/+v/93H/3+f/t6xf/7+c9P/1/7upff/f5//39fr1//X/6a1s/f+Y+28OM6lJ/gcAAIA6iLn/ljAT+R8AAAAqI+b+iTAT+R8AAAAqI+b+yTCTmuR//X/9f/1//X/9f/3/1aT/r//fjf6//n8/r1//X/+f3srW/4+5fyrMpCb5HwAAAOog5v5tYSbyPwAAAFRGzP3bw0zkfwAAAKiMmPt3hJnUJP/r/1ek/z+o/6//r/+v/19O+v/6/93o/+v/9/P69f/1/2k12OG0svX/Y+7fGWZSk/wPAAAAdRBz/64wE/kfAAAAKiPm/lvDTOR/AAAAqIyY+28LM6lJ/tf/r0j/3+f/6//r/+v/l5T+v/5/N/r/+v/9vH79f/1/eitb/z/m/t1hJjXJ/wAAAFAHMfd/KMxE/gcAAIDKiLn/9jAT+R8AAAD6SqfPIYxi7v9wmElN8r/+f9X7//Nr9P/1//X/u69f/3916f/r/3ej/6//38/r1//X/6e3svX/Y+7fE2ZSk/wPAAAAdRBz/0fCTOR/AAAAqIyY++8IM5H/AQAAoDJi7t8bZlKT/K//X/X+v8//r3f/f6Cxq/T/u69f/3916f/r/3ej/9+f/f/wY4v+f4n6//kxpP9PGZWt/x9z/51hJjXJ/wAAAFAHMfd/NMxE/gcAAIDKiLn/Y2Em8j8AAABURsz9Hw8zqUn+1//X/9f/r3L/3+f/6/9fevr/q9b/b7wU6v8X9P/Pz6Xuz/f7+svU//f5/5RV2fr/Mfff1ZijC1dUk/wPAAAAdVDk/rHsE2Em8j8AAABURsz9vx5mIv8DAABAZcTcf3eYSU3yv/6//r/+v/6//r/+/2rS//f5/93o/+v/9/P69f/1/+mtbP3/mPt/I8ykJvkfAAAA6iDm/nvCTOR/AAAAqIyY+z8ZZiL/AwAAQJ8ZXfKcmPt/M8ykJvlf///i9P8H0/Xr/+v/6//r/+v/ryT9f/3/TP//vPXoz7/V9vAvov+v/6//Ty9l6//H3P9bYSY1yf8AAABQBzH3fyrMRP4HAACAyoi5/7fDTOR/AAAAqIyY++8NM6lJ/l/p/n/75bupU//f5//r/2f6//r/TXtV/3/l6P/r/2f6/+ftUvfn+339+v/6//RWtv5/zP2/E2ZSk/wPAAAAdRBz/31hJvI/AAAAVEbM/Z8OM5H/AQAAoDJi7v9MmElN8r/P/9f/1//X/9f/1/9fTfr/+v/d6P/r//fz+vX/9f/prWz9/5j77w8zqUn+BwAAgDqIuf+zYSbyPwAAAFRGzP2/G2Yi/wMAAEBlxNz/e2EmNcn/+v/6/5Xp/8cr1f/X/w+n6/+Xg/7/4v5//hqm/1/Q/9f/7+f16//r/9Nb2fr/Mfd/LsykJvkfAAAA6iDm/t8PM5H/AQAAoDJi7v+DMBP5HwAAACoj5v4Hwkxqkv/1//X/K9P/9/n/+v/6/6Wk/+/z/7vR/9f/7+f16//r/9Nb2fr/Mfd/PsykJvkfAAAA6iDm/j8MM5H/AQAAoDJi7t8XZiL/AwAAQGXE3P9gmElN8r/+v/6//r/+v/6//v9q0v/X/+9G/1//v5/Xr/+v/09vZev/x9y/P8xkb+vNAAAAAP0r5v4vhJnU5N//AQAAoA5i7j8QZiL/AwAAQGXE3H8wzKQm+V//X/9f/1//X/9f/3816f/r/3ej/6//38/r1//X/6e3svX/Y+6fDjOpSf4HAACAOoi5/1CYifwPAAAAlRFz/+EwE/kfAAAAKiPm/ofCTGqS//X/9f/1/2vb/3/5e23r1P/X/18N+v/6/93o/+v/9/P69f/1/+mtbP3/mPuPhJnUJP8DAABAHcTc/8UwE/kfAAAAKiPm/i+Fmcj/AAAAUBkx9x8NM6lJ/tf/1//X/69t/9/n/wf6/6tL/1//vxv9f/3/fl6//r/+P72Vrf8fc/+xMJOa5H8AAACog5j7j4eZyP8AAABQGTH3nwgzkf8BAACgMmLuPxlmUpP8r/9/bv3/gSW6gfr/ndffB/3/Yt36//r/+v+rRv9f/78b/X/9/35ev/6//j+9la3/H3P/H4WZ1CT/AwAAQB3E3H8qzET+BwAAgMqIuX8mzET+BwAAgMqIuX82zKQm+V//3+f/17z/7/P/9f/1/1eZ/r/+fzf6//r//bx+/X/9f3orW/8/5v7TYSY1yf8A8P/s3WeuXWcVx+GTBAtLETAFGAIjyBAYABISggnwhV4SeugQem+ht9DB9N57770HQg9FCiJeawUc373tax+fd7/reb4sckOUNzLC+iv6aQMAdJC7//5xi/0PAAAA08jd/4C4xf4HAACAaeTuf2Dc0mT/6//1//p//f8l7f//J2/W/+v/Lwb9v/5/p/8/tkP381t/v/5f/8+60fr/3P0Pilua7H8AAADoIHf/g+MW+x8AAACmkbv/IXGL/Q8AAADTyN3/0Lilyf7X/+v/9f/6f9//1//vk/5f/79E/6//3/L79f/6f9aN1v/n7n9Y3NJk/wMAAEAHufsfHrfY/wAAADCN3P2PiFvsfwAAAJhG7v6r45Ym+1//r//X/+v/9f/6/33S/+v/l+j/9f9bfr/+X//PutH6/9z918QtTfY/AAAAdJC7/5Fxi/0PAAAA08jd/6i4xf4HAACAaeTuf3Tc0mT/6//1//p//b/+X/+/T/p//f8S/b/+f8vv1//r/1k3Wv+fu/8xcUuT/Q8AAAAd5O5/bNxi/wMAAMA0cvc/Lm6x/wEAAGAaufsfH7c02f/6f/2//l//367/P+P/I/T/+6X/1/8v0f/r/7f8fv2//p91e+//73Htrfdc+//c/dfGLU32PwAAAHSQu/8JcYv9DwAAANPI3f/EuMX+BwAAgGnk7n9S3NJk/+v/9f+39f+3XKb/1/+36P/P+Pvp//dL/6//X6L/1/8f9P330f/r/9m3vff/K73/mX+cu//JcUuT/Q8AAAAd5O5/Stxi/wMAAMA0cvc/NW6x/wEAAGAaufufFrc02f/6f/2/7//r//X/+v990v/r/5fo//X/W37/Uv9/1Tm8X/9PB6P1/7n7nx63NNn/AAAA0EHu/mfELfY/AAAATCN3/3Vxi/0PAAAA08jd/8y4pcn+1//r//X/+v//7/8vb9n///dn+v/90P/r/5fo//X/Y7//sjss/fW+/6//Z92l7/9P/05wVP+fu/9ZcUuT/Q8AAAAd5O5/dtxi/wMAAMA0cvc/J26x/wEAAGAaufufG7c02f/6f/2//l//f0Hf/79ijv7f9//3R/+v/1+i/9f/b/n9+n/9P+tG+/5/7v7nxS1N9j8AAAB0kLv/+XGL/Q8AAADTyN3/grjF/gcAAIBp5O5/YdzSZP/r//X/+n/9/wX1/5N8/1//vz/6f/3/knPt/3f6//pn0f+P8379v/6fdaP1/7n7XxS3NNn/AAAA0EHu/hfHLfY/AAAATCN3/0viFvsfAAAAppG7/6VxS5P9r//X/+v/9f/6f/3/Pun/9f9LfP9f/7/l9+v/9f+sG63/z93/srilyf4HAACADnL3vzxusf8BAABgGrn7XxG32P8AAAAwjdz9r4xbmux//b/+X/+v/9f/6//3Sf+v/1+i/z97/3/yiL+f/n+s9+v/9f+sG63/z91/fdzSZP8DAABAB7n7XxW32P8AAAAwjdz9r45b7H8AAACYRu7+18QtTfb/Uf3/TVee/vP6/3Oj/z/7+/X/+n/9v/5f/6//X6L/9/3/Lb9f/6//Z91o/X/u/tfGLU32PwAAAHSQu/91cYv9DwAAANPI3f/6uMX+BwAAgGnk7n9D3NJk/1/87//fVf+v/9f/x9X/6//1//p//f8y/b/+f8vv1//r/1k3Wv+fu/+NcUuT/Q8AAAAd5O5/U9xi/wMAAMA0cve/OW6x/wEAAGAaufvfErc02f8Xv//3/X/9/3n2/5fr/5P+P35d9f/6//Og/9f/7/T/x3bofn7r79f/6/9ZN1r/n7v/hrilyf4HAACADnL3vzVusf8BAABgGrn73xa32P8AAAAwjdz9b49bmuz/2/f/V+1m7v/z/fr/04bo/33/v+j/49dV/6//Pw/6f/3/Tv9/bIfu57f+fv2//p91o/X/ufvfEbc02f8AAADQQe7+d8Yt9j8AAABMI3f/u+IW+x8AAACmkbv/3XFLk/3v+//6f/3/8P3/DWf+703/r//fEv2//n+J/l//v+X3j9P/xw+u1v8zntH6/9z974lbmux/AAAA6CB3/3vjFvsfAAAAppG7/1TcYv8DAADANE7dfLf73av+qN/+1/9vvf+/943xAv3/vP2/7//H1f/r/89G/6//3+n/j+3Q/fzW3z9O/+/7/4xrtP7/fbf+VSd3749bmux/AAAA6CB3/wfiFvsfAAAAppG7/4Nxi/0PAAAA08jd/6G4pcn+1/9vvf/3/X/9v/5f/z82/b/+f4n+X/+/5ffr//X/rBut/8/d/+G4pcn+BwAAgA5y938kbrH/AQAAYBq5+z8at9j/AAAAMI3c/R+LW5rsf/2//l//r/+/4P7/Gv3/Tv9/JP2//n+J/l//v+X36//1/6xb6f9PXur+P3f/x+OWJvsfAAAAOsjd/4m4xf4HAACAaeTu/2TcYv8DAADANHL3fypuuPudDveki+vEET+P3lz/r//X/+v/ff9f/79P+n/9/xL9v/5/y+/X/+v/WTfa9/9z9386bvHv/wEAAGAaufs/E7fY/wAAADCN3P2fjVvsfwAAAJhG7v7PxS1N9r/+X/+v/9f/6//1//uk/9f/Lxmu/z+x0//r//X/+n8uotH6/9z9n49bmux/AAAA6CB3/xfiFvsfAAAAppG7/4txi/0PAAAA08jd/6W4pcn+1//r//X/+v9D9f/33On/9f8XTv+v/9/5/v+xHbqf3/r79f/6f9aN1v/n7v9y3NJk/wMAAEAHufu/ErfY/wAAADCN3P1fjVvsfwAAAJhG7v6vxS1N9r/+X/+v/9f/+/6//n+f9P/6/yX6f/3/lt+v/9f/s260/j93/9fjlib7HwAAADrI3f+NuMX+BwAAgGnk7v9m3GL/AwAAwDRy938rbmmy/2fu/5f+a9vo/2+5i/5f/6//1//r/5fp//X/O/3/sR26n9/6+/X/+n/Wjdb/5+7/dtzSZP8DAABAB7n7vxO32P8AAAAwjdz9341b7H8AAACYRu7+78UtTfb/zP3/km30/77/r//X/+/0//r/Ffp//f9O/39sh+7nt/5+/b/+n3UH6v9P7I7o/3P3fz9uabL/AQAAoIPc/T+IW+x/AAAAmEbu/h/GLfY/AAAATCN3/4/ilnn2/31PLfxJ/b/+X/+v/9f/6//3Sf+v/1+i/9f/b/n9+n/9P+tG+/5/7v4fxy3z7H8AAABoL3f/T+IW+x8AAACmkbv/p3GL/Q8AAADTyN3/s7ilyf7X/+v/9f+t+v8rdvp//f8lpv/X/y/R/+v/t/x+/b/+n3Wj9f+5+38etzTZ/wAAANBB7v5fxC32PwAAAEwjd/8v4xb7HwAAAKaRu/9XcUuT/a//1//r/1v1/77/r/+/5PT/+v8l+n/9/5bfr//X/7NutP4/d/+v45Ym+x8AAAA6yN3/m7jF/gcAAIBp5O7/bdxi/wMAAMA0cvf/Lm5psv/1//p//b/+X/+v/98n/b/+f4n+X/+/5ffr//X/rBut/8/df2Pc0mT/AwAAQAe5+38ft9j/AAAAMI3c/X+IW+x/AAAAmEbu/pvilib7X/+v/5+y/7+j/l//r/8fhf7/OP3/Of5Gqv8/UP9/5Z3zP+n/9f/6f/0/y0br/3P3/zFuabL/AQAAoIPc/X+KW+x/AAAAmEbu/j/HLfY/AAAATCN3/1/ilib7X/+v/z///v9E/XMP2//7/r/+X/8/DP2/7/8v2Wb/f5sL7f+vu/70j/X/23y//l//z7rR+v/c/X+NW5rsfwAAAOggd//f4hb7HwAAAKaRu//vcYv9DwAAANPI3X9z3NJk/+v/9f9Tfv9f/6//1/8PQ/+v/1/Svf/3/f9tv1//r/9n3Wj9f+7+f8QtTfY/AAAAdJC7/59xi/0PAAAA08jd/6+4xf4HAACAaeTu/3fc0mT/6//1//p//b/+X/+/T/p//f8S/b/+f8vv1//r/1k3Wv+fu/8/AQAA///AmDbi")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x4)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, 0x0)

1.744573173s ago: executing program 1 (id=2171):
mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000019100)='./file0\x00', 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='smaps_rollup\x00')

1.679877638s ago: executing program 5 (id=2172):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000040)=0x6, 0x4)

1.519316111s ago: executing program 1 (id=2173):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, r1, 0x701, 0x0, 0x0, {0x16}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)

1.502488591s ago: executing program 5 (id=2174):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f00000002c0)={0x40, 0xb, 0x1, "98"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="2015bc"], 0x0, 0x0, 0x0, 0x0})

1.184826666s ago: executing program 3 (id=2175):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x2f)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000000c0)={{{@in, @in=@multicast2, 0x0, 0x8, 0x0, 0x0, 0xa, 0x50, 0x0, 0x3c}, {0x0, 0x3}, {0x0, 0x0, 0x0, 0xe0}, 0x0, 0x0, 0x1}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x40, 0x6c}, 0x0, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x400000}}, 0xe8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)

1.041746165s ago: executing program 1 (id=2176):
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000240)="f56ed761e9c8219d05f5e35c81ecb8f854b51ecdf2bd4afe", 0x18, 0xfffffffffffffffe)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000180)={0x0, "44ee4dcf6df6b457eba45bc88153e9b5cbf7cc1af7b76983c2717759237e827d8b738dbbf41db40d00"}, 0x48, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

1.039630592s ago: executing program 0 (id=2177):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = epoll_create1(0x80000)
epoll_pwait2(r0, &(0x7f0000000080)=[{}], 0x1, &(0x7f00000000c0), 0x0, 0x0)

973.403928ms ago: executing program 3 (id=2178):
r0 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil)
r1 = shmat(r0, &(0x7f0000caa000/0x3000)=nil, 0x7000)
mlock(&(0x7f0000d6f000/0x2000)=nil, 0x2000)
shmdt(r1)

780.763387ms ago: executing program 2 (id=2179):
r0 = io_uring_setup(0x1fb8, &(0x7f0000000540)={0x0, 0x1ae0, 0x400, 0x0, 0xea})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000005c0)=""/89, 0x59}, {&(0x7f0000000940)=""/94, 0x5e}], 0x2)
syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1)

728.925967ms ago: executing program 3 (id=2180):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x2c, r2, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

727.06662ms ago: executing program 1 (id=2181):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x32cc0000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x1000)

634.425479ms ago: executing program 4 (id=2182):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)

507.741497ms ago: executing program 3 (id=2183):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r0, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f00000000c0)=0x6, 0x4)
recvmmsg(r0, &(0x7f0000002400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000023c0)=""/27, 0x1b}, 0x1}], 0x1, 0x10162, 0x0)

494.472799ms ago: executing program 2 (id=2184):
r0 = syz_io_uring_setup(0x45b4, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x200000, 0x46}, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000580)=@sco})
io_uring_enter(r0, 0x2914, 0x58f2, 0x0, 0x0, 0x0)

293.721304ms ago: executing program 3 (id=2185):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000000)='./file0\x00', 0x2000494, &(0x7f00000002c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x2, 0x2b9, &(0x7f0000000fc0)="$eJzs3E1rE3sUx/HTpm3SlDa5cLlwL1w96EY3QxtfgAZpQQwotSnqQpjaiYaMSZkJlYjYbMStr6O4dCeoL8BuxI17d0UQ3HQhjjiTaZM2rWmap7bfD5T5Z87/x5ymD5wEJpu3Xz4q5FwjZ5ZlOKYyLFKVLZHk71XNUO047K/HpF5VLk58//z/rTt3r6czmdl51bn0wqWUqk6dffv46atz78sTi6+n3kRlI3lv81vqy8Y/G/9u/lx4mHdHxdViqaymLpVKZXPJtnQ57xYM1Zu2ZbqW5ouu5TTUc3ZpZaWiZnF5Mr7iWK6rZrGiBaui5ZKWnYqaD8x8UQ3D0Mm4nG4jLezJrs/Pm+l9y16kox2h68abnXScdLV5Mbveg54AAMCAOXj+D2b9/ef/zGJwbGv+1/x+87/Ikef/D2O9fy6Pg2rDoz/M/6FE07OxjjWFrnKctBmv/f02Yv4HAAAAAAAAAAAAAAAAAAAAAOA42PK8hOd5ifAYfkVrN3iEj/vdJ7qjzZ//5T61iw6ru3EvJmK/WM2uZoNjUE/nJC+2WDItCfnh/z7UBOu5a5nZafUl5Z29VsuvrWYjEg3zoWSYH/JvQwvyZ/6aCfLamB+VeP31U5KQv5tfP9U0PyYXztflDUnIx/tSEluW/Wvv5J/NqF69kdmVH/f3AQAAAABwEhi6bc/rd7/ub4jJ3nqQP8T7A7teX4/If618RCUAAAAAADgyt/KkYNq25bSxiIrIEeIndRGRgWhj1+KKiAxAG71axEQkOKPtxL9ux1tKeS3sGRGRvj8th1j0+z8TAAAAgE7bGfoPEfr0vIsdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+rT6eWDh/j2lsHBAvO5ykZ5/gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA+RUAAP//ovscvw==")
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaa"], 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

293.031354ms ago: executing program 0 (id=2186):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fe80000000000000000000000000003bfe8000000076f122df000000000000aa0000000000000c9c0a00103000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000007f00000000000000070000000000000003000000000000000000000000000000fdffffffffffffff0500000000000000ffffffffffffffffffffffff00000000000000000000000000000000000000000500000000000000000000000000000001"], 0xb8}, 0x1, 0x0, 0x0, 0x84811}, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x800, &(0x7f0000000080)={0xa, 0x4e20, 0x104, @local}, 0x1c)

219.898051ms ago: executing program 2 (id=2187):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x16, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x53, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x1e)

136.687329ms ago: executing program 0 (id=2188):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})
clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0xd24f, 0xfffffffffffffffa, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6})

120.821284ms ago: executing program 3 (id=2189):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x149441, 0x170)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0xbf39)

46.182001ms ago: executing program 2 (id=2190):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00080000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0}, 0x10)
chroot(0x0)
pivot_root(0x0, 0x0)

0s ago: executing program 4 (id=2191):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, &(0x7f0000002140)=ANY=[@ANYBLOB="02020c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0003246000"], 0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

 R09: 0000000000000000
[  248.519127][ T5834] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe45164330
[  248.519144][ T5834] R13: 00007f4cf1e11d7d R14: 000000000003ca0e R15: 00007ffe45164370
[  248.519187][ T5834]  </TASK>
[  248.519197][ T5834] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  248.621967][ T9561] loop2: detected capacity change from 0 to 256
[  248.967857][ T9561] exfat: Deprecated parameter 'utf8'
[  249.043748][ T9561] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  249.215333][ T5907] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  249.351383][ T9551] loop0: detected capacity change from 0 to 40427
[  249.377529][ T9551] F2FS-fs (loop0): Image doesn't support compression
[  249.388949][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  249.406318][ T9551] F2FS-fs (loop0): build fault injection rate: 690
[  249.415453][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  249.438912][ T9551] F2FS-fs (loop0): invalid crc value
[  249.444441][ T5907] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  249.503170][ T5907] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  249.535588][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.576314][ T5907] usb 2-1: config 0 descriptor??
[  249.760590][ T9551] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  249.808880][ T9551] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  250.073664][ T5833] syz-executor: attempt to access beyond end of device
[  250.073664][ T5833] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  250.106344][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  250.106379][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  250.106395][ T5833] Call Trace:
[  250.106405][ T5833]  <TASK>
[  250.106416][ T5833]  dump_stack_lvl+0x189/0x250
[  250.106456][ T5833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.106498][ T5833]  ? __pfx_queue_work_on+0x10/0x10
[  250.106526][ T5833]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  250.106562][ T5833]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  250.106614][ T5833]  f2fs_handle_critical_error+0x37c/0x540
[  250.106659][ T5833]  f2fs_write_end_io+0x886/0xb60
[  250.106723][ T5833]  __submit_merged_bio+0x27a/0x6a0
[  250.106766][ T5833]  __submit_merged_write_cond+0x255/0x530
[  250.106810][ T5833]  f2fs_write_data_pages+0x261d/0x3000
[  250.106845][ T5833]  ? __lock_acquire+0xab9/0xd20
[  250.106919][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.107018][ T5833]  ? __mod_zone_page_state+0xd7/0x140
[  250.107066][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107094][ T5833]  ? folios_put_refs+0x58b/0x670
[  250.107139][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107166][ T5833]  ? __lock_acquire+0xab9/0xd20
[  250.107202][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107230][ T5833]  ? do_raw_spin_lock+0x121/0x290
[  250.107273][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107306][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107333][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  250.107370][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.107407][ T5833]  do_writepages+0x32e/0x550
[  250.107446][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107491][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107518][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  250.107561][ T5833]  filemap_fdatawrite+0x199/0x240
[  250.107595][ T5833]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  250.107687][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107723][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  250.107766][ T5833]  f2fs_sync_dirty_inodes+0x31f/0x830
[  250.107829][ T5833]  f2fs_write_checkpoint+0x93e/0x2440
[  250.107868][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.107896][ T5833]  ? __lock_acquire+0xab9/0xd20
[  250.107963][ T5833]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  250.108086][ T5833]  kill_f2fs_super+0x2cc/0x6d0
[  250.108125][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.108162][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  250.108225][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.108252][ T5833]  ? shrinker_free+0x2ce/0x3e0
[  250.108285][ T5833]  deactivate_locked_super+0xbc/0x130
[  250.108319][ T5833]  cleanup_mnt+0x425/0x4c0
[  250.108346][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.108374][ T5833]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.108416][ T5833]  task_work_run+0x1d4/0x260
[  250.108459][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  250.108501][ T5833]  ? __x64_sys_umount+0x122/0x160
[  250.108544][ T5833]  ? exit_to_user_mode_loop+0x40/0x130
[  250.108576][ T5833]  exit_to_user_mode_loop+0xe9/0x130
[  250.108602][ T5833]  do_syscall_64+0x2bd/0x3b0
[  250.108622][ T5833]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.108659][ T5833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.108682][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.108709][ T5833]  ? exc_page_fault+0x9f/0xf0
[  250.108749][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.108773][ T5833] RIP: 0033:0x7f5599f901f7
[  250.108795][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  250.108816][ T5833] RSP: 002b:00007ffe38312f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  250.108842][ T5833] RAX: 0000000000000000 RBX: 00007f559a011d7d RCX: 00007f5599f901f7
[  250.108859][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe38313010
[  250.108875][ T5833] RBP: 00007ffe38313010 R08: 0000000000000000 R09: 0000000000000000
[  250.108892][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe383140a0
[  250.108909][ T5833] R13: 00007f559a011d7d R14: 000000000003d039 R15: 00007ffe383140e0
[  250.108954][ T5833]  </TASK>
[  250.108963][ T5833] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  250.410902][ T9590] netlink: 'syz.4.1346': attribute type 2 has an invalid length.
[  250.457723][ T9584] loop5: detected capacity change from 0 to 4096
[  250.549404][ T5907] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  250.565433][ T5907] usb 2-1: USB disconnect, device number 8
[  250.668063][ T9592] fido_id[9592]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  251.922097][ T9627] input: syz0 as /devices/virtual/input/input14
[  252.334775][ T9637] loop5: detected capacity change from 0 to 128
[  252.354852][ T9602] loop2: detected capacity change from 0 to 32768
[  252.382298][ T9637] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  252.421030][ T9637] hpfs: filesystem error: improperly stopped
[  252.441723][ T9602] 
[  252.441723][ T9602]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  252.441723][ T9602] 
[  252.453922][ T9637] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  252.482429][ T9637] hpfs: You really don't want any checks? You are crazy...
[  252.516023][ T9637] hpfs: hpfs_map_sector(): read error
[  252.540948][ T9602] read_mapping_page failed!
[  252.551001][ T9637] hpfs: code page support is disabled
[  252.566325][ T9637] hpfs: hpfs_map_4sectors(): unaligned read
[  252.572332][ T9602] ERROR: (device loop2): txCommit: 
[  252.572332][ T9602] 
[  252.604062][ T9637] hpfs: hpfs_map_4sectors(): unaligned read
[  252.646022][ T9648] loop4: detected capacity change from 0 to 1024
[  252.654609][ T9648] EXT4-fs: Ignoring removed oldalloc option
[  252.662069][ T9648] EXT4-fs: Ignoring removed bh option
[  252.668403][ T9647] read_mapping_page failed!
[  252.673320][ T9637] hpfs: filesystem error: unable to find root dir
[  252.693140][ T9646] loop0: detected capacity change from 0 to 2048
[  252.699690][ T9647] ERROR: (device loop2): txCommit: 
[  252.699690][ T9647] 
[  252.766937][ T9648] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.823302][ T5832] 
[  252.823302][ T5832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  252.823302][ T5832] 
[  252.870472][ T5929] Process accounting resumed
[  252.875791][ T5832] 
[  252.875791][ T5832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  252.875791][ T5832] 
[  252.888078][ T9654] loop1: detected capacity change from 0 to 64
[  252.921046][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.943576][ T9646] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.008986][ T9655] Process accounting resumed
[  253.209430][ T9662] loop4: detected capacity change from 0 to 1024
[  253.282567][ T5833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.342948][ T9662] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  253.376028][ T9662] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  253.535547][ T9662] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: comm syz.4.1376: lblock 0 mapped to illegal pblock 0 (length 1)
[  253.550383][   T30] audit: type=1800 audit(1759578406.981:42): pid=9662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1376" name="file1" dev="loop4" ino=15 res=0 errno=0
[  253.650491][ T9662] EXT4-fs error (device loop4): ext4_ext_remove_space:2955: inode #15: comm syz.4.1376: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  253.867913][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  254.963761][ T9676] loop1: detected capacity change from 0 to 32768
[  255.019565][ T9676] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1381 (9676)
[  255.139295][ T9676] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  255.185362][ T9676] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  255.360808][ T9691] loop4: detected capacity change from 0 to 32768
[  255.468467][ T9676] BTRFS info (device loop1): enabling ssd optimizations
[  255.495454][ T9691] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  255.545329][ T9676] BTRFS info (device loop1): enabling free space tree
[  255.673559][ T9691] XFS (loop4): Ending clean mount
[  255.854076][ T5837] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  255.956946][ T5834] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  255.977622][ T9742] loop0: detected capacity change from 0 to 64
[  256.096139][ T9745] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  256.129102][ T9742] overlayfs: upper fs needs to support d_type.
[  256.199967][ T9742] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  256.250926][ T9742] overlayfs: failed to set xattr on upper
[  256.296741][ T9742] overlayfs: ...falling back to redirect_dir=nofollow.
[  256.303938][ T9742] overlayfs: ...falling back to index=off.
[  256.326565][ T9742] overlayfs: ...falling back to uuid=null.
[  256.782909][ T9722] loop5: detected capacity change from 0 to 32768
[  256.833788][ T9722] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1395 (9722)
[  256.873405][ T9752] loop1: detected capacity change from 0 to 4096
[  256.910591][ T9722] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  256.936709][ T9752] ntfs3(loop1): ino=3, Correct links count -> 2.
[  256.964454][ T9722] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  257.103335][ T5929] IPVS: starting estimator thread 0...
[  257.119718][ T9763] IPVS: rr: FWM 3 0x00000003 - no destination available
[  257.131786][ T9752] ntfs3(loop1): ino=1a, mi_enum_attr
[  257.148258][ T9752] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  257.235548][ T9767] IPVS: using max 23 ests per chain, 55200 per kthread
[  257.301914][   T30] audit: type=1800 audit(1759578410.751:43): pid=9752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1404" name="file1" dev="loop1" ino=33 res=0 errno=0
[  257.353911][ T9722] BTRFS info (device loop5): enabling ssd optimizations
[  257.396732][ T9722] BTRFS info (device loop5): enabling free space tree
[  257.617460][ T9785] loop1: detected capacity change from 0 to 47
[  257.836942][ T5850] Bluetooth: hci6: command 0x1003 tx timeout
[  257.847705][ T5836] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  257.906543][   T37] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared)
[  258.096757][ T5847] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  258.557714][ T9815] netlink: 'syz.3.1419': attribute type 29 has an invalid length.
[  258.610314][ T9815] netlink: 'syz.3.1419': attribute type 29 has an invalid length.
[  258.655907][ T9815] netlink: 'syz.3.1419': attribute type 29 has an invalid length.
[  258.795342][ T5982] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  258.805954][   T36] Bluetooth: hci6: Frame reassembly failed (-84)
[  258.851051][ T9821] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 2
[  258.965450][ T5982] usb 2-1: Using ep0 maxpacket: 32
[  258.992565][ T5982] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  259.018105][ T5982] usb 2-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0
[  259.045659][ T5982] usb 2-1: Product: syz
[  259.057458][ T5982] usb 2-1: config 0 descriptor??
[  259.204250][ T9837] batman_adv: batadv0: Adding interface: gretap1
[  259.228622][ T9837] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  259.267732][ T9837] batman_adv: batadv0: Interface activated: gretap1
[  259.280591][ T5982] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  259.310249][ T5982] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  259.314293][ T9833] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.329376][ T9833] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.334950][ T5982] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  259.336545][ T9833] bridge0: port 2(bridge_slave_1) entered forwarding state
[  259.369925][ T5982] usb 2-1: media controller created
[  259.383735][ T9840] loop5: detected capacity change from 0 to 128
[  259.404514][ T9840] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  259.431580][ T9840] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  259.480995][ T5907] Process accounting resumed
[  259.511833][ T5982] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  259.520593][ T3584] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  259.603299][ T5982] az6027: usb out operation failed. (-71)
[  259.625780][ T5982] az6027: usb out operation failed. (-71)
[  259.631530][ T5982] stb0899_attach: Driver disabled by Kconfig
[  259.645624][ T5982] az6027: no front-end attached
[  259.645624][ T5982] 
[  259.658154][ T5982] az6027: usb out operation failed. (-71)
[  259.675843][ T9846] netlink: 'syz.3.1435': attribute type 9 has an invalid length.
[  259.694939][ T5982] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  259.718554][ T5982] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input15
[  259.739366][ T5982] dvb-usb: schedule remote query interval to 400 msecs.
[  259.748355][ T5982] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  259.795781][ T5982] usb 2-1: USB disconnect, device number 9
[  259.997521][ T5982] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  260.319716][ T9868] netlink: 360 bytes leftover after parsing attributes in process `syz.3.1444'.
[  260.320504][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  260.510633][ T9870] sctp: [Deprecated]: syz.1.1445 (pid 9870) Use of int in max_burst socket option.
[  260.510633][ T9870] Use struct sctp_assoc_value instead
[  260.875300][ T5850] Bluetooth: hci6: command 0x1003 tx timeout
[  260.883031][ T5836] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  260.917502][ T9862] loop0: detected capacity change from 0 to 32768
[  260.975679][ T9862] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1441 (9862)
[  261.082281][ T9862] BTRFS info (device loop0): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  261.123964][ T9862] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  261.282231][ T9897] loop5: detected capacity change from 0 to 2048
[  261.295923][ T9862] BTRFS info (device loop0): enabling ssd optimizations
[  261.310606][ T9862] BTRFS info (device loop0): enabling free space tree
[  261.324159][ T9897] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  261.338718][ T9862] BTRFS info (device loop0): use lzo compression, level 1
[  261.445312][ T5982] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  261.641420][ T9917] netlink: 'syz.4.1460': attribute type 4 has an invalid length.
[  261.647471][ T5982] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  261.669645][   T30] audit: type=1800 audit(1759578415.131:44): pid=9862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1441" name="file1" dev="loop0" ino=260 res=0 errno=0
[  261.710978][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.735934][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.765309][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  261.781832][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.805334][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.838127][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  261.849184][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.874527][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.901833][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  261.933085][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.965388][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.999609][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  262.036559][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  262.078165][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  262.104486][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  262.147947][ T5833] BTRFS info (device loop0): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  262.178126][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  262.192682][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  262.213854][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  262.222556][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  262.268940][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  262.316793][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  262.357127][ T5982] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  262.377891][ T5982] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  262.434795][ T5982] usb 3-1: config 0 interface 0 has no altsetting 0
[  262.459915][ T5982] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  262.474219][ T9934] binder: 9933:9934 ioctl 541b 0 returned -22
[  262.501018][ T5982] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  262.525826][ T5982] usb 3-1: Product: syz
[  262.545850][ T5982] usb 3-1: Manufacturer: syz
[  262.550467][ T5982] usb 3-1: SerialNumber: syz
[  262.601215][ T5982] usb 3-1: config 0 descriptor??
[  262.659916][ T5982] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  263.030513][ T9943] loop0: detected capacity change from 0 to 4096
[  263.052642][   T10] usb 3-1: USB disconnect, device number 14
[  263.092655][ T9943] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  263.139880][   T10] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  263.241732][ T9943] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  263.333479][ T9955] loop5: detected capacity change from 0 to 4096
[  263.387579][ T9943] ntfs3(loop0): ino=1e, mi_enum_attr
[  263.390811][ T9955] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.409237][ T9964] loop4: detected capacity change from 0 to 1024
[  263.547999][ T5847] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.618497][ T3584] hfsplus: b-tree write err: -5, ino 4
[  263.841514][ T9976] team0: No ports can be present during mode change
[  263.854584][ T5982] kernel read not supported for file /dsp (pid: 5982 comm: kworker/1:6)
[  263.855647][ T9974] loop5: detected capacity change from 0 to 736
[  264.390130][ T9993] loop4: detected capacity change from 0 to 128
[  264.410836][ T9993] EXT4-fs (loop4): Test dummy encryption mode enabled
[  264.513444][ T9993] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  264.588771][ T9993] ext4 filesystem being mounted at /234/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  264.751444][ T5834] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  265.212978][ T9986] loop1: detected capacity change from 0 to 40427
[  265.260092][ T9986] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  265.292158][ T9986] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  265.314067][ T9986] F2FS-fs (loop1): invalid crc value
[  265.527972][ T5982] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  265.554224][T10030] loop2: detected capacity change from 0 to 1024
[  265.571401][T10030] hfsplus: Unknown parameter '0x00000000000000000xffffffffffffffff0xffffffffffffffff€bDœØ›àm„!§Å‚ðe›‚$K�BMï’´ë¿Hcð~œ†‘Ù.ž©<‘(¯+Á6¢aFtpHë!½ {·ÔXVÎáÌ[
@ÎŒ®±nÜ'
[  265.616355][ T9986] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  265.654971][ T9986] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  265.681516][ T9986] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  265.720460][ T5982] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  265.768326][T10031] loop5: detected capacity change from 0 to 4096
[  265.775299][ T5982] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  265.795391][T10031] ntfs3: Unknown parameter ''
[  265.805348][ T5982] usb 4-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  265.814432][ T5982] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.866847][   T10] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  265.933462][ T5982] usb 4-1: config 0 descriptor??
[  265.963556][T10020] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  266.056036][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  266.074582][   T10] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  266.104738][   T10] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  266.135465][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  266.162367][   T10] usb 3-1: config 1 has no interface number 0
[  266.175834][   T10] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  266.202519][   T10] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  266.222205][   T10] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  266.234636][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.275334][    T9] usb 5-1: Using ep0 maxpacket: 16
[  266.286480][    T9] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  266.298547][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  266.307146][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.329148][    T9] usb 5-1: config 0 descriptor??
[  266.358057][    T9] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  266.434800][ T5982] saitek 0003:06A3:0CCD.000E: item fetching failed at offset 0/2
[  266.487055][ T5982] saitek 0003:06A3:0CCD.000E: parse failed
[  266.502660][ T5982] saitek 0003:06A3:0CCD.000E: probe with driver saitek failed with error -22
[  266.566614][    T9] usb 5-1: Detected FT232B
[  266.633304][T10051] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  266.660566][ T5938] usb 4-1: USB disconnect, device number 15
[  266.769008][    T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  266.779303][    T9] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  266.786069][ T5982] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  266.838794][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  266.945355][ T5982] usb 6-1: Using ep0 maxpacket: 8
[  266.957599][ T5982] usb 6-1: config index 0 descriptor too short (expected 6427, got 27)
[  266.966134][ T5982] usb 6-1: config 0 has an invalid interface number: 21 but max is 0
[  266.974206][ T5982] usb 6-1: config 0 has no interface number 0
[  266.982322][ T5938] usb 5-1: USB disconnect, device number 5
[  266.999505][ T5982] usb 6-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  266.999814][ T5938] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  267.023992][ T5982] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  267.056956][ T5938] ftdi_sio 5-1:0.0: device disconnected
[  267.072257][    T9] usb 3-1: USB disconnect, device number 15
[  267.075938][ T5982] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  267.100172][ T5982] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  267.101759][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  267.119651][ T5982] usb 6-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  267.152158][ T5982] usb 6-1: Product: syz
[  267.188993][ T5982] usb 6-1: config 0 descriptor??
[  267.196864][T10049] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  267.406951][T10072] loop1: detected capacity change from 0 to 128
[  267.447137][T10072] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  267.465140][T10075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1531'.
[  267.486886][T10075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1531'.
[  267.508002][T10072] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  267.686198][   T36] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  267.754829][T10081] loop2: detected capacity change from 0 to 512
[  267.874876][ T5982] input: syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input17
[  268.061549][T10083] loop0: detected capacity change from 0 to 4096
[  268.149936][    T9] usb 6-1: USB disconnect, device number 8
[  268.149984][    C1] keyspan_remote 6-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  268.187189][T10083] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  268.322037][T10092] loop1: detected capacity change from 0 to 4096
[  268.351011][T10095] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  268.638314][ T5850] Bluetooth: hci0: command tx timeout
[  268.774056][T10102] loop0: detected capacity change from 0 to 1024
[  268.889703][T10102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  268.997419][   T30] audit: type=1800 audit(1759578422.461:45): pid=10102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1543" name="bus" dev="loop0" ino=18 res=0 errno=0
[  268.999283][T10102] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt.
[  269.248572][ T5833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.515405][ T5836] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  269.515481][ T5850] Bluetooth: hci6: command 0xfc11 tx timeout
[  269.539792][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  269.700017][T10131] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1557'.
[  269.775778][    T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  269.783817][    T9] usb 6-1: config 0 has no interface number 0
[  269.838986][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.874327][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.925309][    T9] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  269.950027][T10098] loop2: detected capacity change from 0 to 40427
[  269.956079][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.971395][T10140] loop1: detected capacity change from 0 to 2048
[  269.983765][    T9] usb 6-1: config 0 descriptor??
[  270.010470][T10144] loop0: detected capacity change from 0 to 256
[  270.012830][T10140] EXT4-fs: Ignoring removed mblk_io_submit option
[  270.035310][T10098] F2FS-fs (loop2): invalid crc value
[  270.054911][T10144] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÏK K¶ÉêRìH§L5ç¥;Ú\à±'
[  270.148917][T10140] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.262870][   T30] audit: type=1800 audit(1759578423.711:46): pid=10140 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1560" name="bus" dev="loop1" ino=18 res=0 errno=0
[  270.306599][T10140] Invalid ELF header magic: != ELF
[  270.437861][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.441430][T10098] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  270.462343][    T9] prodikeys 0003:041E:2801.000F: collection stack underflow
[  270.495523][    T9] prodikeys 0003:041E:2801.000F: item 0 1 0 12 parsing failed
[  270.503834][    T9] prodikeys 0003:041E:2801.000F: hid parse failed
[  270.511192][T10098] F2FS-fs (loop2): Start checkpoint disabled!
[  270.537477][T10098] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  270.537617][    T9] prodikeys 0003:041E:2801.000F: probe with driver prodikeys failed with error -22
[  270.567344][T10098] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  270.708758][  T848] usb 6-1: USB disconnect, device number 9
[  270.740741][ T3584] kworker/u8:7: attempt to access beyond end of device
[  270.740741][ T3584] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  270.791385][ T3584] CPU: 1 UID: 0 PID: 3584 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  270.791419][ T3584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  270.791437][ T3584] Workqueue: writeback wb_workfn (flush-7:2)
[  270.791475][ T3584] Call Trace:
[  270.791485][ T3584]  <TASK>
[  270.791495][ T3584]  dump_stack_lvl+0x189/0x250
[  270.791535][ T3584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  270.791572][ T3584]  ? __pfx_queue_work_on+0x10/0x10
[  270.791600][ T3584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  270.791636][ T3584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  270.791689][ T3584]  f2fs_handle_critical_error+0x37c/0x540
[  270.791733][ T3584]  f2fs_write_end_io+0x886/0xb60
[  270.791797][ T3584]  __submit_merged_bio+0x27a/0x6a0
[  270.791840][ T3584]  __submit_merged_write_cond+0x255/0x530
[  270.791884][ T3584]  f2fs_write_data_pages+0x261d/0x3000
[  270.791972][ T3584]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  270.792030][ T3584]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  270.792108][ T3584]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  270.792161][ T3584]  ? trace_f2fs_writepages+0x7f/0x200
[  270.792196][ T3584]  ? f2fs_write_node_pages+0x478/0x6e0
[  270.792236][ T3584]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  270.792275][ T3584]  ? __lock_acquire+0xab9/0xd20
[  270.792312][ T3584]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  270.792351][ T3584]  do_writepages+0x32e/0x550
[  270.792390][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.792419][ T3584]  ? reacquire_held_locks+0x127/0x1d0
[  270.792449][ T3584]  ? writeback_sb_inodes+0x384/0x1010
[  270.792497][ T3584]  __writeback_single_inode+0x145/0xff0
[  270.792531][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.792564][ T3584]  ? do_raw_spin_unlock+0x122/0x240
[  270.792607][ T3584]  writeback_sb_inodes+0x6c7/0x1010
[  270.792685][ T3584]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  270.792782][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.792810][ T3584]  ? rcu_is_watching+0x15/0xb0
[  270.792840][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.792882][ T3584]  wb_writeback+0x43b/0xaf0
[  270.792928][ T3584]  ? queue_io+0x2f1/0x590
[  270.792966][ T3584]  ? __pfx_wb_writeback+0x10/0x10
[  270.793013][ T3584]  ? _raw_spin_unlock_irq+0x23/0x50
[  270.793055][ T3584]  wb_workfn+0x409/0xef0
[  270.793106][ T3584]  ? __pfx_wb_workfn+0x10/0x10
[  270.793141][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.793169][ T3584]  ? __lock_acquire+0xab9/0xd20
[  270.793211][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.793243][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.793277][ T3584]  ? _raw_spin_unlock_irq+0x23/0x50
[  270.793309][ T3584]  ? process_scheduled_works+0x9ef/0x17b0
[  270.793337][ T3584]  ? process_scheduled_works+0x9ef/0x17b0
[  270.793368][ T3584]  process_scheduled_works+0xae1/0x17b0
[  270.793442][ T3584]  ? __pfx_process_scheduled_works+0x10/0x10
[  270.793483][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.793525][ T3584]  worker_thread+0x8a0/0xda0
[  270.793566][ T3584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  270.793614][ T3584]  ? __kthread_parkme+0x7b/0x200
[  270.793661][ T3584]  kthread+0x711/0x8a0
[  270.793701][ T3584]  ? __pfx_worker_thread+0x10/0x10
[  270.793730][ T3584]  ? __pfx_kthread+0x10/0x10
[  270.793761][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.793795][ T3584]  ? _raw_spin_unlock_irq+0x23/0x50
[  270.793827][ T3584]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.793856][ T3584]  ? lockdep_hardirqs_on+0x9c/0x150
[  270.793890][ T3584]  ? __pfx_kthread+0x10/0x10
[  270.793928][ T3584]  ret_from_fork+0x439/0x7d0
[  270.793960][ T3584]  ? __pfx_ret_from_fork+0x10/0x10
[  270.793997][ T3584]  ? __switch_to_asm+0x39/0x70
[  270.794029][ T3584]  ? __switch_to_asm+0x33/0x70
[  270.794061][ T3584]  ? __pfx_kthread+0x10/0x10
[  270.794098][ T3584]  ret_from_fork_asm+0x1a/0x30
[  270.794157][ T3584]  </TASK>
[  270.794167][ T3584] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  270.860478][T10156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1567'.
[  270.861548][ T5929] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  271.176442][T10138] loop4: detected capacity change from 0 to 40427
[  271.207229][T10144] loop0: detected capacity change from 0 to 32768
[  271.269217][T10144] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  271.328475][T10144] (syz.0.1562,10144,1):ocfs2_mknod:505 ERROR: status = -2
[  271.336144][T10138] F2FS-fs (loop4): invalid crc value
[  271.347354][T10144] (syz.0.1562,10144,0):ocfs2_mkdir:661 ERROR: status = -2
[  271.368614][ T5929] usb 4-1: Using ep0 maxpacket: 8
[  271.396492][ T5929] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  271.465310][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.519604][ T5929] pvrusb2: Hardware description: Terratec Grabster AV400
[  271.549949][T10167] loop5: detected capacity change from 0 to 1024
[  271.554074][ T5929] pvrusb2: **********
[  271.573747][ T5833] (syz-executor,5833,0):ocfs2_inode_is_valid_to_delete:928 ERROR: Skipping delete of root inode.
[  271.587254][ T5929] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  271.653569][T10167] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  271.659783][ T5929] pvrusb2: Important functionality might not be entirely working.
[  271.674802][ T5929] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  271.688468][ T5929] pvrusb2: **********
[  271.720164][ T5833] ocfs2: Unmounting device (7,0) on (node local)
[  271.736295][ T2337] pvrusb2: Invalid write control endpoint
[  271.764484][T10167] ext4 filesystem being mounted at /251/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  271.860170][T10138] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  271.881549][T10138] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  271.969384][ T2337] pvrusb2: Invalid write control endpoint
[  271.986822][ T5847] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.003764][ T2337] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  272.064108][ T2337] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  272.087886][ T2337] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  272.111389][ T2337] pvrusb2: Device being rendered inoperable
[  272.132863][T10151] pvrusb2: Killing an I2C write to 0 that is too large (desired=62 limit=61)
[  272.154378][ T2337] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  272.166801][ T5938] usb 4-1: USB disconnect, device number 16
[  272.180583][ T5834] syz-executor: attempt to access beyond end of device
[  272.180583][ T5834] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  272.205279][ T2337] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  272.221460][ T2337] pvrusb2: Attached sub-driver cx25840
[  272.241149][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  272.264964][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  272.264996][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  272.265011][ T5834] Call Trace:
[  272.265021][ T5834]  <TASK>
[  272.265031][ T5834]  dump_stack_lvl+0x189/0x250
[  272.265071][ T5834]  ? __pfx_dump_stack_lvl+0x10/0x10
[  272.265101][ T5834]  ? __pfx_queue_work_on+0x10/0x10
[  272.265128][ T5834]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  272.265167][ T5834]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  272.265237][ T5834]  f2fs_handle_critical_error+0x37c/0x540
[  272.265278][ T5834]  f2fs_write_end_io+0x886/0xb60
[  272.265343][ T5834]  __submit_merged_bio+0x27a/0x6a0
[  272.265382][ T5834]  __submit_merged_write_cond+0x255/0x530
[  272.265422][ T5834]  f2fs_write_data_pages+0x261d/0x3000
[  272.265498][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  272.265548][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.265575][ T5834]  ? is_bpf_text_address+0x292/0x2b0
[  272.265634][ T5834]  ? __mod_zone_page_state+0xd7/0x140
[  272.265678][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.265705][ T5834]  ? folios_put_refs+0x58b/0x670
[  272.265746][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.265774][ T5834]  ? __lock_acquire+0xab9/0xd20
[  272.265808][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.265836][ T5834]  ? do_raw_spin_lock+0x121/0x290
[  272.265877][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.265909][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.265936][ T5834]  ? do_raw_spin_unlock+0x122/0x240
[  272.265971][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  272.266008][ T5834]  do_writepages+0x32e/0x550
[  272.266044][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.266076][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.266104][ T5834]  ? do_raw_spin_unlock+0x122/0x240
[  272.266143][ T5834]  filemap_fdatawrite+0x199/0x240
[  272.266176][ T5834]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  272.266256][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.266289][ T5834]  ? do_raw_spin_unlock+0x122/0x240
[  272.266337][ T5834]  f2fs_sync_dirty_inodes+0x31f/0x830
[  272.266393][ T5834]  f2fs_write_checkpoint+0x93e/0x2440
[  272.266430][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.266457][ T5834]  ? __lock_acquire+0xab9/0xd20
[  272.266514][ T5834]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  272.266617][ T5834]  kill_f2fs_super+0x2cc/0x6d0
[  272.266655][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.266689][ T5834]  ? __pfx_kill_f2fs_super+0x10/0x10
[  272.266747][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.266774][ T5834]  ? shrinker_free+0x2ce/0x3e0
[  272.266804][ T5834]  deactivate_locked_super+0xbc/0x130
[  272.266837][ T5834]  cleanup_mnt+0x425/0x4c0
[  272.266863][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.266890][ T5834]  ? lockdep_hardirqs_on+0x9c/0x150
[  272.266931][ T5834]  task_work_run+0x1d4/0x260
[  272.266973][ T5834]  ? __pfx_task_work_run+0x10/0x10
[  272.267007][ T5834]  ? __x64_sys_umount+0x122/0x160
[  272.267047][ T5834]  ? exit_to_user_mode_loop+0x40/0x130
[  272.267076][ T5834]  exit_to_user_mode_loop+0xe9/0x130
[  272.267101][ T5834]  do_syscall_64+0x2bd/0x3b0
[  272.267122][ T5834]  ? lockdep_hardirqs_on+0x9c/0x150
[  272.267157][ T5834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.267180][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.267208][ T5834]  ? exc_page_fault+0x9f/0xf0
[  272.267245][ T5834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.267269][ T5834] RIP: 0033:0x7f4cf1d901f7
[  272.267291][ T5834] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  272.267316][ T5834] RSP: 002b:00007ffe451631e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  272.267341][ T5834] RAX: 0000000000000000 RBX: 00007f4cf1e11d7d RCX: 00007f4cf1d901f7
[  272.267358][ T5834] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe451632a0
[  272.267373][ T5834] RBP: 00007ffe451632a0 R08: 0000000000000000 R09: 0000000000000000
[  272.267389][ T5834] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe45164330
[  272.267405][ T5834] R13: 00007f4cf1e11d7d R14: 0000000000042683 R15: 00007ffe45164370
[  272.267442][ T5834]  </TASK>
[  272.670073][    C0] vkms_vblank_simulate: vblank timer overrun
[  272.686596][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  272.723483][ T5834] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  272.834364][   T30] audit: type=1326 audit(1759578426.291:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5599f8eec9 code=0x7ffc0000
[  272.872296][   T30] audit: type=1326 audit(1759578426.331:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5599f8eec9 code=0x7ffc0000
[  272.902654][   T30] audit: type=1326 audit(1759578426.341:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5599f8eec9 code=0x7ffc0000
[  272.927569][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  272.936015][   T30] audit: type=1326 audit(1759578426.341:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5599f8eec9 code=0x7ffc0000
[  272.966153][   T30] audit: type=1326 audit(1759578426.341:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5599f8eec9 code=0x7ffc0000
[  272.988416][    C0] vkms_vblank_simulate: vblank timer overrun
[  273.001803][   T30] audit: type=1326 audit(1759578426.351:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5599f8eec9 code=0x7ffc0000
[  273.024048][    C0] vkms_vblank_simulate: vblank timer overrun
[  273.039093][   T30] audit: type=1326 audit(1759578426.431:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5599f8eec9 code=0x7ffc0000
[  273.061014][   T44] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  273.062587][   T30] audit: type=1326 audit(1759578426.471:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.0.1572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5599f85d67 code=0x7ffc0000
[  273.091019][    C0] vkms_vblank_simulate: vblank timer overrun
[  273.305310][    T9] usb 2-1: device not accepting address 10, error -71
[  273.367271][T10191] loop2: detected capacity change from 0 to 8
[  273.384615][T10191] SQUASHFS error: zlib decompression failed, data probably corrupt
[  273.393458][T10191] SQUASHFS error: Failed to read block 0x13e: -5
[  273.400274][T10191] SQUASHFS error: Unable to read metadata cache entry [13c]
[  273.409217][T10191] SQUASHFS error: Unable to read directory block [13c:26]
[  273.632266][ T5982] IPVS: starting estimator thread 0...
[  273.632779][T10201] Falling back ldisc for ptm0.
[  273.641701][T10206] IPVS: wlc: SCTP 172.20.20.187:0 - no destination available
[  273.725375][T10207] IPVS: using max 23 ests per chain, 55200 per kthread
[  273.792267][T10209] batadv1: entered promiscuous mode
[  273.800244][T10209] batadv1: entered allmulticast mode
[  273.809665][T10211] loop2: detected capacity change from 0 to 16
[  273.823749][T10211] erofs (device loop2): mounted with root inode @ nid 36.
[  273.840551][T10213] loop4: detected capacity change from 0 to 128
[  273.845904][T10211] syz.2.1588: attempt to access beyond end of device
[  273.845904][T10211] loop2: rw=0, sector=48, nr_sectors = 16 limit=16
[  273.863396][T10211] erofs (device loop2): read error -5 @ 43 of nid 36
[  273.873088][T10213] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  273.875121][T10211] syz.2.1588: attempt to access beyond end of device
[  273.875121][T10211] loop2: rw=0, sector=48, nr_sectors = 16 limit=16
[  273.888316][T10213] ext4 filesystem being mounted at /246/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  273.898793][T10211] erofs (device loop2): read error -5 @ 43 of nid 36
[  273.985072][ T5834] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  274.070357][T10219] loop2: detected capacity change from 0 to 64
[  274.079239][T10219] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
[  274.202178][ T5836] Bluetooth: hci5: link tx timeout
[  274.209181][ T5836] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  274.218557][ T5836] Bluetooth: hci5: link tx timeout
[  274.223675][ T5836] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  274.675592][   T44] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  274.714813][T10248] loop2: detected capacity change from 0 to 128
[  274.736191][T10248] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  274.755389][T10248] hpfs: filesystem error: improperly stopped
[  274.761466][T10248] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  274.775555][T10248] hpfs: You really don't want any checks? You are crazy...
[  274.784041][T10248] hpfs: hpfs_map_sector(): read error
[  274.793324][T10248] hpfs: code page support is disabled
[  274.801434][T10248] hpfs: hpfs_map_4sectors(): unaligned read
[  274.821528][T10248] hpfs: hpfs_map_4sectors(): unaligned read
[  274.831016][T10248] hpfs: filesystem error: unable to find root dir
[  274.845433][   T44] usb 5-1: Using ep0 maxpacket: 32
[  274.854541][   T44] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  274.871275][T10248] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at trim
[  274.871299][   T44] usb 5-1: config 0 has no interface number 0
[  274.898353][   T44] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  274.907901][T10248] 
[  274.912309][T10254] netlink: 'syz.0.1605': attribute type 1 has an invalid length.
[  274.929025][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.942872][T10254] netlink: 'syz.0.1605': attribute type 1 has an invalid length.
[  274.959239][   T44] usb 5-1: Product: syz
[  274.967723][   T44] usb 5-1: Manufacturer: syz
[  274.974668][   T44] usb 5-1: SerialNumber: syz
[  274.979433][T10254] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1605'.
[  274.996965][T10254] netlink: 'syz.0.1605': attribute type 1 has an invalid length.
[  275.001248][   T44] usb 5-1: config 0 descriptor??
[  275.013660][   T44] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  275.020494][T10254] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1605'.
[  275.041881][   T44] usb 5-1: selecting invalid altsetting 1
[  275.051413][   T44] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  275.070802][   T44] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  275.092292][   T44] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  275.110872][   T44] usb 5-1: media controller created
[  275.202858][   T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  275.406479][T10276] loop0: detected capacity change from 0 to 512
[  275.425285][T10276] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  275.449206][T10276] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  275.473730][   T44] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  275.484811][   T44] zl10353_read_register: readreg error (reg=127, ret==-71)
[  275.494098][   T44] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  275.501614][T10276] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[  275.536865][T10276] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  275.545074][T10276] System zones: 0-2, 18-18, 34-35
[  275.553930][T10276] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  275.556222][T10284] netlink: 'syz.3.1620': attribute type 1 has an invalid length.
[  275.633919][T10283] loop2: detected capacity change from 0 to 4096
[  275.639043][   T44] usb 5-1: USB disconnect, device number 6
[  275.644364][ T5833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.663092][T10283] NILFS (loop2): invalid segment: Inconsistency found
[  275.698242][T10283] NILFS (loop2): trying rollback from an earlier position
[  275.756374][T10283] NILFS (loop2): recovery complete
[  275.775031][T10287] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  275.948534][T10291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1623'.
[  275.986241][T10291] dummy0: entered promiscuous mode
[  276.004508][T10291] dummy0: left promiscuous mode
[  276.235254][ T5836] Bluetooth: hci5: command 0x0405 tx timeout
[  276.870311][T10313] loop2: detected capacity change from 0 to 1024
[  277.109295][T10320] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1637'.
[  277.596526][   T56] block nbd0: Possible stuck request ffff888024ef7000: control (read@0,1024B). Runtime 120 seconds
[  277.608596][   T56] block nbd0: Possible stuck request ffff888024ef71c0: control (read@1024,1024B). Runtime 120 seconds
[  277.619727][   T56] block nbd0: Possible stuck request ffff888024ef7380: control (read@2048,1024B). Runtime 120 seconds
[  277.630831][   T56] block nbd0: Possible stuck request ffff888024ef7540: control (read@3072,1024B). Runtime 120 seconds
[  278.244425][T10328] loop1: detected capacity change from 0 to 32768
[  278.263956][T10328] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1641 (10328)
[  278.303125][T10328] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  278.313564][T10328] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  278.397640][ T5836] Bluetooth: hci5: command 0x0405 tx timeout
[  278.532013][T10328] BTRFS info (device loop1): enabling ssd optimizations
[  278.552922][T10328] BTRFS info (device loop1): enabling free space tree
[  278.711848][T10393] loop0: detected capacity change from 0 to 2048
[  278.712631][ T5837] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  278.816628][T10393] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  279.625378][T10393] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  279.675413][T10393] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  279.747321][T10393] EXT4-fs (loop0): This should not happen!! Data will be lost
[  279.747321][T10393] 
[  279.766575][T10437] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1682'.
[  279.775225][T10393] EXT4-fs (loop0): Total free blocks count 0
[  279.781508][T10393] EXT4-fs (loop0): Free/Dirty block details
[  279.813743][T10393] EXT4-fs (loop0): free_blocks=2415919104
[  279.845309][T10393] EXT4-fs (loop0): dirty_blocks=3168
[  279.850639][T10393] EXT4-fs (loop0): Block reservation details
[  279.885292][T10393] EXT4-fs (loop0): i_reserved_data_blocks=198
[  280.187521][   T36] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1104 with error 28
[  280.730117][T10460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1693'.
[  280.772889][T10428] loop4: detected capacity change from 0 to 32768
[  280.875458][T10428] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  281.072072][T10480] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1699'.
[  281.287815][T10488] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  281.333806][T10428] XFS (loop4): Ending clean mount
[  281.355965][T10428] XFS (loop4): Quotacheck needed: Please wait.
[  281.445317][T10428] XFS (loop4): Quotacheck: Done.
[  281.624152][ T5834] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  281.942185][T10504] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  282.199713][T10509] loop4: detected capacity change from 0 to 1024
[  282.213413][T10485] loop0: detected capacity change from 0 to 32768
[  282.398857][   T12] hfsplus: b-tree write err: -5, ino 4
[  282.406209][T10445] loop5: detected capacity change from 0 to 40427
[  282.415721][T10516] loop1: detected capacity change from 0 to 2048
[  282.454098][T10445] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  282.486557][T10445] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  282.486620][T10520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1721'.
[  282.508100][T10516] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  282.713023][T10530] loop4: detected capacity change from 0 to 128
[  282.736558][   T30] kauditd_printk_skb: 186 callbacks suppressed
[  282.736580][   T30] audit: type=1326 audit(1759578436.191:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1dab8eec9 code=0x7ffc0000
[  282.801367][T10531] loop2: detected capacity change from 0 to 512
[  282.808040][   T30] audit: type=1326 audit(1759578436.191:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1dab8eec9 code=0x7ffc0000
[  282.832320][T10530] FAT-fs (loop4): Directory bread(block 414) failed
[  282.847882][T10530] FAT-fs (loop4): Directory bread(block 415) failed
[  282.854506][T10530] FAT-fs (loop4): Directory bread(block 416) failed
[  282.870497][T10445] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  282.895524][T10530] FAT-fs (loop4): Directory bread(block 417) failed
[  282.902254][   T30] audit: type=1326 audit(1759578436.231:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe1dab8eec9 code=0x7ffc0000
[  282.928396][T10530] FAT-fs (loop4): Directory bread(block 418) failed
[  282.947542][T10530] FAT-fs (loop4): Directory bread(block 419) failed
[  282.954680][T10530] FAT-fs (loop4): Directory bread(block 420) failed
[  282.967720][T10531] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  282.980657][T10531] ext4 filesystem being mounted at /302/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  282.998809][T10530] FAT-fs (loop4): Directory bread(block 421) failed
[  283.006068][   T30] audit: type=1326 audit(1759578436.231:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe1dab8ef03 code=0x7ffc0000
[  283.028237][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.036655][   T30] audit: type=1326 audit(1759578436.231:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe1dab8d97f code=0x7ffc0000
[  283.058812][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.067063][   T30] audit: type=1326 audit(1759578436.261:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fe1dab8ef57 code=0x7ffc0000
[  283.105314][T10540] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1727'.
[  283.114504][T10540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1727'.
[  283.134738][   T30] audit: type=1326 audit(1759578436.261:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe1dab8d710 code=0x7ffc0000
[  283.139019][T10530] FAT-fs (loop4): FAT read failed (blocknr 128)
[  283.221591][   T30] audit: type=1326 audit(1759578436.261:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe1dab8eacb code=0x7ffc0000
[  283.243892][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.259147][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.261614][T10545] program syz.0.1720 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  283.309987][   T30] audit: type=1326 audit(1759578436.301:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe1dab8db2a code=0x7ffc0000
[  283.385283][   T30] audit: type=1326 audit(1759578436.301:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10528 comm="syz.2.1726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe1dab8db2a code=0x7ffc0000
[  284.687464][T10578] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1744'.
[  284.733217][T10578] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1744'.
[  284.775505][T10578] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1744'.
[  284.837205][T10578] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1744'.
[  284.875237][T10578] netlink: 'syz.4.1744': attribute type 6 has an invalid length.
[  285.347043][   T44] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  285.516801][   T44] usb 1-1: Using ep0 maxpacket: 16
[  285.529362][   T44] usb 1-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  285.541316][   T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.543044][T10615] netlink: 'syz.4.1761': attribute type 1 has an invalid length.
[  285.559686][   T44] usb 1-1: Product: syz
[  285.563858][   T44] usb 1-1: Manufacturer: syz
[  285.575243][   T44] usb 1-1: SerialNumber: syz
[  285.589710][   T44] usb 1-1: config 0 descriptor??
[  285.604830][   T44] ums-onetouch 1-1:0.0: USB Mass Storage device detected
[  285.816620][T10626] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  285.839755][ T5982] usb 1-1: USB disconnect, device number 11
[  285.858434][T10626] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  285.874133][T10626] overlayfs: failed to get uuid (300/file0, err=-13); falling back to uuid=null.
[  286.375260][ T5907] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  286.556367][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  286.568032][T10648] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  286.580923][ T5907] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.593264][ T5907] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.644564][ T5907] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  286.665705][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.722146][T10654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1778'.
[  286.740321][T10654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1778'.
[  286.741627][ T5907] hub 6-1:4.0: USB hub found
[  286.953881][ T5907] hub 6-1:4.0: config failed, can't read hub descriptor (err -90)
[  286.974979][T10663] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1782'.
[  286.982181][T10665] loop1: detected capacity change from 0 to 64
[  287.218367][T10671] netlink: 'syz.0.1786': attribute type 25 has an invalid length.
[  287.258894][T10671] netlink: 'syz.0.1786': attribute type 8 has an invalid length.
[  287.388771][T10676] loop4: detected capacity change from 0 to 1024
[  287.396039][ T5907] hid-generic 0003:046D:C31C.0010: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.5-1/input0
[  287.537696][   T76] hfsplus: b-tree write err: -5, ino 4
[  287.668139][T10686] netlink: 'syz.4.1794': attribute type 39 has an invalid length.
[  287.738774][ T5938] usb 6-1: USB disconnect, device number 11
[  287.950654][T10667] loop2: detected capacity change from 0 to 40427
[  287.968217][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  287.983687][T10667] F2FS-fs (loop2): Wrong segment_count / block_count (31 > 0)
[  287.999667][T10667] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  288.050505][T10667] F2FS-fs (loop2): invalid crc value
[  288.126776][    T9] usb 2-1: Using ep0 maxpacket: 16
[  288.137388][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.165604][    T9] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  288.195259][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.228327][    T9] usb 2-1: config 0 descriptor??
[  288.236240][T10667] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  288.260865][T10667] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  288.268130][T10667] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  288.275828][ T5982] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  288.346839][T10707] loop4: detected capacity change from 0 to 512
[  288.355744][T10707] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  288.391178][T10707] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1803: bg 0: block 104: invalid block bitmap
[  288.422232][T10707] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  288.427109][ T5982] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.441402][T10707] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1803: invalid indirect mapped block 1 (level 1)
[  288.445286][ T5982] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  288.467074][ T5982] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  288.477074][ T5982] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.499103][ T5982] usb 1-1: config 0 descriptor??
[  288.507927][T10707] EXT4-fs (loop4): 1 truncate cleaned up
[  288.526497][T10707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.594145][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.670395][    T9] mcp2221 0003:04D8:00DD.0011: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  288.879489][ T5929] usb 2-1: USB disconnect, device number 12
[  288.923455][ T5982] hid-steam 0003:28DE:1142.0012: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  289.035310][ T5982] hid-steam 0003:28DE:1142.0012: Steam wireless receiver connected
[  289.082763][ T5982] hid-steam 0003:28DE:1142.0013: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  289.126416][ T5982] usb 1-1: USB disconnect, device number 12
[  289.150146][ T5982] hid-steam 0003:28DE:1142.0012: Steam wireless receiver disconnected
[  289.496281][T10741] netlink: 'syz.2.1818': attribute type 1 has an invalid length.
[  289.528044][T10741] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  289.582264][T10743] loop5: detected capacity change from 0 to 1024
[  289.641028][T10743] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  289.745583][T10743] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  289.801561][T10729] loop4: detected capacity change from 0 to 40427
[  289.810535][T10743] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  289.825397][T10743] EXT4-fs (loop5): This should not happen!! Data will be lost
[  289.825397][T10743] 
[  289.835128][T10729] F2FS-fs (loop4): build fault injection rate: 14
[  289.855813][ T5929] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  289.863546][T10729] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  289.876406][T10729] F2FS-fs (loop4): invalid crc value
[  289.882878][T10743] EXT4-fs (loop5): Total free blocks count 0
[  289.889673][T10743] EXT4-fs (loop5): Free/Dirty block details
[  289.890640][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  289.897756][T10743] EXT4-fs (loop5): free_blocks=68451041280
[  289.917538][T10760] binder: 10754:10760 ioctl c018620c 200000000100 returned -1
[  289.924292][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  289.950304][T10743] EXT4-fs (loop5): dirty_blocks=32
[  289.968075][T10743] EXT4-fs (loop5): Block reservation details
[  289.974695][T10743] EXT4-fs (loop5): i_reserved_data_blocks=2
[  290.037689][ T5929] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  290.045842][ T5929] usb 2-1: config 0 has no interface number 0
[  290.054813][ T5929] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  290.065297][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.073326][ T5929] usb 2-1: Product: syz
[  290.090670][ T5929] usb 2-1: Manufacturer: syz
[  290.102290][ T3584] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28
[  290.113415][T10766] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  290.117332][T10729] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  290.133848][ T5929] usb 2-1: SerialNumber: syz
[  290.142599][ T5929] usb 2-1: config 0 descriptor??
[  290.149539][T10729] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  290.165452][T10729] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  290.196477][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  290.272374][T10729] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  290.295922][T10729] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_write_inline_data+0x9b/0x790
[  290.322601][T10729] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  290.364664][ T5929] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  290.387433][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  290.397554][ T5929] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  290.402614][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.426999][    T9] usb 4-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  290.436363][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.445151][ T5929] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  290.453543][ T5929] usb 2-1: media controller created
[  290.454607][    T9] usb 4-1: config 0 descriptor??
[  290.464777][ T5834] syz-executor: attempt to access beyond end of device
[  290.464777][ T5834] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  290.505359][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  290.505395][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  290.505411][ T5834] Call Trace:
[  290.505421][ T5834]  <TASK>
[  290.505431][ T5834]  dump_stack_lvl+0x189/0x250
[  290.505471][ T5834]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.505501][ T5834]  ? __pfx_queue_work_on+0x10/0x10
[  290.505528][ T5834]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  290.505559][ T5834]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  290.505600][ T5834]  f2fs_handle_critical_error+0x37c/0x540
[  290.505636][ T5834]  f2fs_write_end_io+0x886/0xb60
[  290.505688][ T5834]  __submit_merged_bio+0x27a/0x6a0
[  290.505728][ T5834]  __submit_merged_write_cond+0x255/0x530
[  290.505765][ T5834]  f2fs_write_data_pages+0x261d/0x3000
[  290.505840][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.505927][ T5834]  ? __mod_zone_page_state+0xd7/0x140
[  290.505973][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.506002][ T5834]  ? folios_put_refs+0x58b/0x670
[  290.506041][ T5834]  ? __pfx_folios_put_refs+0x10/0x10
[  290.506066][ T5834]  ? rcu_is_watching+0x15/0xb0
[  290.506106][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.506134][ T5834]  ? __lock_acquire+0xab9/0xd20
[  290.506179][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.506217][ T5834]  do_writepages+0x32e/0x550
[  290.506254][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.506286][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.506314][ T5834]  ? do_raw_spin_unlock+0x122/0x240
[  290.506366][ T5834]  filemap_fdatawrite+0x199/0x240
[  290.506400][ T5834]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  290.506481][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.506515][ T5834]  ? do_raw_spin_unlock+0x122/0x240
[  290.506555][ T5834]  f2fs_sync_dirty_inodes+0x31f/0x830
[  290.506612][ T5834]  f2fs_write_checkpoint+0x93e/0x2440
[  290.506649][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.506676][ T5834]  ? __lock_acquire+0xab9/0xd20
[  290.506735][ T5834]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  290.506841][ T5834]  kill_f2fs_super+0x2cc/0x6d0
[  290.506879][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.506914][ T5834]  ? __pfx_kill_f2fs_super+0x10/0x10
[  290.506972][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.507000][ T5834]  ? shrinker_free+0x2ce/0x3e0
[  290.507031][ T5834]  deactivate_locked_super+0xbc/0x130
[  290.507065][ T5834]  cleanup_mnt+0x425/0x4c0
[  290.507093][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.507120][ T5834]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.507162][ T5834]  task_work_run+0x1d4/0x260
[  290.507203][ T5834]  ? __pfx_task_work_run+0x10/0x10
[  290.507237][ T5834]  ? __x64_sys_umount+0x122/0x160
[  290.507278][ T5834]  ? exit_to_user_mode_loop+0x40/0x130
[  290.507308][ T5834]  exit_to_user_mode_loop+0xe9/0x130
[  290.507333][ T5834]  do_syscall_64+0x2bd/0x3b0
[  290.507359][ T5834]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.507395][ T5834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.507418][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.507446][ T5834]  ? exc_page_fault+0x9f/0xf0
[  290.507483][ T5834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.507508][ T5834] RIP: 0033:0x7f4cf1d901f7
[  290.507530][ T5834] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  290.507551][ T5834] RSP: 002b:00007ffe451631e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  290.507577][ T5834] RAX: 0000000000000000 RBX: 00007f4cf1e11d7d RCX: 00007f4cf1d901f7
[  290.507594][ T5834] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe451632a0
[  290.507610][ T5834] RBP: 00007ffe451632a0 R08: 0000000000000000 R09: 0000000000000000
[  290.507627][ T5834] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe45164330
[  290.507643][ T5834] R13: 00007f4cf1e11d7d R14: 0000000000046e17 R15: 00007ffe45164370
[  290.507683][ T5834]  </TASK>
[  290.508065][ T5834] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  290.906604][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  290.963374][    T9] hid-led 0003:04D8:F372.0014: hidraw0: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.3-1/input0
[  290.975901][ T5929] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  291.096533][ T5929] usb 2-1: USB disconnect, device number 13
[  291.097144][    T9] hid-led 0003:04D8:F372.0014: Greynut Luxafor initialized
[  291.112221][T10782] loop2: detected capacity change from 0 to 512
[  291.156514][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  291.156538][   T30] audit: type=1800 audit(1759578444.621:264): pid=10782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1835" name="file2" dev="loop2" ino=1048663 res=0 errno=0
[  291.168467][T10782] FAT-fs (loop2): error, corrupted file size (i_pos 51, 9216)
[  291.204820][    T9] usb 4-1: USB disconnect, device number 17
[  291.228514][T10782] FAT-fs (loop2): Filesystem has been set read-only
[  291.240100][ T3584] leds luxafor0:blue:led5: Setting an LED's brightness failed (-38)
[  291.255019][T10785] FAT-fs (loop2): error, corrupted file size (i_pos 51, 8960)
[  291.273540][   T12] leds luxafor0:green:led5: Setting an LED's brightness failed (-38)
[  291.300376][   T12] leds luxafor0:red:led5: Setting an LED's brightness failed (-38)
[  291.337324][   T12] leds luxafor0:blue:led4: Setting an LED's brightness failed (-38)
[  291.380534][ T3584] leds luxafor0:green:led4: Setting an LED's brightness failed (-38)
[  291.400946][ T3584] leds luxafor0:red:led4: Setting an LED's brightness failed (-38)
[  291.433321][ T3584] leds luxafor0:blue:led3: Setting an LED's brightness failed (-38)
[  291.467227][ T3584] leds luxafor0:green:led3: Setting an LED's brightness failed (-38)
[  291.488027][   T37] leds luxafor0:red:led3: Setting an LED's brightness failed (-38)
[  291.505557][T10791] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.1839'.
[  291.514944][   T12] leds luxafor0:blue:led2: Setting an LED's brightness failed (-38)
[  291.571771][   T12] leds luxafor0:green:led2: Setting an LED's brightness failed (-38)
[  291.592470][ T3584] leds luxafor0:red:led2: Setting an LED's brightness failed (-38)
[  291.647934][ T3584] leds luxafor0:blue:led1: Setting an LED's brightness failed (-38)
[  291.686535][ T3584] leds luxafor0:green:led1: Setting an LED's brightness failed (-38)
[  291.707484][   T37] leds luxafor0:red:led1: Setting an LED's brightness failed (-38)
[  291.737144][   T37] leds luxafor0:blue:led0: Setting an LED's brightness failed (-38)
[  291.778597][   T37] leds luxafor0:green:led0: Setting an LED's brightness failed (-38)
[  291.819961][T10774] loop5: detected capacity change from 0 to 40427
[  291.827706][   T37] leds luxafor0:red:led0: Setting an LED's brightness failed (-38)
[  291.865356][T10774] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  291.893923][T10774] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  292.025621][T10804] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1844'.
[  292.081113][T10804] netem: unknown loss type 0
[  292.114874][T10804] netem: change failed
[  292.123834][T10774] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  292.204747][T10774] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  292.220586][T10774] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  292.771902][T10793] loop1: detected capacity change from 0 to 40427
[  292.794630][T10793] F2FS-fs (loop1): invalid crc value
[  292.920511][T10793] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  292.947197][T10793] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  293.023290][   T30] audit: type=1800 audit(1759578446.481:265): pid=10793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1840" name="bus" dev="loop1" ino=10 res=0 errno=0
[  293.218274][ T5837] syz-executor: attempt to access beyond end of device
[  293.218274][ T5837] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  293.242113][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  293.242149][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  293.242165][ T5837] Call Trace:
[  293.242175][ T5837]  <TASK>
[  293.242185][ T5837]  dump_stack_lvl+0x189/0x250
[  293.242229][ T5837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.242260][ T5837]  ? __pfx_queue_work_on+0x10/0x10
[  293.242288][ T5837]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  293.242325][ T5837]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  293.242377][ T5837]  f2fs_handle_critical_error+0x37c/0x540
[  293.242423][ T5837]  f2fs_write_end_io+0x886/0xb60
[  293.242487][ T5837]  __submit_merged_bio+0x27a/0x6a0
[  293.242530][ T5837]  __submit_merged_write_cond+0x255/0x530
[  293.242577][ T5837]  f2fs_write_data_pages+0x261d/0x3000
[  293.242616][ T5837]  ? __lock_acquire+0xab9/0xd20
[  293.242690][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  293.242791][ T5837]  ? __mod_zone_page_state+0xd7/0x140
[  293.242840][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.242870][ T5837]  ? folios_put_refs+0x58b/0x670
[  293.242916][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.242943][ T5837]  ? __lock_acquire+0xab9/0xd20
[  293.242980][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243008][ T5837]  ? do_raw_spin_lock+0x121/0x290
[  293.243050][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243084][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243111][ T5837]  ? do_raw_spin_unlock+0x122/0x240
[  293.243148][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  293.243187][ T5837]  do_writepages+0x32e/0x550
[  293.243227][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243262][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243290][ T5837]  ? do_raw_spin_unlock+0x122/0x240
[  293.243334][ T5837]  filemap_fdatawrite+0x199/0x240
[  293.243366][ T5837]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  293.243463][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243499][ T5837]  ? do_raw_spin_unlock+0x122/0x240
[  293.243542][ T5837]  f2fs_sync_dirty_inodes+0x31f/0x830
[  293.243610][ T5837]  f2fs_write_checkpoint+0x93e/0x2440
[  293.243648][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243676][ T5837]  ? __lock_acquire+0xab9/0xd20
[  293.243745][ T5837]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  293.243868][ T5837]  kill_f2fs_super+0x2cc/0x6d0
[  293.243907][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.243943][ T5837]  ? __pfx_kill_f2fs_super+0x10/0x10
[  293.244007][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.244033][ T5837]  ? shrinker_free+0x2ce/0x3e0
[  293.244065][ T5837]  deactivate_locked_super+0xbc/0x130
[  293.244101][ T5837]  cleanup_mnt+0x425/0x4c0
[  293.244129][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.244157][ T5837]  ? lockdep_hardirqs_on+0x9c/0x150
[  293.244202][ T5837]  task_work_run+0x1d4/0x260
[  293.244244][ T5837]  ? __pfx_task_work_run+0x10/0x10
[  293.244279][ T5837]  ? __x64_sys_umount+0x122/0x160
[  293.244321][ T5837]  ? exit_to_user_mode_loop+0x40/0x130
[  293.244354][ T5837]  exit_to_user_mode_loop+0xe9/0x130
[  293.244380][ T5837]  do_syscall_64+0x2bd/0x3b0
[  293.244402][ T5837]  ? lockdep_hardirqs_on+0x9c/0x150
[  293.244437][ T5837]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.244461][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.244488][ T5837]  ? exc_page_fault+0x9f/0xf0
[  293.244528][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.244560][ T5837] RIP: 0033:0x7f7a225901f7
[  293.244582][ T5837] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  293.244616][ T5837] RSP: 002b:00007ffe23761538 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  293.244642][ T5837] RAX: 0000000000000000 RBX: 00007f7a22611d7d RCX: 00007f7a225901f7
[  293.244660][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe237615f0
[  293.244676][ T5837] RBP: 00007ffe237615f0 R08: 0000000000000000 R09: 0000000000000000
[  293.244692][ T5837] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe23762680
[  293.244709][ T5837] R13: 00007f7a22611d7d R14: 0000000000047899 R15: 00007ffe237626c0
[  293.244756][ T5837]  </TASK>
[  293.245115][ T5837] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  293.894743][T10841] loop0: detected capacity change from 0 to 2048
[  293.999083][T10846] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  294.029036][T10849] netlink: 'syz.2.1863': attribute type 2 has an invalid length.
[  294.141774][   T30] audit: type=1800 audit(1759578447.601:266): pid=10841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1860" name="file1" dev="loop0" ino=15 res=0 errno=0
[  294.436022][   T30] audit: type=1326 audit(1759578447.891:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10859 comm="syz.3.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8558eec9 code=0x7ffc0000
[  294.519142][   T30] audit: type=1326 audit(1759578447.891:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10859 comm="syz.3.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8558eec9 code=0x7ffc0000
[  294.597784][   T30] audit: type=1326 audit(1759578447.931:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10859 comm="syz.3.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7fcd8558eec9 code=0x7ffc0000
[  294.652092][   T30] audit: type=1326 audit(1759578447.931:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10859 comm="syz.3.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8558eec9 code=0x7ffc0000
[  294.706325][T10873] loop1: detected capacity change from 0 to 512
[  294.718508][   T30] audit: type=1326 audit(1759578447.931:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10859 comm="syz.3.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8558eec9 code=0x7ffc0000
[  294.778676][T10875] loop5: detected capacity change from 0 to 256
[  294.787761][T10873] EXT4-fs: Ignoring removed nomblk_io_submit option
[  294.801665][   T30] audit: type=1326 audit(1759578447.931:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10859 comm="syz.3.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcd8558eec9 code=0x7ffc0000
[  294.854172][T10873] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  294.867606][   T30] audit: type=1326 audit(1759578447.931:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10859 comm="syz.3.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8558eec9 code=0x7ffc0000
[  294.905717][T10873] EXT4-fs (loop1): 1 truncate cleaned up
[  294.933839][T10873] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.038119][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.260294][T10896] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  295.344611][T10899] Attempt to restore checkpoint with obsolete wellknown handles
[  295.391186][T10903] loop1: detected capacity change from 0 to 64
[  295.593839][T10907] 8021q: adding VLAN 0 to HW filter on device batadv1
[  295.604202][T10907] team0: Port device batadv1 added
[  295.662554][T10913] loop1: detected capacity change from 0 to 1024
[  295.767946][T10913] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  295.831869][T10924] loop2: detected capacity change from 0 to 512
[  295.846374][T10924] EXT4-fs: Ignoring removed bh option
[  295.893108][T10924] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  295.949859][T10924] EXT4-fs (loop2): 1 truncate cleaned up
[  295.989864][T10924] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  296.014131][T10925] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  296.082741][T10925] EXT4-fs (loop1): Remounting filesystem read-only
[  296.183427][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.196871][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.275383][ T5891] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  296.438442][T10923] loop4: detected capacity change from 0 to 40427
[  296.446058][ T5891] usb 4-1: too many configurations: 248, using maximum allowed: 8
[  296.457524][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.465760][ T5891] usb 4-1: config 0 has no interface number 0
[  296.467105][T10923] F2FS-fs (loop4): Wrong segment_count / block_count (31 > 0)
[  296.480251][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.497269][T10923] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  296.507313][ T5891] usb 4-1: config 0 has no interface number 0
[  296.509634][T10923] F2FS-fs (loop4): invalid crc value
[  296.525065][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.555683][ T5891] usb 4-1: config 0 has no interface number 0
[  296.566914][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.574946][ T5891] usb 4-1: config 0 has no interface number 0
[  296.609662][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.628316][ T5891] usb 4-1: config 0 has no interface number 0
[  296.640036][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.658433][ T5891] usb 4-1: config 0 has no interface number 0
[  296.679877][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.699331][ T5891] usb 4-1: config 0 has no interface number 0
[  296.720432][ T5891] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  296.737288][ T5891] usb 4-1: config 0 has no interface number 0
[  296.758613][ T5891] usb 4-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59
[  296.793434][T10923] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  296.794721][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=34
[  296.851846][ T5891] usb 4-1: SerialNumber: syz
[  296.868509][T10923] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  296.880259][ T5891] usb 4-1: config 0 descriptor??
[  296.905661][T10923] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  296.909402][ T5891] hub 4-1:0.3: Invalid hub with more than one config or interface
[  296.935652][ T5891] hub 4-1:0.3: probe with driver hub failed with error -22
[  296.956639][ T5891] sierra 4-1:0.3: Sierra USB modem converter detected
[  297.045804][T10958] loop2: detected capacity change from 0 to 1024
[  297.095160][T10958] hfsplus: bad catalog entry type
[  297.104893][T10963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1909'.
[  297.138498][ T5891] usb 4-1: Sierra USB modem converter now attached to ttyUSB0
[  297.175725][ T5891] usb 4-1: USB disconnect, device number 18
[  297.195731][ T5891] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  297.207781][ T5891] sierra 4-1:0.3: device disconnected
[  297.207854][   T12] hfsplus: b-tree write err: -5, ino 4
[  297.244324][ T5834] syz-executor: attempt to access beyond end of device
[  297.244324][ T5834] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  297.305378][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  297.305417][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  297.305434][ T5834] Call Trace:
[  297.305445][ T5834]  <TASK>
[  297.305457][ T5834]  dump_stack_lvl+0x189/0x250
[  297.305501][ T5834]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.305532][ T5834]  ? __pfx_queue_work_on+0x10/0x10
[  297.305570][ T5834]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  297.305605][ T5834]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  297.305652][ T5834]  f2fs_handle_critical_error+0x37c/0x540
[  297.305697][ T5834]  f2fs_write_end_io+0x886/0xb60
[  297.305758][ T5834]  __submit_merged_bio+0x27a/0x6a0
[  297.305801][ T5834]  __submit_merged_write_cond+0x255/0x530
[  297.305845][ T5834]  f2fs_write_data_pages+0x261d/0x3000
[  297.305927][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  297.305982][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.306012][ T5834]  ? is_bpf_text_address+0x292/0x2b0
[  297.306076][ T5834]  ? __mod_zone_page_state+0xd7/0x140
[  297.306125][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.306155][ T5834]  ? folios_put_refs+0x58b/0x670
[  297.306196][ T5834]  ? __pfx_folios_put_refs+0x10/0x10
[  297.306224][ T5834]  ? rcu_is_watching+0x15/0xb0
[  297.306267][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.306296][ T5834]  ? __lock_acquire+0xab9/0xd20
[  297.306346][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  297.306386][ T5834]  do_writepages+0x32e/0x550
[  297.306427][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.306462][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.306491][ T5834]  ? do_raw_spin_unlock+0x122/0x240
[  297.306535][ T5834]  filemap_fdatawrite+0x199/0x240
[  297.306578][ T5834]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  297.306667][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.306702][ T5834]  ? do_raw_spin_unlock+0x122/0x240
[  297.306746][ T5834]  f2fs_sync_dirty_inodes+0x31f/0x830
[  297.306807][ T5834]  f2fs_write_checkpoint+0x93e/0x2440
[  297.306846][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.306876][ T5834]  ? __lock_acquire+0xab9/0xd20
[  297.306939][ T5834]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  297.307052][ T5834]  kill_f2fs_super+0x2cc/0x6d0
[  297.307093][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.307131][ T5834]  ? __pfx_kill_f2fs_super+0x10/0x10
[  297.307193][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.307222][ T5834]  ? shrinker_free+0x2ce/0x3e0
[  297.307255][ T5834]  deactivate_locked_super+0xbc/0x130
[  297.307291][ T5834]  cleanup_mnt+0x425/0x4c0
[  297.307320][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.307349][ T5834]  ? lockdep_hardirqs_on+0x9c/0x150
[  297.307393][ T5834]  task_work_run+0x1d4/0x260
[  297.307438][ T5834]  ? __pfx_task_work_run+0x10/0x10
[  297.307474][ T5834]  ? __x64_sys_umount+0x122/0x160
[  297.307517][ T5834]  ? exit_to_user_mode_loop+0x40/0x130
[  297.307553][ T5834]  exit_to_user_mode_loop+0xe9/0x130
[  297.307580][ T5834]  do_syscall_64+0x2bd/0x3b0
[  297.307603][ T5834]  ? lockdep_hardirqs_on+0x9c/0x150
[  297.307640][ T5834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.307665][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  297.307694][ T5834]  ? exc_page_fault+0x9f/0xf0
[  297.307734][ T5834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.307760][ T5834] RIP: 0033:0x7f4cf1d901f7
[  297.307783][ T5834] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  297.307805][ T5834] RSP: 002b:00007ffe451631e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  297.307834][ T5834] RAX: 0000000000000000 RBX: 00007f4cf1e11d7d RCX: 00007f4cf1d901f7
[  297.307852][ T5834] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe451632a0
[  297.307868][ T5834] RBP: 00007ffe451632a0 R08: 0000000000000000 R09: 0000000000000000
[  297.307885][ T5834] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe45164330
[  297.307903][ T5834] R13: 00007f4cf1e11d7d R14: 00000000000488ba R15: 00007ffe45164370
[  297.307946][ T5834]  </TASK>
[  297.307956][ T5834] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  297.420840][T10970] loop2: detected capacity change from 0 to 512
[  297.723768][T10970] EXT4-fs: Ignoring removed orlov option
[  297.735248][T10970] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  297.762908][T10970] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  297.777279][T10970] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.1911: corrupted in-inode xattr: e_value size too large
[  297.800855][T10970] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1911: couldn't read orphan inode 15 (err -117)
[  297.886313][T10970] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  298.173997][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.295712][ T5907] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  298.344949][T10973] loop0: detected capacity change from 0 to 32768
[  298.401906][T10973] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  298.413031][T10989] loop2: detected capacity change from 0 to 4096
[  298.465579][ T5907] usb 6-1: Using ep0 maxpacket: 16
[  298.481560][ T5907] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  298.498349][T11005] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  298.501221][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.533020][ T5907] usb 6-1: Product: syz
[  298.553121][ T5907] usb 6-1: Manufacturer: syz
[  298.573656][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  298.573678][   T30] audit: type=1800 audit(1759578452.021:279): pid=10989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1921" name="file1" dev="loop2" ino=15 res=0 errno=0
[  298.600462][    C0] vkms_vblank_simulate: vblank timer overrun
[  298.615565][ T5907] usb 6-1: SerialNumber: syz
[  298.627039][T10973] XFS (loop0): Ending clean mount
[  298.638526][ T5907] usb 6-1: config 0 descriptor??
[  298.649864][T10973] XFS (loop0): Quotacheck needed: Please wait.
[  298.734818][T11010] loop4: detected capacity change from 0 to 1024
[  298.753639][T10973] XFS (loop0): Quotacheck: Done.
[  298.811782][   T30] audit: type=1800 audit(1759578452.271:280): pid=10973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1915" name="file1" dev="loop0" ino=6150 res=0 errno=0
[  298.868389][ T5833] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  299.015720][ T5891] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  299.041022][   T76] hfsplus: b-tree write err: -5, ino 4
[  299.066541][ T5907] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  299.082230][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  299.123787][ T5907] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  299.145320][ T5907] usb 6-1: media controller created
[  299.188830][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  299.191270][ T5891] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  299.216900][   T44] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  299.245057][ T5891] usb 2-1: config 0 has no interface number 0
[  299.261856][ T5891] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.280217][ T5891] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.291545][ T5891] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  299.300168][ T5907] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  299.310435][ T5891] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  299.323565][ T5907] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  299.341477][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.366803][ T5891] usb 2-1: config 0 descriptor??
[  299.399105][   T44] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  299.415487][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.436591][   T44] usb 3-1: config 0 descriptor??
[  299.447681][   T44] cp210x 3-1:0.0: cp210x converter detected
[  299.525883][T11028] program syz.4.1935 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  299.562234][ T5938] usb 6-1: USB disconnect, device number 12
[  299.632616][ T5938] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  299.847415][T11036] loop0: detected capacity change from 0 to 2048
[  299.856185][T11036] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  299.857614][   T44] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  299.904021][   T44] usb 3-1: cp210x converter now attached to ttyUSB0
[  299.905780][T11036] syz.0.1939: attempt to access beyond end of device
[  299.905780][T11036] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  299.910902][T11037] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  300.014674][ T5891] input: HID 28bd:0042 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0042.0015/input/input18
[  300.070570][ T5891] uclogic 0003:28BD:0042.0015: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.1-1/input1
[  300.138757][ T5891] usb 3-1: USB disconnect, device number 16
[  300.168079][ T5891] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  300.219205][ T5891] cp210x 3-1:0.0: device disconnected
[  300.260742][ T5929] usb 2-1: USB disconnect, device number 14
[  300.276802][T11043] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1942'.
[  300.321491][T11045] batadv1: entered promiscuous mode
[  300.333145][T11045] batadv1: entered allmulticast mode
[  300.459485][T11049] loop5: detected capacity change from 0 to 1024
[  300.565852][   T37] hfsplus: b-tree write err: -5, ino 4
[  300.781824][T11058] loop2: detected capacity change from 0 to 47
[  300.818233][T11058] MINIX-fs: deleted inode referenced: 9
[  300.845558][T11058] MINIX-fs: deleted inode referenced: 9
[  301.683851][T11084] loop0: detected capacity change from 0 to 40427
[  301.691927][T11084] F2FS-fs: heap/no_heap options were deprecated
[  301.726235][T11084] F2FS-fs (loop0): invalid crc value
[  301.731604][T11084] F2FS-fs (loop0): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root and reserve_node
[  301.828323][T11084] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  301.838043][T11084] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  301.983952][T11101] syzkaller0: tun_chr_ioctl cmd 1074025681
[  302.009385][T11096] loop2: detected capacity change from 0 to 4096
[  302.227291][T11096] ntfs3(loop2): ino=1e, "file1" attr_set_size
[  302.317107][T11112] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1973'.
[  302.354088][T11113] syzkaller1: tun_chr_ioctl cmd 1074025680
[  302.590806][T11122] sctp: [Deprecated]: syz.1.1977 (pid 11122) Use of int in max_burst socket option.
[  302.590806][T11122] Use struct sctp_assoc_value instead
[  302.880446][T11133] loop2: detected capacity change from 0 to 4096
[  303.265535][T11160] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1995'.
[  303.299187][T11160] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1995'.
[  303.323676][T11164] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1995'.
[  303.335895][T11164] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1995'.
[  303.367945][T11165] sctp: [Deprecated]: syz.0.1997 (pid 11165) Use of int in maxseg socket option.
[  303.367945][T11165] Use struct sctp_assoc_value instead
[  303.456781][T11171] loop2: detected capacity change from 0 to 128
[  303.476110][T11171] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  303.507967][T11171] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  303.657289][T11185] netlink: 'syz.2.2005': attribute type 83 has an invalid length.
[  303.695760][ T5891] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  303.790555][T11190] loop1: detected capacity change from 0 to 1024
[  303.798998][T11190] EXT4-fs: Ignoring removed bh option
[  303.805860][T11190] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  303.819026][T11190] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c854e018, mo2=0000]
[  303.855383][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  303.864563][T11190] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.2007: lblock 2 mapped to illegal pblock 2 (length 1)
[  303.886642][T11190] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  303.887332][ T5891] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  303.903675][T11190] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.2007: lblock 0 mapped to illegal pblock 48 (length 1)
[  303.906855][ T5891] usb 5-1: config 0 has no interface number 0
[  303.928327][ T5891] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  303.937776][T11190] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  303.946832][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.954989][T11190] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.2007: Failed to acquire dquot type 0
[  303.966679][ T5891] usb 5-1: Product: syz
[  303.970915][ T5891] usb 5-1: Manufacturer: syz
[  303.975618][ T5891] usb 5-1: SerialNumber: syz
[  303.980513][T11190] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6305: Corrupt filesystem
[  303.984409][ T5891] usb 5-1: config 0 descriptor??
[  303.998399][ T5891] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  304.004332][T11190] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.2007: mark_inode_dirty error
[  304.037376][T11190] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  304.050181][T11190] EXT4-fs (loop1): 1 orphan inode deleted
[  304.058532][T11190] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.071842][ T3584] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1)
[  304.095364][ T3584] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  304.113708][ T3584] EXT4-fs error (device loop1): ext4_release_dquot:6981: comm kworker/u8:7: Failed to release dquot type 0
[  304.116883][T11204] loop2: detected capacity change from 0 to 256
[  304.243067][ T5891] usb 5-1: qt2_attach - failed to power on unit: -71
[  304.250199][ T5891] quatech2 5-1:0.51: probe with driver quatech2 failed with error -71
[  304.268775][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.283703][ T5891] usb 5-1: USB disconnect, device number 7
[  304.296567][ T5837] EXT4-fs error (device loop1): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[  304.313118][ T5837] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6305: Corrupt filesystem
[  304.336888][ T5837] EXT4-fs error (device loop1): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[  304.457722][T11208] loop2: detected capacity change from 0 to 64
[  304.761107][T11202] loop0: detected capacity change from 0 to 32768
[  304.806774][T11202] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  304.884699][   T30] audit: type=1800 audit(1759578458.341:281): pid=11202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2012" name="file1" dev="loop0" ino=17058 res=0 errno=0
[  305.053674][T11235] IPVS: dh: FWM 3 0x00000003 - no destination available
[  305.064834][ T5891] IPVS: starting estimator thread 0...
[  305.205294][T11237] IPVS: using max 24 ests per chain, 57600 per kthread
[  305.313487][ T5833] ocfs2: Unmounting device (7,0) on (node local)
[  305.329500][T11244] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2029'.
[  305.376858][T11214] loop5: detected capacity change from 0 to 32768
[  305.425763][T11214] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2018 (11214)
[  305.469040][T11214] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  305.542900][T11214] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  305.764838][T11214] BTRFS info (device loop5): enabling ssd optimizations
[  305.801691][T11214] BTRFS info (device loop5): enabling free space tree
[  305.813648][T11272] sp0: Synchronizing with TNC
[  305.956039][ T5847] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  305.991396][T11287] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  306.224384][T11297] loop0: detected capacity change from 0 to 512
[  306.989882][T11319] loop5: detected capacity change from 0 to 512
[  307.025341][T11319] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  307.081030][T11319] EXT4-fs (loop5): 1 truncate cleaned up
[  307.089757][T11321] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2057'.
[  307.090879][T11296] loop4: detected capacity change from 0 to 32768
[  307.103176][T11319] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  307.120799][T11296] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2046 (11296)
[  307.225502][T11296] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  307.275655][T11296] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  307.357193][T11340] loop0: detected capacity change from 0 to 256
[  307.369692][ T5847] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  307.458698][T11296] BTRFS info (device loop4): enabling ssd optimizations
[  307.476405][T11296] BTRFS info (device loop4): enabling free space tree
[  307.678605][   T56] block nbd0: Possible stuck request ffff888024ef7000: control (read@0,1024B). Runtime 150 seconds
[  307.690535][   T56] block nbd0: Possible stuck request ffff888024ef71c0: control (read@1024,1024B). Runtime 150 seconds
[  307.701684][   T56] block nbd0: Possible stuck request ffff888024ef7380: control (read@2048,1024B). Runtime 150 seconds
[  307.714285][   T56] block nbd0: Possible stuck request ffff888024ef7540: control (read@3072,1024B). Runtime 150 seconds
[  307.741782][ T5834] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  307.779805][T11361] loop2: detected capacity change from 0 to 1024
[  307.891018][   T44] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  308.061653][   T44] usb 2-1: Using ep0 maxpacket: 32
[  308.105672][   T44] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  308.144534][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.168239][   T44] usb 2-1: config 0 descriptor??
[  308.400414][   T44] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  308.433676][   T44] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  308.458900][   T44] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  308.480499][   T44] usb 2-1: media controller created
[  308.529363][   T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  308.716761][   T44] DVB: Unable to find symbol dib7000p_attach()
[  308.730967][   T44] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  308.858086][T11384] loop4: detected capacity change from 0 to 2048
[  308.939997][T11384] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.956033][   T44] rc_core: IR keymap rc-dib0700-rc5 not found
[  308.962112][   T44] Registered IR keymap rc-empty
[  308.971423][   T44] dvb-usb: could not initialize remote control.
[  308.979128][   T44] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  308.992500][   T44] usb 2-1: USB disconnect, device number 15
[  309.054182][   T44] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  309.180798][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.405977][T11367] loop0: detected capacity change from 0 to 40427
[  309.457999][T11367] F2FS-fs (loop0): invalid crc value
[  309.523109][T11417] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2091'.
[  309.584930][T11420] blk_print_req_error: 138 callbacks suppressed
[  309.584957][T11420] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  309.662832][T11367] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  309.665300][T11420] buffer_io_error: 138 callbacks suppressed
[  309.665317][T11420] Buffer I/O error on dev nbd1, logical block 0, async page read
[  309.683292][T11367] F2FS-fs (loop0): Start checkpoint disabled!
[  309.703924][T11367] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  309.734371][T11367] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  309.735521][T11420] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  309.797362][T11420] Buffer I/O error on dev nbd1, logical block 1, async page read
[  309.834522][T11431] netlink: 'syz.5.2096': attribute type 15 has an invalid length.
[  309.848698][T11420] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  309.890731][T11420] Buffer I/O error on dev nbd1, logical block 2, async page read
[  309.913746][T11420] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  309.944799][T11420] Buffer I/O error on dev nbd1, logical block 3, async page read
[  309.954107][   T37] kworker/u8:3: attempt to access beyond end of device
[  309.954107][   T37] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  309.985017][   T37] CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  309.985053][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  309.985072][   T37] Workqueue: writeback wb_workfn (flush-7:0)
[  309.985110][   T37] Call Trace:
[  309.985120][   T37]  <TASK>
[  309.985132][   T37]  dump_stack_lvl+0x189/0x250
[  309.985178][   T37]  ? __pfx_dump_stack_lvl+0x10/0x10
[  309.985213][   T37]  ? __pfx_queue_work_on+0x10/0x10
[  309.985242][   T37]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  309.985303][   T37]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  309.985358][   T37]  f2fs_handle_critical_error+0x37c/0x540
[  309.985405][   T37]  f2fs_write_end_io+0x886/0xb60
[  309.985473][   T37]  __submit_merged_bio+0x27a/0x6a0
[  309.985519][   T37]  __submit_merged_write_cond+0x255/0x530
[  309.985564][   T37]  f2fs_write_data_pages+0x261d/0x3000
[  309.985661][   T37]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  309.985721][   T37]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  309.985803][   T37]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  309.985859][   T37]  ? trace_f2fs_writepages+0x7f/0x200
[  309.985896][   T37]  ? f2fs_write_node_pages+0x478/0x6e0
[  309.985938][   T37]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  309.985979][   T37]  ? __lock_acquire+0xab9/0xd20
[  309.986018][   T37]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  309.986058][   T37]  do_writepages+0x32e/0x550
[  309.986099][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.986129][   T37]  ? reacquire_held_locks+0x127/0x1d0
[  309.986161][   T37]  ? writeback_sb_inodes+0x384/0x1010
[  309.986210][   T37]  __writeback_single_inode+0x145/0xff0
[  309.986246][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.986275][   T37]  ? do_raw_spin_unlock+0x122/0x240
[  309.986320][   T37]  writeback_sb_inodes+0x6c7/0x1010
[  309.986397][   T37]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  309.986499][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.986528][   T37]  ? rcu_is_watching+0x15/0xb0
[  309.986559][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.986603][   T37]  wb_writeback+0x43b/0xaf0
[  309.986657][   T37]  ? queue_io+0x2f1/0x590
[  309.986698][   T37]  ? __pfx_wb_writeback+0x10/0x10
[  309.986747][   T37]  ? _raw_spin_unlock_irq+0x23/0x50
[  309.986792][   T37]  wb_workfn+0x409/0xef0
[  309.986846][   T37]  ? __pfx_wb_workfn+0x10/0x10
[  309.986882][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.986912][   T37]  ? __lock_acquire+0xab9/0xd20
[  309.986956][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.986990][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.987026][   T37]  ? _raw_spin_unlock_irq+0x23/0x50
[  309.987059][   T37]  ? process_scheduled_works+0x9ef/0x17b0
[  309.987088][   T37]  ? process_scheduled_works+0x9ef/0x17b0
[  309.987121][   T37]  process_scheduled_works+0xae1/0x17b0
[  309.987200][   T37]  ? __pfx_process_scheduled_works+0x10/0x10
[  309.987242][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.987286][   T37]  worker_thread+0x8a0/0xda0
[  309.987322][   T37]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  309.987373][   T37]  ? __kthread_parkme+0x7b/0x200
[  309.987422][   T37]  kthread+0x711/0x8a0
[  309.987464][   T37]  ? __pfx_worker_thread+0x10/0x10
[  309.987494][   T37]  ? __pfx_kthread+0x10/0x10
[  309.987526][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.987562][   T37]  ? _raw_spin_unlock_irq+0x23/0x50
[  309.987595][   T37]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.987630][   T37]  ? lockdep_hardirqs_on+0x9c/0x150
[  309.987667][   T37]  ? __pfx_kthread+0x10/0x10
[  309.987706][   T37]  ret_from_fork+0x439/0x7d0
[  309.987739][   T37]  ? __pfx_ret_from_fork+0x10/0x10
[  309.987777][   T37]  ? __switch_to_asm+0x39/0x70
[  309.987812][   T37]  ? __switch_to_asm+0x33/0x70
[  309.987844][   T37]  ? __pfx_kthread+0x10/0x10
[  309.987883][   T37]  ret_from_fork_asm+0x1a/0x30
[  309.987945][   T37]  </TASK>
[  309.995502][T11420] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  310.020096][   T37] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  310.057563][T11437] overlayfs: failed to clone upperpath
[  310.119549][T11420] Buffer I/O error on dev nbd1, logical block 0, async page read
[  310.254552][T11410] loop4: detected capacity change from 0 to 32768
[  310.372039][T11442] trusted_key: encrypted_key: keylen parameter is missing
[  310.442632][T11441] trusted_key: encrypted_key: keylen parameter is missing
[  310.451573][T11420] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  310.469581][T11420] Buffer I/O error on dev nbd1, logical block 1, async page read
[  310.478926][T11420] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  310.499972][T11420] Buffer I/O error on dev nbd1, logical block 2, async page read
[  310.508437][T11420] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  310.520348][T11420] Buffer I/O error on dev nbd1, logical block 3, async page read
[  310.536284][T11420] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  310.550328][T11420] Buffer I/O error on dev nbd1, logical block 0, async page read
[  310.570993][T11420] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  310.598609][T11410] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  310.625345][T11420] Buffer I/O error on dev nbd1, logical block 1, async page read
[  310.640288][T11420] ldm_validate_partition_table(): Disk read failed.
[  310.649706][T11420] Dev nbd1: unable to read RDB block 0
[  310.658826][T11420]  nbd1: unable to read partition table
[  310.674686][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  310.688119][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=30, location=30
[  310.764280][T11410] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  310.787803][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=29, location=29
[  310.826895][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=28, location=28
[  310.844721][T11410] XFS (loop4): Starting recovery (logdev: internal)
[  310.876233][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  310.938629][T11410] XFS (loop4): Ending recovery (logdev: internal)
[  310.963886][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  311.001529][T11410] XFS (loop4): Quotacheck needed: Please wait.
[  311.028945][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=14, location=14
[  311.082084][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=13, location=13
[  311.137395][T11410] XFS (loop4): Quotacheck: Done.
[  311.154744][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=12, location=12
[  311.218926][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  311.275849][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  311.346064][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=6, location=6
[  311.393535][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=5, location=5
[  311.444592][ T5834] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  311.469069][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=4, location=4
[  311.526686][T11425] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  311.579078][T11425] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  311.856672][T11454] loop5: detected capacity change from 0 to 131072
[  311.871038][T11454] F2FS-fs (loop5): invalid crc value
[  312.005102][T11454] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  312.022725][T11454] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  312.112289][T11454] F2FS-fs (loop5): f2fs_lookup: inode (ino=4) has zero i_nlink
[  312.421211][T11498] loop4: detected capacity change from 0 to 2048
[  312.481762][T11498] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  312.598415][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.855302][ T5907] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  313.015620][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  313.028738][ T5907] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  313.044963][ T5907] usb 2-1: config 0 has no interface number 0
[  313.065323][ T5907] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.085239][ T5907] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  313.095008][ T5907] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  313.141405][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.180598][ T5907] usb 2-1: config 0 descriptor??
[  313.404015][T11519] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2131'.
[  313.426884][T11511] loop4: detected capacity change from 0 to 32768
[  313.493203][   T30] audit: type=1800 audit(1759578466.951:282): pid=11511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2127" name="file1" dev="loop4" ino=4 res=0 errno=0
[  313.745138][T11532] loop5: detected capacity change from 0 to 128
[  313.773431][T11532] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  313.792668][T11532] hpfs: filesystem error: improperly stopped
[  313.812001][T11532] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  313.835666][T11532] hpfs: You really don't want any checks? You are crazy...
[  313.843333][T11532] hpfs: hpfs_map_sector(): read error
[  313.848776][ T5907] input: HID 28bd:0094 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0094.0016/input/input20
[  313.905338][T11532] hpfs: code page support is disabled
[  313.914494][T11532] hpfs: hpfs_map_4sectors(): unaligned read
[  313.934773][ T5907] uclogic 0003:28BD:0094.0016: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.1-1/input1
[  313.955537][T11532] hpfs: hpfs_map_4sectors(): unaligned read
[  313.977466][T11532] hpfs: filesystem error: unable to find root dir
[  314.048170][ T5929] usb 2-1: USB disconnect, device number 16
[  314.381451][T11550] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2146'.
[  314.647767][T11560] loop0: detected capacity change from 0 to 64
[  314.965013][T11571] veth0_to_bridge: entered promiscuous mode
[  314.986954][T11570] veth0_to_bridge: left promiscuous mode
[  315.143369][T11580] loop5: detected capacity change from 0 to 128
[  315.169885][T11580] EXT4-fs: Ignoring removed nobh option
[  315.219553][T11580] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  315.299760][T11580] ext4 filesystem being mounted at /332/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  315.565967][ T5847] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  315.589589][T11601] input: syz1 as /devices/virtual/input/input21
[  315.901135][T11575] loop0: detected capacity change from 0 to 32768
[  315.958451][T11575] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  316.079740][T11575] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  316.153818][T11575] XFS (loop0): Starting recovery (logdev: internal)
[  316.185390][T11575] XFS (loop0): Ending recovery (logdev: internal)
[  316.220916][T11575] XFS (loop0): Quotacheck needed: Please wait.
[  316.300039][    C0] vkms_vblank_simulate: vblank timer overrun
[  316.329808][T11575] XFS (loop0): Quotacheck: Done.
[  316.385479][ T5891] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  316.509708][ T5833] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  316.558178][ T5891] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[  316.567294][ T5891] usb 6-1: config 0 has no interface number 0
[  316.579119][ T5891] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  316.595318][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.603969][ T5891] usb 6-1: Product: syz
[  316.608266][ T5891] usb 6-1: Manufacturer: syz
[  316.613146][ T5891] usb 6-1: SerialNumber: syz
[  316.625085][ T5891] usb 6-1: config 0 descriptor??
[  316.678926][T11611] loop4: detected capacity change from 0 to 32768
[  422.515198][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  422.522190][    C0] rcu: 	1-...!: (0 ticks this GP) idle=09cc/1/0x4000000000000000 softirq=47926/47926 fqs=0
[  422.533854][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=41685, q=335 ncpus=2)
[  422.541579][    C0] Sending NMI from CPU 0 to CPUs 1:
[  422.541612][    C1] NMI backtrace for cpu 1
[  422.541628][    C1] CPU: 1 UID: 0 PID: 11640 Comm: syz.1.2181 Not tainted syzkaller #0 PREEMPT(full) 
[  422.541653][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  422.541667][    C1] RIP: 0010:_raw_spin_lock_irqsave+0xbb/0xf0
[  422.541703][    C1] Code: f6 31 d2 31 c9 41 b8 01 00 00 00 45 31 c9 ff 75 08 e8 a9 bf 64 f6 48 83 c4 08 48 89 df e8 fd 63 65 f6 48 c7 04 24 0e 36 e0 45 <4b> c7 04 27 00 00 00 00 65 48 8b 05 d5 ff 11 07 48 3b 44 24 48 75
[  422.541722][    C1] RSP: 0018:ffffc90000a08c00 EFLAGS: 00000046
[  422.541741][    C1] RAX: 0383113458fcb300 RBX: ffffffff99794dd0 RCX: dffffc0000000000
[  422.541759][    C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000a08b80
[  422.541774][    C1] RBP: ffffc90000a08c98 R08: 0000000000000003 R09: 0000000000000004
[  422.541788][    C1] R10: dffffc0000000000 R11: fffff52000141170 R12: dffffc0000000000
[  422.541810][    C1] R13: dffffc0000000000 R14: 0000000000000012 R15: 1ffff92000141180
[  422.541829][    C1] FS:  00007f7a233c76c0(0000) GS:ffff88812648a000(0000) knlGS:0000000000000000
[  422.541848][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  422.541864][    C1] CR2: 0000200000000240 CR3: 00000000779b5000 CR4: 0000000000350ef0
[  422.541881][    C1] Call Trace:
[  422.541891][    C1]  <IRQ>
[  422.541902][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  422.541941][    C1]  debug_object_deactivate+0x9a/0x250
[  422.541975][    C1]  debug_deactivate+0x1d/0x200
[  422.542005][    C1]  __hrtimer_run_queues+0x2b0/0xc60
[  422.542031][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.542070][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  422.542094][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.542121][    C1]  ? rcu_is_watching+0x15/0xb0
[  422.542151][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  422.542195][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  422.542225][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  422.542257][    C1]  </IRQ>
[  422.542264][    C1]  <TASK>
[  422.542274][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  422.542297][    C1] RIP: 0010:lock_is_held_type+0x137/0x190
[  422.542329][    C1] Code: 01 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 05 59 8e 14 07 <48> 3b 44 24 08 75 43 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
[  422.542347][    C1] RSP: 0018:ffffc9000de0f548 EFLAGS: 00000206
[  422.542365][    C1] RAX: 0383113458fcb300 RBX: 0000000000000001 RCX: 0383113458fcb300
[  422.542381][    C1] RDX: ffff8880347e1e40 RSI: ffffffff8d6f525f RDI: ffffffff8b9eea60
[  422.542399][    C1] RBP: 00000000ffffffff R08: ffffea00011ea9c7 R09: 1ffffd400023d538
[  422.542415][    C1] R10: dffffc0000000000 R11: fffff9400023d539 R12: 0000000000000246
[  422.542431][    C1] R13: ffff8880347e1e40 R14: ffffffff8dd3b160 R15: 0000000000000001
[  422.542464][    C1]  xas_next_entry+0x202/0x3d0
[  422.542499][    C1]  next_uptodate_folio+0x32/0x5d0
[  422.542522][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.542548][    C1]  ? folio_unlock+0x101/0x160
[  422.542580][    C1]  filemap_map_pages+0x11ea/0x1c60
[  422.542605][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.542639][    C1]  ? __lock_acquire+0xab9/0xd20
[  422.542660][    C1]  ? filemap_map_pages+0x15c/0x1c60
[  422.542686][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[  422.542711][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.542739][    C1]  ? __handle_mm_fault+0x2789/0x5400
[  422.542768][    C1]  ? __handle_mm_fault+0x2789/0x5400
[  422.542798][    C1]  __handle_mm_fault+0x347e/0x5400
[  422.542841][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  422.542879][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.542905][    C1]  ? follow_page_pte+0x7ef/0x13e0
[  422.542940][    C1]  handle_mm_fault+0x40a/0x8e0
[  422.542976][    C1]  __get_user_pages+0x165c/0x2a00
[  422.543026][    C1]  populate_vma_page_range+0x29f/0x3a0
[  422.543054][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[  422.543079][    C1]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  422.543116][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.543141][    C1]  ? down_read+0x1ad/0x2e0
[  422.543164][    C1]  __mm_populate+0x24c/0x380
[  422.543191][    C1]  ? __pfx___mm_populate+0x10/0x10
[  422.543218][    C1]  ? up_write+0x1c4/0x420
[  422.543250][    C1]  vm_mmap_pgoff+0x387/0x4d0
[  422.543280][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  422.543303][    C1]  ? exc_page_fault+0x76/0xf0
[  422.543336][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.543364][    C1]  ? ksys_mmap_pgoff+0xf4/0x760
[  422.543392][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.543417][    C1]  ? __x64_sys_mmap+0x7f/0x140
[  422.543444][    C1]  do_syscall_64+0xfa/0x3b0
[  422.543462][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  422.543494][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.543515][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  422.543540][    C1]  ? exc_page_fault+0x9f/0xf0
[  422.543573][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.543594][    C1] RIP: 0033:0x7f7a2258eec9
[  422.543614][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.543632][    C1] RSP: 002b:00007f7a233c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  422.543653][    C1] RAX: ffffffffffffffda RBX: 00007f7a227e5fa0 RCX: 00007f7a2258eec9
[  422.543670][    C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[  422.543686][    C1] RBP: 00007f7a22611f91 R08: ffffffffffffffff R09: 0000000032cc0000
[  422.543702][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[  422.543716][    C1] R13: 00007f7a227e6038 R14: 00007f7a227e5fa0 R15: 00007ffe237622a8
[  422.543744][    C1]  </TASK>
[  422.544603][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g41685 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  423.103207][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  423.113166][    C0] rcu: RCU grace-period kthread stack dump:
[  423.119036][    C0] task:rcu_preempt     state:R  running task     stack:27320 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  423.132553][    C0] Call Trace:
[  423.135833][    C0]  <TASK>
[  423.138765][    C0]  __schedule+0x1798/0x4cc0
[  423.143388][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.149029][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.154662][    C0]  ? __lock_acquire+0xab9/0xd20
[  423.159517][    C0]  ? __pfx___schedule+0x10/0x10
[  423.164396][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.170037][    C0]  ? schedule+0x91/0x360
[  423.174289][    C0]  schedule+0x165/0x360
[  423.178452][    C0]  schedule_timeout+0x12b/0x270
[  423.183301][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  423.188676][    C0]  ? __pfx_process_timeout+0x10/0x10
[  423.193973][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.199611][    C0]  ? prepare_to_swait_event+0x341/0x380
[  423.205256][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  423.210114][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  423.215221][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  423.220425][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  423.225705][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  423.230921][    C0]  rcu_gp_kthread+0x99/0x390
[  423.235510][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  423.240707][    C0]  ? __kthread_parkme+0x7b/0x200
[  423.245646][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.251278][    C0]  ? __kthread_parkme+0x1a1/0x200
[  423.256311][    C0]  kthread+0x711/0x8a0
[  423.260390][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  423.265585][    C0]  ? __pfx_kthread+0x10/0x10
[  423.270174][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.275808][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  423.281010][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.286641][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  423.291845][    C0]  ? __pfx_kthread+0x10/0x10
[  423.296441][    C0]  ret_from_fork+0x439/0x7d0
[  423.301033][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  423.306148][    C0]  ? __switch_to_asm+0x39/0x70
[  423.310917][    C0]  ? __switch_to_asm+0x33/0x70
[  423.315687][    C0]  ? __pfx_kthread+0x10/0x10
[  423.320281][    C0]  ret_from_fork_asm+0x1a/0x30
[  423.325066][    C0]  </TASK>
[  423.328073][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  423.334381][    C0] CPU: 0 UID: 0 PID: 11659 Comm: syz.3.2189 Not tainted syzkaller #0 PREEMPT(full) 
[  423.343745][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  423.353789][    C0] RIP: 0010:smp_call_function_many_cond+0xd31/0x12d0
[  423.360466][    C0] Code: 00 00 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 96 73 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 41 6f 0b 00 eb 38 <f3> 90 42 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8
[  423.380072][    C0] RSP: 0018:ffffc9000ddcf540 EFLAGS: 00000246
[  423.386140][    C0] RAX: ffffffff81b3103b RBX: 1ffff11017127ff5 RCX: 0000000000080000
[  423.394105][    C0] RDX: ffffc9000c0eb000 RSI: 000000000007ffff RDI: 0000000000080000
[  423.402071][    C0] RBP: ffffc9000ddcf6c0 R08: ffffffff8f5bed37 R09: 1ffffffff1eb7da6
[  423.410037][    C0] R10: dffffc0000000000 R11: fffffbfff1eb7da7 R12: ffff8880b893ffa8
[  423.418000][    C0] R13: dffffc0000000000 R14: ffff8880b883b200 R15: 0000000000000001
[  423.426227][    C0] FS:  00007fcd863a06c0(0000) GS:ffff88812638a000(0000) knlGS:0000000000000000
[  423.435241][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  423.441828][    C0] CR2: 00007f4cf2b156c0 CR3: 00000000526d8000 CR4: 0000000000350ef0
[  423.449796][    C0] Call Trace:
[  423.453064][    C0]  <TASK>
[  423.455993][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  423.461213][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  423.467542][    C0]  ? free_pgd_range+0x144b/0x14c0
[  423.472584][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.478214][    C0]  ? rcu_is_watching+0x15/0xb0
[  423.482982][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  423.488187][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  423.493305][    C0]  flush_tlb_mm_range+0x6b1/0x12d0
[  423.498425][    C0]  ? unlink_file_vma_batch_add+0xda/0x1e0
[  423.504145][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.509777][    C0]  ? free_pgtables+0x8e0/0x9c0
[  423.514539][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  423.520102][    C0]  ? __pfx_free_pgtables+0x10/0x10
[  423.525211][    C0]  tlb_flush_mmu+0x1a7/0x680
[  423.529821][    C0]  tlb_finish_mmu+0xc3/0x1d0
[  423.534423][    C0]  vms_clear_ptes+0x42c/0x540
[  423.539110][    C0]  ? __pfx_vms_clear_ptes+0x10/0x10
[  423.544332][    C0]  vms_complete_munmap_vmas+0x206/0x8a0
[  423.549880][    C0]  ? __mas_set_range+0x12f/0x3c0
[  423.554821][    C0]  do_vmi_align_munmap+0x364/0x440
[  423.559953][    C0]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  423.565609][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.571249][    C0]  do_vmi_munmap+0x253/0x2e0
[  423.575858][    C0]  __vm_munmap+0x207/0x380
[  423.580277][    C0]  ? __pfx___vm_munmap+0x10/0x10
[  423.585227][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.590856][    C0]  ? rcu_is_watching+0x15/0xb0
[  423.595634][    C0]  __x64_sys_munmap+0x60/0x70
[  423.600315][    C0]  do_syscall_64+0xfa/0x3b0
[  423.604810][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  423.610012][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.616076][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  423.621716][    C0]  ? exc_page_fault+0x9f/0xf0
[  423.626402][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.632292][    C0] RIP: 0033:0x7fcd8558ef57
[  423.636701][    C0] Code: 00 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  423.656304][    C0] RSP: 002b:00007fcd8639fe18 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[  423.664716][    C0] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007fcd8558ef57
[  423.672683][    C0] RDX: 0000000000000000 RSI: 0000000008400000 RDI: 00007fcd7b200000
[  423.680647][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000593
[  423.688614][    C0] R10: 00000000000003ca R11: 0000000000000246 R12: 0000000000000003
[  423.696578][    C0] R13: 00007fcd8639fef0 R14: 00007fcd8639feb0 R15: 00007fcd7b200000
[  423.704569][    C0]  </TASK>
[  423.708018][    C0] vkms_vblank_simulate: vblank timer overrun