last executing test programs:

5.554837871s ago: executing program 3 (id=5358):
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f000095dffc)=0x8)
r0 = socket(0x11, 0x2, 0x0)
getsockopt$nfc_llcp(r0, 0x107, 0xe, 0x0, 0x20600000)

4.676439435s ago: executing program 3 (id=5372):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000001c0)="48000000140081fb7059ff00000004000aff0f030000038130216266c808222e40d6ee11000000006fabca1b4e7d06a6bd7cf750375ed08a562ad6e74703c48f93b82a0200000046", 0x48}], 0x1}, 0x10004000)

4.372512198s ago: executing program 3 (id=5379):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x300)

3.6874659s ago: executing program 3 (id=5386):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
fsopen(&(0x7f0000000000)='proc\x00', 0x0)

2.358001871s ago: executing program 3 (id=5404):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x20108c0, &(0x7f0000000140)=ANY=[@ANYBLOB="646973636172642c696f636861727365743d63703837342c6572726f72733d72656d6f756e742d726f2c75737271756f74612c696f636861727365743d63703836312c696f636861727365743d6370313235302c696e7465677269747900696f636861727365743d69736f383835392d342c646973636172643d30783030303030303030303030303030396943b95b49aca56faf1cc22189cc312c696f636861727365743d6d6163677265656b2c71756f74612c726573697a653d3078303030303030303030303030376666662c646973636172643d3078303030303030303066666666666666662c756d61736b3d3078303030303030303030303032303034352c6673636f6e746578743d756e636f6e66696e65645f752c66736d616769633d3078303030303030303030303030303030392c66736e616d"], 0xfe, 0x6172, &(0x7f0000006540)="$eJzs3c9vHGf9B/DP/vSPfJtaPVT9Rgi5aflRSpM4KSFQoO0BDlx6QLmiRK5bRaSAkoDSyiKufOHAib8AhMQRIY6IA39AD1w4cOPEiUg2EqgnBo39PPHsZjdrx/bO2vN6Sc7MZ54Z7zN+7+yP7Mw+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEd7/zvZVWRNz4aVqwFPF/0YloRyyU9XJELCwv5fW7EfFC7DTH8xHRm4sot9/559mI1yPik7MRW9vrq+Xiy/vsx7d//7fffP/MO3/5Xe/if/5wr/PGuPXu3//Fv//44HD7DAAAAE1TFEXRSm/zz6X39+26OwUATEV+/i+SvPzU17/8xzt/mqX+qNVqtVo9hbqqGO1BtYiIjeo25WsGH8cDwAmzEZ8+3YZ/PXPUXaEGT50/p0E3IhzIwJO06u4Ax2Jre321lfJtVZ8Plnfb87kgA/lvtB5d3zFuOsnwOSbTun9tRieeG9OfhSdteEoPgJx/ezj/G7vt/bTecec/LePy7+9e+tQ4Of/OcP5DTk/+7ZH5N1XOv3ug/DvyBwAAAACAGZb//3+p5s9/5w6/K/vypM9/l6fUBwAAAAAAAAA4aocd/+8R4/8BAADAzCrfq5d+dXZv2bivOiuXX29FPDO0PtAw6WKZxbr7AQAAAAAAAAAAAABN0t09h/d6K6IXEc8sLhZFUf5UDdcHddjtT7qm7z80Wd0P8gAAsOuTs0PX8rci5iPievquv97i4mJRzC8sFovFwlx+Pdufmy8WKu9r87RcNtffxwvibr8of9l8ZbuqSe+XJ7UP/77ytvpFZx8dOyK99Ncc01xT2ACQ7D4bbXlGOmWK4tlxLz5ggOP/FFqKpbrvV8y+uu+mAAAAwPEriqJopa/zPpc+82/X3SkAYCry8//w5wKHqttj2iOO5ver1Wq1Wq1+qrqqGO1BtYiIjeo25WsGw/EDwAmzEZ/W3QVqJP9G60bEC3V3Aphprbo7wLHY2l5fbaV8W9XngzS+ez4XZCD/jdbOdnn7UdNJhs8xmdb9azM68dyY/jw/pT7Mkpx/ezj/G7vt/bTecec/LePy7+9cMtc8Of/OcP5DTk/+7ZH5N1XOv3ug/DvyBwAAAACAGZb//3/J5795lwEAAAAAAADgxNnaXl/N173mz/8/M2I913+eTjn/1kHzX0jz8j/Rcv7tofy/OLRepzL/8O294/9f2+urv733z//P0/3mP5dnWume1Ur3iFa6pVY3TQ+zd4/b7HX65S31Wu1ON53zU/Tei1txO9bi0sC67fT32GtfGWgve9obaL880N59rP3KQHsvfe9AsZDbL8Rq/Chux7s77WXb3IT9n5/QXkxoz/l3PP43Us6/W/kp819M7a2haenhx+3HjvvqdNTtvHXrsz+/dPy7M9FmdB7tW1W5f+dr6M/O3+RMP35yd+3Ohfs37927sxJpMrD0cqTJEcv593Z+5vYe/1/abc+P+9Xj9eHH/QPnPys2ozs2/5cq8+X+vjLlvtUh599PPzn/d1P76OP/JOc//vh/tYb+AAAAAAAAAAAAAAAAwJMURbFziehbEXE1Xf9T17WZAMB05ef/IsnL1Wq1Wq1Wn766qhjtzWoREX+ublO+ZvjZqF8GAMyy/0bE3+vuBLWRf4Pl7/srpy/X3Rlgqu5++NEPbt6+vXbnbt09AQAAAAAAAACeVh7/c7ky/vPLEbE0tN7A+K9vx/Jhx//s5plHA4we8UDfY2y2+512ZbjxF2NnfO4L48b/Ph+Pj/+dx8TtVPdjjN6E9v6E9rkJ7fMjl+6lNfJCj4qc/4uV8c7L/M8NDb/ehPFfh8e8b4Kc//nK/bnM/wtD61XzL349c/lv7HfFzWgP5H/x3gc/vnj3w49eu/XBzffX3l/74ZWVlUtXrl69du3axfdu3V67tPvv8fR6BuT889jXzgNtlpx/zlz+zZLz/1yq5d8sOf/Pp1r+zZLzz6/35N8sOf/83kf+zZLzfyXV8m+WnP+XUi3/ZtnaXp8r83811fJvlnz8fznV8m+WnP9rqZZ/s+T8L6Ra/s2S87+Y6n3k7+vhT5Gcf/6Ey/HfLDn/lVTLv1ly/pdTLf9myflfSbX8myXn/3qq5d8sOf+vpFr+zZLzv5pq+TdLzv+rqZZ/s+T8r6Va/s2S8/9aquXfLDn/r6da/s2S838j1fJvlpz/N1It/2bJ+X8z1fJvlpz/t1It/2bJ+b+Zavk3y973/5sxY8ZMnqn7kQkAAAAAAAAAAAAAGDaN04nr3kcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLevcbIddb3Az+zF3vtEGIgBCd/AxvHGOMs2fUlvvCviwnXBigFEgq9YLvetVnwDa9dAkWyaaBEwqioomr6oi0g1EaqKqyKF7SiNC+qXl6V9gV9U1FVQmpUBRRQkXqh2WrmPM/jmdnZmVnv2J49z+cjJT/vzpk5Z848M7vftb87AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDs3jfOfbZWFEX9v8b/NhXFC+p/3jC5qfG5193qIwQAAABW638b/3/ujvSJw31cqWmbv3nF3399cXFxsXj/6G+Pf3FxMV0wWRTj64uicVl09V8/UGveJni8mKiNNH080mP3oz0uH+tx+XiPy9f1uHx9j8snely+5AQssaH8eUzjxrY1/ripPKXFncV447JtHa71eG39yEj8WU5DrXGdxfETxXxxqpgrZlq2L7etNbb/5r31fb2tiPsaadrXlvoK+eEnj8djqIVzvK1lX9duM/r+G4rJH/3wk8f/8MKzd3eaPU9Dy+2Vx7lja/04Px0+Ux5rrVifzkk8zpGm49zS4TEZbTnOWuN69T+3H+dzfR7n6LXDvKnaH/OJYqTx5283ztNY84/10nnaEj73n/cVRXH52mG3b7NkX8VIsbHlMyPXHp+JckXWb6O+lF5cjK1ond7bxzqtz9ltreu0/TkRH/97w/XGljmG5ofp+59at+RxX+k6jer3ernnSvsaHPRzZVjWYFwX327c6Sc6rsFt4f5/cvvya7Dj2umwBtP9blqDW3utwZF1o41jTg9CrXGda2twV8v2o4091Rrzme3d1+D0hdPnphc+/onXzp8+dnLu5NyZPbt2zezZt+/AgQPTJ+ZPzc2U/7/Osz38NhYj6TmwNZy7+Bx4ddu2zUt18cuDex5OdHkebmrbdtDPw7H2O1e7OU/IpWu6fG48Uj/pE1dGimWeY43HZ+fqn4fpfjc9D8eanocdv6Z0eB6O9fE8rG9zbmd/37OMNf3X6Rhu1NeCTU1rsP37kfY1OOjvR4ZlDU6EdfHPO5f/WrAlHO8TUyv9fmR0yRpMdze89tQ/k77fnzjQGJ3W5T31C25bV1xcmDv/wGPHLlw4v6sI46Z4SdNaaV+vG5vuU7FkvY6seL0enn/FE/d0+PymcK4mXlv/38Syj1V9m70PdH+sGl/dOp/Pls/uLsIYsJt9Pjt9Na+fz5Qlu5zP+jafnl799+Iplza9/o4v8/obc//z5f7STT0+Oj5WPn9H09kZb3k9bn2oxhqvXbXGvp+b7u/1eDz8d7Nfj+/s8nq8uW3bQb8ej7ffufh6XOv1047VaX88J8I6OTXT/fW4vs3m3Stdk2NdX4/vC7MWzv9rQlJIuahp7Sy3btO+xsbGw/0ai3toXad7WrYfD9msvq+ndl/fOt1xX3lbo+neXftJ0c1ap5Nt2w56naZ7tNw6rfX66dv1aX88J8K6uHNP93Va3+bpvat/7dwQ/9j02rmu1xocH11XP+bxtAjL1/vFDXENPlAcL84Wp4rZxqXrGuup1tjX1IP9rcF14b+b/Vq5ucsa3NG27aDXYPo6ttzaq40tvfMD0P54ToR18eSD3ddgfZs37R/s9647wmfSNk3fu7b/fG25n3nd03aabuTPvOrH+Vf7u/9str7NqQMrzZndz9P94TO3dThP7c/f5Z5Ts8XNOU+bw3E+e2D581Q/nvo2XzzY53o6XBTFpY8+1Ph5b/j7lT+9+J2vt/y9S6e/07n00Yd+cPuJv17J8QOw9j1fjo3l17qmv5nq5+//AQAAgDUh5v6RMBP5HwAAACoj5v74r8IT+R8AAAAqI+b+sTCTTPL/5jc9O//8pSI18xeDeHk6DQ+X28WO60z4eHLxmvrnH/rq3I///FJ/+x4piuInD/9ax+03PxyPqzQZjvPqm1s/v/SKl/ra/9FHr23X/JsHvhRuP96ffpdBpwruTFEU37zj8439TH7gSmM+/fDRxnzP5Scer2/z3MHy43j9Z15Sbv97ofx7+MSxlus/E87D98KceXvn8xGv97Urr9my/33X9hevV9v6wsbdfvKD5e3G35PzhcfL7eN5Xu74/+JzT32tvv1jr+p8/JdGOh//U+F2vxrmf7283L75Mah/HK/3mXD8cX/xeg985Vsdj//qZ8vtz72l3O5omHH/O8LH297y7Hzz+XqsdqzlfhVvLbeL+5/5zm82Lo+3F2+//fgnjlxpOR/t6+PpfyxvZ7pt+/j5uJ/oz9r2X7+d5vUZ9//UbxxtOc+99n/1Pc+8vH677fu/v2270bbrt//Gpt//zOc77i8ez+E/Oddyfw6/OzyPw/6f/GBYj+Hy/776+Zb9Rkff3fr6E7f/0qZLLfcnetuPyv1fff3Jxvy3yR//7m0vuP2Fl19ZP3dF8e33lrfXa/8n/+Bsy/F/+a6djccjXh47+u37X07c//mPTZ05u3BxfrbprDZ+d847yuNZP7FhY/147wivre0fHzl74UNz5ydnJmeKYrK6v0Lvun0lzB+U4/JKr7/z0fB43vM739y4/R8+Fz//T4+Un7/y9vLr1qvDdl8In99UPn6LtVXu/8l772o8v2tPlx+39NgHYMu2fz/Q14bh/rd/XxDX+7mXfqhxHuqXNb5uxOf1Ko//u7Pl7XwjnNfF8JuZt951bX/N28ffjXDlveXzfdXnL7zMxcf1j8Lj/c7vlbcfjyve3++G72O+tbn19S6uj29cGmm//cZv8bgcXk+Ky+Xlcat4vq88d1fHw4u/h6S4fHfj499Kt3P3iu7mchY+vjB9av7MxcemL8wtXJhe+Pgnjpw+e/HMhSON3+V55MO9rn/t9Wlj4/Vpdm7f3mJmQ1EUZ4uZm/CCdWOOv/6n/o7/3KPHZ/fPbJ+dO3Hs4okLj56bO3/y+MLC8bnZhe3HTpyY+1iv68/PHtq1++Ce/bunTs7PHjpw8OCeg1PzZ87WD6M8qB72zXxk6sz5I42rLBzae3DXgw/unZk6fXZ27tD+mZmpi72u3/jaNFW/9q9OnZ87dezC/Om5qYX5T8wd2nVw377dPX8b4OlzJxYmp89fPDN9cWHu/HR5XyYvND5d/9rX6/pU08K/lN/PtquVv4iveNf9+9LvZ6376qeWvalyk7ZfIPps+F00f/eicwf6+Tjm/vEwk0zyPwAAAOQg5v51YSbyPwAAAFRGzP3rw0zkfwAAAKiMmPsnwkwyyf/6//r//fX/y8v1//Pq/5/7aNkrXev9/9if1//Pwy3u/696//r/+v/V6//3359f68ev/6//z1LD1v+PuX9DUWSZ/wEAACAHMfdvDDOR/wEAAKAyYu6/LcxE/gcAAIDKiLn/BWEmmeR//f+++v+7exWuqt//9/7/+v/F2uz/xwdH/z8bK+7fv++Rlg/1/wP9f/3/td7/X/yfxUX9f/1/brHxZS+5Vf3/mPtvDzPJJP8DAABADmLuf2GYifwPAAAAlRFz/x1hJvI/AAAAVEbM/ZvCTDLJ//r/3v9f/1//v9L9/9W+/3/Twej/rw3e/787/f8errv/P6H/P2z9/36Of3ywxz/c/f+eh6//zw0xbO//H3P/i8JMMsn/AAAAkIOY+18cZiL/AwAAQGXE3P+SMBP5HwAAACoj5v47w0wyyf/6//r/+v/6//r/nfff+/3/yz/p/w8X/f/u9P978P7/efX/B3z8w93/H/T7/4+/uf36+v90Mmz9/5j7Xxpmkkn+BwAAgBzE3H9XmIn8DwAAAJURc//LwkzkfwAAAKiMmPs3h5lkkv/1//X/9f/1//X/O++/d/+/pP8/XPT/u9P/70H/X/9f/7+//n+Hb371/+lk2Pr/MfffHWaSSf4HAACAHMTcf0+YifwPAAAAlRFz//8LM+k3/0/ciKMCAAAABinm/i1hJpn8/b/+v/6//n9e/f/71+n/6/9Xm/5/d/r/Pej/6//r//f5/v9LraT/v77XjVEZw9b/j7n/5WEmmeR/AAAAyEHM/a8IM5H/AQAAoDJi7n9lmIn8DwAAAJURc/9kmEkm+V//v1r9/z/+yydfWej/6//32H9F+/9xGej/Z07/vzv9/x70//X/9f9vSv+ffAxb/z/m/nvDTDLJ/wAAAJCDmPu3hpnI/wAAAFAZMfffF2Yi/wMAAEBlxNy/Lcwkk/yv/1+t/n+k/6//323/Fe3/J/r/edP/76DpSar/34P+v/5/9v3/+N2v/j+DMWz9/5j7XxVmkkn+BwAAgBzE3L89zET+BwAAgMqIuf/VYSbyPwAAAFRGzP07wkwyyf/6//r/+v/6//r/nfev/7826f93t9L+/zr9f/1//f/M+v/e/5/BGrb+f8z9rwkzyST/AwAAQA5i7t8ZZiL/AwAAQGXEf79Z/rtX+R8AAACqKOb+qTCTTPK//r/+f079/5r+v/6//n/l6f935/3/e9D/1//X/9f/Z6CGrf8fc/9rw0wyyf8AAACQg5j7Hwgzkf8BAACgMmLunw4zkf8BAACgMmLunwkzyST/6//r/+fU//f+//r/+v/Vp//fnf5/D/r/+v9V6/8Xhf4/t9Sw9f9j7t8VZpJJ/gcAAIAcxNy/O8xE/gcAAIDKiLl/T5iJ/A8AAACVEXP/3jCTTPK//r/+v/6//r/+f+f96/+vTfr/3en/96D/r/9ftf6/9//nFhu2/n/M/Q+GmWSS/wEAACAHMffvCzOR/wEAAKAyYu7fH2YS8n+nf9cNAAAArC0x9x8IM8nk7//1/yvS///1v23Zt/6//n+3/Q+m/79B/z9M/f/hUtH+f/vT4rrp//eg/6//r/+v/89ADVv/P+b+g2EmmeR/AAAAyEHM/a8LM5H/AQAAoDJi7v//YSbyPwAAAFRGzP0/FWaSSf7X/69I/7+N/r/+f7f9e/9//f8qq2j/f2Aq1f8f0f/X/x+u49f/1/9nqRvf/49/6q//H3P/oTCTTPI/AAAA5CDm/p8OM5H/AQAAoDJi7n99mIn8DwAAAJURc//hMJNM8r/+v/6//r/+/43p/7++aDeM/f/64tH/rxb9/+4q1f/3/v/6/0N2/Pr/+v8sNWzv/x9z/xvCTDLJ/wAAAJCDmPsfCjOR/wEAAKAyYu5/Y5iJ/A8AAACVEXP/m8JMMsn/+v/6//r/+v/e/7/z/vX/1yb9/+70/3vQ/9f/1//X/2eghq3/H3P/m8NMMsn/AAAAkIOY+98SZiL/AwAAQGXE3P/WMBP5HwAAACoj5v63hZlkkv/1//X/9f/1//X/O+9f/39t0v/vTv+/B/1//X/9f/1/BmrY+v8x9/9MmEkm+R8AAAByEHP/w2Em8j8AAABURsz9bw8zkf8BAACgMmLuf0eYSSb5X/9f/1//X/9f/7/z/vX/1yb9/+70/3vQ/9f/1//X/2eghq3/H3P/O8NMMsn/AAAAkIOY+382zET+BwAAgMqIuf9dYSbyPwAAAFRGzP0/F2aSSf7X/9f/H67+/+Kl5uvp/+v/F4Pq/9evpP+fBf3/7vT/e+jQ/1+v/6//r/+v/891G7b+f8z97w4zyST/AwAAQA5i7n9PmIn8DwAAAJURc/97w0zkfwAAAKiMmPsfCTPJJP/r/2fZ/093efj6/97/X//f+//r/6+O/n93+v89eP9//X/9f/1/BmrY+v8x9z8aZpJJ/gcAAIAcxNz/vjAT+R8AAAAqI+b+nw8zkf8BAACgMmLuf3+YSSb5X/8/y/7/EL//f9X6/2Mt6yOn/v9E0+OZ1qX+v/7/TaD/353+fw/6//r/w9z/D6t5wzLX1/9nGA1b/z/m/g+EmWSS/wEAACAHMff/QpiJ/A8AAACVEXP/L4aZyP8AAABQGTH3/1KYSSb5X/9f/1//3/v/e///zvvX/1+b9P+70//vQf9f/3+Y+/896P8zjIat/x9z/y+HmSwb/H7wH33cTQAAAGCIxNz/wTCTTP7+HwAAAHIQc/+RMBP5HwAAACoj5v6jYSaZ5H/9//b+f3xHVf1//X/9f/1//f+1aHD9/5fdXhT6//r/+v/6//r/+v+sxrD1/2PuPxZmkkn+BwAAgBzE3P8rYSbyPwAAAFRGzP3Hw0zkfwAAAKiMmPtnw0wyyf+3sP8/Ppz9f+//f739/5/o/6/9/v9463b6//r/a1EF3v+/7EHq/+v/d6D/P9zHr/+v/89Sw9b/j7l/Lswkk/wPAAAAFZZ+HBxz/4kwE/kfAAAAKiPm/pNhJvI/AAAAVEbM/R8KM8kk/3v/f/1/7/9/K/r/Yy3bD03/v207/X/9/7WoAv1/7/+v/6//v0aPX/9f/5+lhq3/H3P/fJhJJvkfAAAAchBz/4fDTOR/AAAAqIyY+z8SZiL/AwAAQGXE3H8qzCST/K//r/+fe/+/VhSXvf+//n+n/ev/r036/93p//eg/6//r/+v/89ADVv/P+b+02EmmeR/AAAAyEHM/WfCTOR/AAAAqIz/Y+8+muQ6qzgON8ZWWMFHYM2KJazMR2DLjirWFMnkYJucweQcTM45J5NzztnkHE00VIny6JwjjaZ1r6y5mn7v+z7P5iCVh+6x2qb+TP3q5u6/d9xi/wMAAEA3cvffJ24ZZP/r//X/o/f/m508/3//X6//P03/r/9fwoH+/vLtf935ovDz9v93uvNV99D/6//1/5P0//p//T/naq3/z91/37hlkP0PAAAAI8jdf7+4xf4HAACAbuTuv3/cYv8DAABAN3L3XxW3DLL/9f/6f/2//n9f/3+D/l//v26e/z9N/z9D/6//1//r/1lUa/1/7v4HxC2D7H8AAAAYQe7+B8Yt9j8AAAB0I3f/g+IW+x8AAAC6kbv/wXHLIPtf/6//1/+vpf8/5vn/53w/+n/9/zb6/2n6/xn6f/2//l//z6Ja6/9z9z8kbhlk/wMAAMAIcvc/NG6x/wEAAKAbufsfFrfY/wAAANCN3P0Pj1sG2f/6f/2//n8t/f8RPf9f/6//X7nrN2f+naD/P0j/P2Om/99s9P9TLrif3/7tref9n4f+X//PQa31/7n7HxG33HWzOXax3yQAAADQlNz9j4xbBvn5PwAAAIwgd//VcYv9DwAAAN3I3X9N3DLI/tf/6//1//p//f/219f/r5Pn/087fP9/x9vf657j9v+e/z/N8/+X7v9v+WTo/1m31vr/3P3Xxi2D7H8AAAAYQe7+R8Ut9j8AAAB0I3f/o+MW+x8AAAC6kbv/MXHLIPtf/99b/3/bfV93Vv+/V7vo//X/+n/9f+/0/9M8/3/G3r/mTtYv9f/6f8//1/9zOK31/7n7Hxu3DLL/AQAAYAS5+x8Xt9j/AAAA0I3c/Y+PW+x/AAAA6Ebu/ifELYPsf/1/b/3//q/z/H/9/7bX1//r/3um/5+m/5/Ry/P/L/JTs+t+/rB2/f71//p/Dmqt/8/d/8S4ZZD9DwAAACPI3f+kuMX+BwAAgG7k7n9y3GL/AwAAQDdy9z8lbhlk/+v/9f/r6P/zFfT/+v9L3/8n/f866f+n6f9n9NL/X6Rd9/Nrf//6f/0/B7XW/+fuf2rcMsj+BwAAgBHk7n9a3GL/AwAAQDdy9z89brH/AQAAoBu5+58Rtwyy//X/+v919P+e/6//9/x//f+F0f9P0//P0P/r//X/+n8W1Vr/n7v/urhlkP0PAAAAI8jd/8y4xf4HAACAbuTuf1bcYv8DAABAN3L3PztuGWT/6//1//p//b/+f/vr6//XSf8/Tf8/Q/+v/9f/6/9ZVEP9/1lfdWLznLhlkP0PAAAAI8jd/9y4xf4HAACAbuTuf17cYv8DAABAN3L3Pz9uGWT/6/+b6f/3cr6++v+Tm81G/78ZtP8/edafZ30u9f/6/yOg/5+m/5+h/9f/6//1/yyqof5/79e5+18Qtwyy/wEAAGAEuftfGLfY/wAAANCN3P0vilvsfwAAAOhG7v4Xxy2D7H/9fzP9/56++n/P/z/38zFS/+/5/wfp/4+G/n+a/n+G/l//r//X/7Oo1vr/3P0viZuOXXHR3yIAAADQmNz9L41bBvn5PwAAAIwgd//L4hb7HwAAAFbqugO/k7v/5XHLIPtf/79s/3/srN/T/+v/z/186P/1//r/S0//P03/P0P/r//X/+v/WVRr/X/u/lfELYPsfwAAABhB7v7r4xb7HwAAALqRu/+VcYv9DwAAAN3I3f+quGWQ/a//9/x//b/+X/+//fX1/+uk/5+m/5+h/9f/77b/P37mP+r/6cOt6P9PnTp19SXv/3P3vzpuGWT/AwAAwAhy978mbrH/AQAAoBu5+18bt9j/AAAA0I3c/a+LWwbZ//r/Qfv//Kivq/+/ZrPR/+v/9f/6/2n6/2n6/xn6f/2/5//r/1lUa8//z93/+rhlkP0PAAAAI8jd/4a4xf4HAACAbuTuf2PcYv8DAABAN3L3vyluGWT/6/8H7f89/1//r/8/6v7/5o3+/0isov8/ef7Xb73/v1b/r/+fMFz/f7e77Pul/l//z0Gt9f+5+98ctwyy/wEAAGAEufvfErfY/wAAANCN3P1vjVvsfwAAAOhG7v63xU2XD7L/9f/6f/2//l//v/31j/j5/8c2m43+fwGr6P8ntN7/L/P8/3P/KT9D/6//X/P71//r/zmotf4/d//b45ZB9j8AAACMIHf/O+IW+x8AAAC6kbv/nXGL/Q8AAADdyN3/rrhlkP2v/9f/6//1/933/9euov/3/P+F6P+ntdH/n5/+X/+/5vev/9f/c+F21f/n7n933DLI/gcAAIAR5O5/T9xi/wMAAEA3cve/N26x/wEAAKAbufvfF7cMsv8b7P/3+g/9/+lft9b/5/vU//fV/x9vrv8/se+/b5Dn/+v/F6L/n6b/n6H/1//r/6/T/7Ok1p7/n7v//XHLIPsfAAAARpC7/wNx6/+6tf8BAACgG7n7Pxi32P8AAADQjdz9H4pbBtn/Dfb/p9+X/n9Pa/2/5//32f93//x//f9Q9P/T9P8z9P/6f/2/5/+zqNb6/9z9H45bBtn/AAAAMILc/R+JW+x/AAAA6Ebu/o/GLfY/AAAAdCN3/w1xyyD7X/+v/9f/6//1/6f/DPX/fdD/Tzua/v+k/l//X/38beKfAv2//n/u6+lTa/1/7v6PxS2D7H8AAAAYQe7+j8ct9j8AAAB0I3f/J+IW+x8AAABW6fItv5e7/5NxyyD7f6n+PztY/f8Z+n/9/7mfD/1/u/3/ttfX/6/TTvr//FDo/z3/P4zT/99h36/W9vz/c//3S/+v/2d5rfX/ufs/FbcMsv8BAABgBLn7Px232P8AAADQjdz9n4lb7H8AAADoRu7+z8Ytg+x/z//X/+v/9f/6/+2vr/9fJ8//n6b/n6H/3+nz89f+/vX/+n8Oaq3/z93/ubhlkP0PAAAAI8jd//m4xf4HAACAbuTu/0LcYv8DAABAN/Z2f8ZlA+5//b/+X/+v/9f/b399/f866f+n6f9n6P/1//p//T+Laq3//+LeV53YfCluGWT/AwAAwAhy9385brH/AQAAoBu5+78St9j/AAAA0I3c/V+NWwbZ//p//f86+v9Tp05drf/X/+//fs70/zfq/yn6/2n6/xn6f/2//l//z6Ja6/9z938tbhlk/wMAAMAIcvd/PW6x/wEAAKAbufu/EbfY/wAAANCN3P3fjFsG2f/6/wb6/xP6f8//1/9vPP9f/78Q/f80/f+MHvv/Exf+7e+6nz+sXb9//b/+n4Na6/9z938rbhlk/wMAAMAIcvd/O26x/wEAAKAbufu/E7fY/wAAANCN3P3fjVsG2f/6/6Pr/2/5ezfK8/9Pbra/f/2//l//r/+/1PT/0/T/M3rs/2+FXffza3//+n/9Pwe11v/n7v9e3LJ/+F1x675LAAAAoCW5+78ftwzy838AAAAYQe7+H8Qt9j8AAAB0I3f/D+OWQfa//r+B5/932P97/v/2z4f+v+n+/zL9fx/0/9P0/zP0//p//f9C/X9+mvX/o2ut/8/d/6O4ZZD9DwAAACPI3f/juMX+BwAAgG7k7v9J3GL/AwAAQDdy998Yt5y1/7e13b3Q/+v/9f/6f/3/9tfX/6+T/n/ahfb/xzeH6/9To/3/+etS/b/+X//v+f8sqrX+P3f/T+MWP/8HAACA1bniPL+fu/9ncYv9DwAAAN3I3f/zuMX+BwAAgG7k7v9F3HLTZbt6S0dK/6//1//r//X/219f/79O+v9pnv8/Q/+/RD9/pf6/j/5/s9H/c3it9f+5+38Zt/j5PwAAAHQjd/+v4hb7HwAAALqRu//XcYv9DwAAAN3I3f+buGWQ/a//1/8fsv/fSzP1/6fp/0/T/2+n/z8a+v9p+v8Z+n/P/9f/e/4/i2qt/8/d/9u4ZZD9DwAAACPI3f+7uMX+BwAAgG7k7v993GL/AwAAQDdy9/8hbhlk/++s/4+/1fr/1ff/nv+v/9f/6/+bov+fpv+fof/X/+v/9f8sqrX+P3f/H+OWQfY/AAAAjCB3/5/iFvsfAAAAupG7/89xi/0PAAAA3cjd/5e4ZZD97/n/+n/9v/5f/7/99fX/66T/n6b/367+oPT/+n/9v/6fRbXW/+fu/2vcMsj+BwAAgBHk7v9b3GL/AwAAQDdy998Ut9j/AAAA0I3c/X+PWwbZ//p//b/+X/+v/9/++vr/ddL/T9tl/3/3282/rOf/77z/z7eg/9f/6/9ZRGv9f+7+f8Qtg+x/AAAAGEHu/n/GLfY/AAAAdCN3/7/iFvsfAAAAupG7/99xyyD7f6b/P15/of5/kv5///vX/2//fOj/9f/6/0tP/z/N8/9n6P89/1//r/9nUa31/7n7/xO3DLL/AQAAYAS5+2+OW+x/AAAA6Ebu/v/GLfY/AAAAdCN3///ilkH2v+f/r6n/v1L/r//X/+v/9f8z9P/T9P8z9P/6f/2//p9Ftdb/5+7/fwAAAP//iq1Ung==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000280), &(0x7f00000002c0)=@v3={0x3000000, [], 0xee01}, 0x18, 0x0)
write$cgroup_int(r0, &(0x7f0000000100), 0x12)

2.089053472s ago: executing program 2 (id=5408):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @private=0xa010102}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x71, &(0x7f0000000500)={r1}, 0x8)

1.979107308s ago: executing program 2 (id=5410):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=@base={0x5, 0x2, 0x5, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x7, r0}, 0x83)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000480)={r0, &(0x7f0000000340), 0x0}, 0x20)

1.802660369s ago: executing program 2 (id=5413):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x0, 0x0, 'dh\x00'}, 0x2c)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r1, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}], 0x1, 0x0)

1.727157234s ago: executing program 1 (id=5414):
r0 = epoll_create1(0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000300))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000))

1.673139092s ago: executing program 4 (id=5415):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000080)={'#! ', '', [], 0xa, "a4b7bdc2"}, 0x8)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, r0, 0x0)
epoll_pwait2(r0, 0x0, 0x0, &(0x7f0000000000)={0x77359400}, 0x0, 0x0)

1.589832434s ago: executing program 2 (id=5417):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f"], 0x28}}, 0x0)

1.533094867s ago: executing program 1 (id=5418):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5f5e0ff}}}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x1003, &(0x7f0000001e40)=""/4099, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

1.473155597s ago: executing program 4 (id=5419):
r0 = io_uring_setup(0x1a98, &(0x7f00000000c0)={0x0, 0x0, 0x40})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000180)=[@ioring_restriction_register_op={0x0, 0x8}], 0x1)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, &(0x7f00000001c0), 0x0)

1.410875229s ago: executing program 1 (id=5420):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3, 0x1c)

1.348986726s ago: executing program 2 (id=5421):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000100)=0x1d2191ed, 0x4)
sendmmsg(r0, &(0x7f0000002b00)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80810, @dev={0xfe, 0x80, '\x00', 0xb}}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)

1.32375209s ago: executing program 0 (id=5422):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fbdbdf253900000008000300", @ANYRES32=r1, @ANYBLOB="1c005a80180001801400030001000078"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20008080)

1.286695804s ago: executing program 5 (id=5423):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000080)={r1, &(0x7f0000000040), 0x20000000}, 0x20)

1.177194206s ago: executing program 4 (id=5424):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
iopl(0x3)
rt_sigaction(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000440))

1.173451201s ago: executing program 2 (id=5425):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000180)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00598f2f223a0a12f76404ad3bd59a04fbd75d1008c039c51a2a013e63af1c9ed7416faa1e2ea98d0f1c7337a5c81920988a4299a77054cdb12285fd7a0e5b43382d962372b73042593a5bd6b7db4a1b3721c62f11018727c29f3a1bd1e554474ea0d1da2a20b205df342a04a34b65e16a23e8e7811a984963073ebcbead85f9e4332bdef4c1ce54a1c6f7a47b75aa95b9e8cb616be40a0000b1309ee426d1803ef09abb9509846c34b9ac0bf109cedbd12c850effda9ae677566159f9c83da7ff6e247e3ac43c0a663c8c83650692e474bac2c047b238601bd5187d6bed82fe2034512ef11b74a98252198c4402bcf3165561157678e9d50831c27d1094a04d8c7607d7164033cda7a8170482"], 0x1, 0x4436, &(0x7f0000004480)="$eJzs3c9PXNUeAPBzL/QV+to+6OtL+pKXvElsolFDoCuVJlJKS6HFmmob42Y6wLRFB6aBwbjoAndNXJm4MC6amrhj1XThtv4JblzWlYsmunBjYtKImZk7wL3MhJEwYOvns+DOPb/he++ZcxeXEycqt+aWcnNLucJCrjxzY+lU7qNyaXm+GOI90rT/A3vXP+3pxHWy39fe39nls+ffuXYqhG9nv3+ytra2Fqq6Q1NDmz7/+sudmc3HhjhTp9pu89Z2y/shhONbxlXVFUJ475sQohDCmSRtNDn2hhCOhHretTufXs/t0mgePC6ezj+duvtw+OTk6r2HrX/3KIQvS/999eb8Ty90Df/w8i51DwAAAAAAAAAAAAAAAADAM278yuWrbw8OhUdR6F6Ntr6vO54cW70fu7Zr/t/5XxYAAAAAAAAAAAAAAAAAAAD+ojbe/89Fx5q8/z+WHEda1F97s/NjpHMm3ro8dm5wKNn/PdqS/1qS9POZrtDfZN/37P7vZzL1m+//vrWfnWqMr9FvX4jigdR5HA8MhPBVsvH7iehQXCovVV65UV5emN21YTyz0vGv796fik6yoX+78R/NtN/5/f//veVqqp5f371L7LmWjn9Xy3JffxK1Ff+zmXp7EX92Lh3/7lpa7+YCI/UJoBr/z7q3j/9Ypv1Oxf9oCCEXVceaS80A1TVMNb3VeoW0dPwP1NJSU2fyh2x1//+Wif+5TPv7Nf+vZL+IaCod/3/U0npSJTbu//54+/v/fKb9/Yh/dfwrvv/bko7/wXpid6pI7S/Z7vw/nmm/U/G/GifjPBqlroDVqJ7e6v/VkZaOf8+W/I3nv7it9d+FTP29ev5r9Nt4/mtM/y9F9ec/mkvHv7dluXbv/4lMvU7P/yO19R87lY7/oVpaeu3cV/vZbvwnM+1n4//jP3dn3LVVSU8j/hvzye8H6+n3rf/ako5/Epx4c4mV2s/a+i/afv1/MdP+fqz/quNfiTvb6/MiHf/D2ez/DCcfqvH/ro3v/0uZBjof/xAGrfV3LB3/Iy3L1e7/nu3jP5Wp1+n4v9jJxgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeAaPJsS9E8UDqPI4HBkI4m5yfCIei6cJsfrpUnvlwKYSxJD0XjkU3S+XpQik/t1CeLeYLpVJ5JoRzSf7x0BMtlcqV/Hzh9vn1tnqjW8XCYmW6WKiEEMaT9P+FI422pucq84XbIYQL63n/isuLt28VFvKzc4tvDA4ODoaJ9TH0R8WPK8WFSr33em4Ik+t1+6JNg6tlX1wfy+Hog/Ly4kKhVEu/tKlOqTxTKG2qM5XkfR76o8ri8sJMoVLMl8o3G/3tp5HkODZx5d0rl4a25F+P6sfRvR0WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH/So+HXvwghdNfP4hDCSOND1Kz8g8fF0/mnU3cfDp+cXL13/0mrcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwB/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYZeOUSIGojAAvxkLY+cxrELS2UYU0cKI4An0GB5Gj+IlvIOFha2FCDoDkp3ANrvV9zUP8hPeg/kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDuXd/P97TBGpOi+DyNeH9/e/+fXZT6ftf8/2MON7M7VzXx+MYzl3dNGflo+fUz5N/36fHqIxqxeFj1Z9ulP3XO0elerb12jbPW+uvc4Uu4jYir5Scq571fXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W2fRtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKwAAAD//2ASIEg=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)
getxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='user.incfs.metadata\x00', 0x0, 0x2)

1.074034627s ago: executing program 1 (id=5426):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000001740)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a055ca683a4b6fc89008f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5907dcff414ed55b0d18a93ee341ab59016f81860324b800c00000000000092d9c5fe3476460a61ffcb3363073fd8962823ee4575d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1fef7dac600"/319], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r1, r0, 0x26, 0x0, 0x0, @void, @value}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@map=r1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

1.068435619s ago: executing program 0 (id=5427):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000006a40)=[{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)="d0f45e2f1a395ea8ff561b793cf03d04641f5f2349065743f895c482c96a3b6c0b675cf563ecbc1521d498fe83cda132b2039652d67f83b48bfb291765c6a83eef07a8a56aee2ee74e8c71510821b32cb477bed54faf193ea0ecb94178f69ec302fe33a5d6b5d9026d1e9ed9da93bd5a4c8b4c3538d05c6e43f8abe4a3d2dbc323cbbd8b71cd7c67303acfa263a3b0f77e770c631e7cf95d37ae7811185d63fa32e49cdac2fce4b49df461af7c5e2c4532f6581dd7510f4b41b1baa331c6b0f34760118dcda679af92e132aba955", 0xce}, {&(0x7f0000000100)="f25211eeea1fad7dee107a0e10e0b6779ee53bc5f78e4bde79270857faf932284a2277d188efad1bdc5feb8ef32393f92d14", 0x32}, {&(0x7f0000000280)="fa16", 0x2}], 0x3, 0x0, 0x0, 0x24000080}], 0x1, 0x800)

1.005177192s ago: executing program 5 (id=5428):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4)
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)

1.004843019s ago: executing program 4 (id=5429):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2010410, &(0x7f0000000040)=ANY=[], 0x3, 0x657, &(0x7f0000000ac0)="$eJzs3c1vHGcdB/DvrB3HG0LqpkkbUKVajQQIi8SO5YK5EBAgHypUlQNnK3EaK5u02C5yK0TN+7WH/gHl4BsnJO6RyoUL3Hr1sRISl14wp0UzO+vXtWPnxbsun080+zyzzzPP/J7fzOzsrhVtgP9bcxMZfpgicxOvr5brG+vTrY316fvdepKzSdaS4SSNJMV/2u32J8nNpNgapthT7vPR4uybn36+8Vlnbbheqv6Nw7Y7mrV6yXiSobp8WuPdeuLxiq0Z3kxytS6h784kae/y87+f77SM7OrY7LX16MkECTxTRee+uc9Ycq6+0Mv3AZ27Yueefaqt9TsAAAAAOAHPbWYzq8WFfscBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp8Xa9u//F/XS6NbHU3R//3+kfi51fbC8crzuD59VHAAAAAAAAABwgl7ZzGZWc6G73i6qv/m/Wq1cqh6/lHeznIUs5VpWM5+VrGQpU0nGdgw0sjq/srI0dYQtb/Tc8sYjAj1bl82nM28AAAAAAAAA+IL5Tea2//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDoEiGOkW1XOrWx9IYTjKaZKTst5b8s1s/zR72OwAAAAB4cs1HdXhuM5tZzYXueruoPvO/WH3uH827eZCVLGYlrSzkdvVdQOdTf2Njfbq1sT59v1z2j/v9fx8rzmrEdL576L3nK1WPZu5ksXrmWm7l7bRyO41qy9KVOp7uqHvi+nUZU/G92hEju12X5cw/rMt9PjjWZA9yzC9TxqqMnNnKyGQdW5mN57tHpvcROubR2bunqTS2gr20Z097JvFYOT9Xl+V8/nBQzvtiVyZGU611z74XD8958vW//vlnd1sP7t29szwxOFM6mqG6bFePzf3nxPSOTLz0Rc7EPpNVJi5vrc/lx/lpJjKeN7KUxfwi81nJQsbzw6o2X5/PxY5L/oBM3dy19sajIhmpz9DOwTpeTK9W217IYn6St3M7C3mt+ncjU/l2ZjKT2R1H+PLhR7i66hsHXPXtL/cM/uo36kp5z/rjUe5dJ6bM6/PdvBbZ9Zo7VrXtfGY7SxePkKVjvjYOf7W+Bst9/LYuB8PeTEztyMQLh2fiT9WUllsP7i3dnX/naLu7+GFdKa+j3w/UXaI8Xy6WB6ta2312lG0v9GybqtoubbU19rVd3mrrXKlrB16pI/V7uP0j3ajaXurZNl21XdnR1uv9FgAD79w3z400/9X8R/Pj5u+ad5uvj/7g7HfOvjySM387893hyaGvNV4u/pKP86vtz/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjW37v/XvzrdbC0q7KWqvdbn/Qs+l0V7o/Z3aCO/3K+eSRnc8PSH6OWSmKo3b+b7vdrp8pBiT4Qyrt2qDE049Kn1+YgGfu+sr9d64vv/f+txbvz7+18NbCg9mZmdnJ2ZnXpq/fWWwtTHYe92412p9ggadq+6bf70gAAAAAAAAAAACAozqJ/07Q7zkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9vcRIYfpsjU5LXJcn1jfbpVLt36ds/hJI0kxS+T4pPkZjpLxnYMVxy0n48WZ9/89PONz7bHGu72b/TY7kfHm8VavWQ8yVBdPoFd493qBvvYiq0Zlgm72k0c9Nv/AgAA//+08g5/")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f0000000640)='./bus\x00', 0x0)
unlink(&(0x7f0000000140)='./file1\x00')

859.923048ms ago: executing program 0 (id=5430):
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r1, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0x100a, &(0x7f0000005480)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

851.84689ms ago: executing program 3 (id=5431):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000d80)=@newlink={0x84, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x40140}, [@IFLA_VFINFO_LIST={0x64, 0x16, 0x0, 0x1, [{0x60, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x118, {0x7, 0x2be, 0x0, 0x88a8}}]}, @IFLA_VF_MAC={0x28, 0x1, {0x3ff, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}}, @IFLA_VF_VLAN={0x10, 0x2, {0x76147e0e, 0x950, 0xffffffff}}, @IFLA_VF_TX_RATE={0xffffff7b, 0x3, {0x7, 0xcd}}]}]}]}, 0x84}}, 0x4000000)

809.367371ms ago: executing program 5 (id=5432):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002140)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="2400238008000b00000000000600160000f6000008001a000300000005001f"], 0x40}}, 0x0)

780.535448ms ago: executing program 1 (id=5433):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000040)=0x4, 0x4)
recvmsg(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

645.248842ms ago: executing program 0 (id=5434):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}]}]}], {0x14}}, 0xc8}}, 0x0)

548.558263ms ago: executing program 4 (id=5435):
r0 = syz_io_uring_setup(0x25f9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000580)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_SHUTDOWN={0x22, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r3}})
io_uring_enter(r0, 0x5113, 0x0, 0x0, 0x0, 0x0)

548.220303ms ago: executing program 5 (id=5436):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/ptype\x00')
read$FUSE(r0, &(0x7f0000004fc0)={0x2020}, 0x2020)
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/95, 0x5f}], 0x1, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002f80)={0x2020}, 0x2020)

547.925924ms ago: executing program 1 (id=5437):
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002002000000004000100080004"], 0x44}}, 0x0)

317.224378ms ago: executing program 5 (id=5438):
capset(&(0x7f0000a31000)={0x20071026}, &(0x7f0000000040))
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000200), 0x1, 0x545, &(0x7f0000000bc0)="$eJzs3c9rHOUbAPBnNkl/pd8mXxT8cQootFC7aZqqFQTr3WJBPddlsw0lm0zJbkoTCrUHz3qoJ0+exZNnQfwfPCh48iK1RYpQvUVmM5tuk910m26y1fl8YLbvO+9s33l25nl5Z2eWBFBYU9lLKeKliPg8iZjoaBuNvHFqY7sH929U/7p/o5rE+voHfySR5Ova2yf5v+N55cWI+OHTiJOl7f02VtcWKvV6bTmvTzcXr043VtdOXVmszNfma0uz52ZfPzszc+bsuYHFWr5ZOXT3i/fv3l7+9dRHnz04nsT5OJq3dcYxKFMxlX8mY3F+S9vMoDsbsmTYO8CujOR5PhbZGDARI3nWA/99NyNiHSioRP5DQbXnAdn1b3sZ7oxkf917d+MCaHv8oxvfjcTEenZtdOTP5JEro+x6d3IA/Wd9nD958fdsiT36HgKgm09uRcTp0dHt41+Sj3+7d7qPbbb2YfyD/fN9Nv95rdv8p5Tn5qHW69b5z3iX3N2Nx+d/6c4Auukpm/+93XX+u3nTanIkr/2vNecbSy5fqdeyse1YRJyIsYNZfaf7OT8dfmuiV1vn/C9bsv7bc8F8P+6MHnz0PXOVZuVpYu5071bEy13nv8nm8U+6HP/s87jYZx/Hnnvj515tj49/b61/FXG86/F/eEcr2fn+5HTrfJhunxXbzY6svdCr/2HHnx3/IzvHP5l03q9tPHkfr34z/mOvtt2e/weSD1vlA/m665Vmc3km4kDy3vb1Zx6+t11vb5/Ff+KVnce/buf/4Yj4uM/4v5v9+pfdx7+3svjnnuj4P3nhy/Tbd3r139/xP9sqncjX9DP+9buDT/PZAQAAAAAAwLOmFBFHIymVN8ulUrm88XzH83GkVE8bzZOX05WluWj9VnYyxkrtO90THc9DzOTPw7brZ7bUZyPi/xFxe+Rwq16upvW5YQcPAAAAAAAAAAAAAAAAAAAAz4jxHr//z/w2Muy9A/acP/kNxSX/objkPxSX/Ifikv9QXPIfikv+Q3HJfygu+Q/FJf8BAAAAAAAAAAAAAAAAAAAAAAAAAABgoC5euJAt63/fv1HN6nPXVlcW0mun5mqNhfLiSrVcTZevlufTdL5eK1fTxcf9f/U0vfpmLK1cn27WGs3pxurapcV0Zal56cpiZb52qTa2L1EBAAAAAAAAAAAAAAAAAADAv0tjdW2hUq/XlhUUFBQ2C8MemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgoX8CAAD//z8IGNY=")
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0)

316.861185ms ago: executing program 0 (id=5439):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x2}, 0x3a)
listen(r0, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0)

194.727754ms ago: executing program 4 (id=5440):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000440)=[@in={0x2, 0x4e20, @empty}], 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0xfffd}, 0x90)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)

78.165512ms ago: executing program 0 (id=5441):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x82, &(0x7f0000000840), 0x8)

0s ago: executing program 5 (id=5442):
r0 = syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000740), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000080)=0x2)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f00000000c0)={{r1}, 0x2, 0x0, 0x0, 0x8})

kernel console output (not intermixed with test programs):

r 'HID 056a:0028'. Assuming pen.
[  418.010819][   T25] wacom 0003:056A:0028.005B: hidraw0: USB HID v0.00 Device [HID 056a:0028] on usb-dummy_hcd.2-1/input0
[  418.061227][   T25] input: Wacom Intuos5 touch L Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0028.005B/input/input42
[  418.081326][T15770] can0: slcan on ttyS3.
[  418.181010][   T25] usb 3-1: USB disconnect, device number 39
[  418.234541][T15776] can0 (unregistered): slcan off ttyS3.
[  418.256201][T15776] Falling back ldisc for ttyS3.
[  418.505861][T15788] vxcan1: tx address claim with dlc 1
[  418.595992][T15784] loop4: detected capacity change from 0 to 4096
[  418.658357][T15791] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  418.729613][T15775] loop3: detected capacity change from 0 to 32768
[  418.753477][T15784] NILFS (loop4): bad btree node (ino=3, blocknr=41): level = 31, flags = 0xe0, nchildren = 0
[  418.779298][T15775] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4048 (15775)
[  418.813787][T15784] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=3)
[  418.857674][T15775] BTRFS info (device loop3): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  418.890828][T15775] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  418.904381][T15784] Remounting filesystem read-only
[  418.932861][T15775] BTRFS info (device loop3): using free-space-tree
[  419.332721][T15826] binder_alloc: binder_alloc_mmap_handler: 15825 20ffd000-20fff000 already mapped failed -16
[  419.369032][T14413] BTRFS info (device loop3): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  420.217166][T15851] loop3: detected capacity change from 0 to 512
[  420.264959][T15851] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.4073: corrupted in-inode xattr: invalid ea_ino
[  420.284194][T15851] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.4073: couldn't read orphan inode 15 (err -117)
[  420.403069][T15851] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.540021][T15851] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.4073: invalid indirect mapped block 234881024 (level 0)
[  420.584368][T15813] loop4: detected capacity change from 0 to 40427
[  420.607371][T15861] loop2: detected capacity change from 0 to 256
[  420.627244][T15813] F2FS-fs (loop4): invalid crc value
[  420.645472][T15813] F2FS-fs (loop4): Found nat_bits in checkpoint
[  420.726547][T15866] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4078'.
[  420.762133][T15861] FAT-fs (loop2): Directory bread(block 64) failed
[  420.769044][T15861] FAT-fs (loop2): Directory bread(block 65) failed
[  420.798302][T15861] FAT-fs (loop2): Directory bread(block 66) failed
[  420.812945][T15861] FAT-fs (loop2): Directory bread(block 67) failed
[  420.813279][T15813] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  420.829210][T14413] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  420.860801][T15861] FAT-fs (loop2): Directory bread(block 68) failed
[  420.867409][T15861] FAT-fs (loop2): Directory bread(block 69) failed
[  420.894606][T15861] FAT-fs (loop2): Directory bread(block 70) failed
[  420.910109][T15861] FAT-fs (loop2): Directory bread(block 71) failed
[  420.932564][T15861] FAT-fs (loop2): Directory bread(block 72) failed
[  420.939269][T15861] FAT-fs (loop2): Directory bread(block 73) failed
[  420.997802][ T5243] syz-executor: attempt to access beyond end of device
[  420.997802][ T5243] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  421.034145][ T5243] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  421.106037][T15861] Process accounting resumed
[  421.123412][T15861] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 899)
[  421.155818][T15861] FAT-fs (loop2): Filesystem has been set read-only
[  421.265319][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  421.331081][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  421.411182][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  421.790550][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  421.960158][T15899] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  422.024338][   T29] kauditd_printk_skb: 14 callbacks suppressed
[  422.024362][   T29] audit: type=1326 audit(2134217870.784:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15901 comm="syz.1.4095" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x0
[  422.800758][    T8] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  422.980711][    T8] usb 5-1: Using ep0 maxpacket: 8
[  423.007678][    T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=0217, bcdDevice=cf.dc
[  423.016195][T15912] loop3: detected capacity change from 0 to 32768
[  423.032724][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.065067][    T8] usb 5-1: config 0 descriptor??
[  423.077533][T15912] XFS (loop3): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  423.083661][    T8] appletouch 5-1:0.0: Could not find int-in endpoint
[  423.110366][    T8] appletouch 5-1:0.0: probe with driver appletouch failed with error -5
[  423.140799][    T8] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  423.181913][T15912] XFS (loop3): Starting recovery (logdev: internal)
[  423.239009][T15912] XFS (loop3): Ending recovery (logdev: internal)
[  423.331097][    T8] usb 5-1: USB disconnect, device number 34
[  423.367825][T15965] loop0: detected capacity change from 0 to 64
[  423.392988][T14413] XFS (loop3): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  423.955623][T15978] loop4: detected capacity change from 0 to 512
[  424.002977][T15978] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  424.076972][T15982] loop5: detected capacity change from 0 to 256
[  424.097950][T15978] EXT4-fs (loop4): 1 truncate cleaned up
[  424.107133][T15978] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.177552][T15982] exFAT-fs (loop5): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  424.537649][ T5243] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.705722][   T29] audit: type=1326 audit(2134217873.464:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  424.739928][T16000] loop4: detected capacity change from 0 to 512
[  424.768443][T16000] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  424.786152][   T29] audit: type=1326 audit(2134217873.464:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  424.859874][T16000] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.4133: invalid block
[  424.883987][   T29] audit: type=1326 audit(2134217873.494:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  424.885760][T16000] EXT4-fs (loop4): Remounting filesystem read-only
[  424.925051][T16000] EXT4-fs (loop4): 2 truncates cleaned up
[  424.936642][T16000] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  424.990096][   T29] audit: type=1326 audit(2134217873.494:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  425.014832][   T29] audit: type=1326 audit(2134217873.504:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  425.016878][ T5243] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.041335][   T29] audit: type=1326 audit(2134217873.504:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  425.070090][   T29] audit: type=1326 audit(2134217873.504:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  425.096322][T15990] loop3: detected capacity change from 0 to 32768
[  425.151965][   T29] audit: type=1326 audit(2134217873.504:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  425.226326][T15990] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  425.243996][   T29] audit: type=1326 audit(2134217873.504:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.4134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46fe17def9 code=0x7ffc0000
[  425.361842][T15990] XFS (loop3): Ending clean mount
[  425.384484][T15990] XFS (loop3): Quotacheck needed: Please wait.
[  425.488727][T16023] loop5: detected capacity change from 0 to 4096
[  425.542564][T16023] EXT4-fs: Ignoring removed oldalloc option
[  425.550665][T15990] XFS (loop3): Quotacheck: Done.
[  425.551164][T16023] EXT4-fs (loop5): Test dummy encryption mode enabled
[  425.648084][T16030] loop4: detected capacity change from 0 to 4096
[  425.681620][T16023] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  425.759636][T14413] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  425.767804][T16037] loop2: detected capacity change from 0 to 4096
[  425.790665][T16039] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  425.809891][T16037] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  425.879984][T16037] fs-verity: sha512 using implementation "sha512-avx2"
[  425.890188][T16037] fs-verity (loop2, inode 13): Unsupported log_blocksize: 13
[  425.959349][ T5224] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.973037][ T6874] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.539422][T16072] loop0: detected capacity change from 0 to 2048
[  426.569907][T16072] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.4162: bad orphan inode 8192
[  426.590734][    T8] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  426.593233][T16072] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  426.601371][T16076] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  426.723303][T11335] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.788191][    T8] usb 6-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  426.800675][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.808703][    T8] usb 6-1: Product: syz
[  426.833211][    T8] usb 6-1: Manufacturer: syz
[  426.837956][    T8] usb 6-1: SerialNumber: syz
[  426.862703][    T8] usb 6-1: config 0 descriptor??
[  426.877817][    T8] gspca_main: sq905c-2.14.0 probing 2770:9052
[  427.295077][T16100] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  427.318250][T16100] batadv_slave_1: entered promiscuous mode
[  427.340832][T16100] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4173'.
[  427.419630][T16103] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  427.493925][    T8] gspca_sq905c: sq905c_command: usb_control_msg failed (-71)
[  427.521870][    T8] sq905c 6-1:0.0: probe with driver sq905c failed with error -71
[  427.548251][    T8] usb 6-1: USB disconnect, device number 30
[  428.050749][   T25] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  428.061174][T16135] loop4: detected capacity change from 0 to 512
[  428.109568][T16135] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  428.152931][T16135] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec018, mo2=0002]
[  428.170576][T16135] System zones: 1-12
[  428.186448][T16135] EXT4-fs (loop4): 1 truncate cleaned up
[  428.201434][T16135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  428.230071][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  428.297088][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  428.312812][T16123] loop0: detected capacity change from 0 to 32768
[  428.328932][   T25] usb 4-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00
[  428.347621][T16123] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4183 (16123)
[  428.358900][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.376557][ T5243] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.398836][   T25] usb 4-1: config 0 descriptor??
[  428.431562][T16123] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  428.452966][T16123] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[  428.480589][T16123] BTRFS info (device loop0): using free-space-tree
[  428.736752][T11335] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  428.818898][   T25] wacom 0003:056A:032B.005C: unknown main item tag 0x0
[  428.842758][T16133] loop2: detected capacity change from 0 to 40427
[  428.870584][   T25] wacom 0003:056A:032B.005C: unknown main item tag 0x0
[  428.886202][   T25] wacom 0003:056A:032B.005C: hidraw0: USB HID v0.00 Device [HID 056a:032b] on usb-dummy_hcd.3-1/input0
[  428.949039][T16133] F2FS-fs (loop2): Found nat_bits in checkpoint
[  429.060971][  T933] usb 4-1: USB disconnect, device number 31
[  429.124018][T16133] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  429.326158][ T5224] syz-executor: attempt to access beyond end of device
[  429.326158][ T5224] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  429.362102][ T5224] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  429.682364][T16185] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4203'.
[  429.797017][T16184] loop0: detected capacity change from 0 to 4096
[  429.807479][T16187] loop3: detected capacity change from 0 to 8
[  429.832941][T16184] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512).
[  429.908256][T16184] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  430.326083][T16202] xt_CT: You must specify a L4 protocol and not use inversions on it
[  430.631790][T16216] netlink: 'syz.0.4217': attribute type 1 has an invalid length.
[  430.658820][T16216] netlink: 9324 bytes leftover after parsing attributes in process `syz.0.4217'.
[  430.678363][T16216] netlink: 'syz.0.4217': attribute type 1 has an invalid length.
[  430.688199][T16216] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4217'.
[  430.835997][T16189] loop4: detected capacity change from 0 to 32768
[  430.912134][   T29] audit: type=1400 audit(2134217879.674:149): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457C51CCA93031D371D06D2E59E880583300E11E8 pid=16220 comm="syz.3.4219"
[  430.937296][    C1] vkms_vblank_simulate: vblank timer overrun
[  430.964014][T16189] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  431.152303][T16238] pim6reg0: tun_chr_ioctl cmd 1074025677
[  431.177354][T16238] pim6reg0: linktype set to 1
[  431.184686][T16189] XFS (loop4): Ending clean mount
[  431.345669][ T5243] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  431.656371][T16250] loop3: detected capacity change from 0 to 128
[  431.756854][T16250] VFS: Found a Xenix FS (block size = 512) on device loop3
[  431.845643][T16225] loop2: detected capacity change from 0 to 32768
[  431.858782][T16225] XFS: noikeep mount option is deprecated.
[  431.886671][T16250] sysv_free_block: trying to free block not in datazone
[  431.902949][T16253] sysv_count_free_blocks: free block count was -2041545933, correcting to 5
[  431.983164][T16225] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  432.108776][T16225] XFS (loop2): Ending clean mount
[  432.140240][T16264] netlink: 60 bytes leftover after parsing attributes in process `syz.5.4231'.
[  432.150366][T16225] XFS (loop2): Quotacheck needed: Please wait.
[  432.172517][T16253] sysv_count_free_inodes: unable to read inode table
[  432.258035][T16225] XFS (loop2): Quotacheck: Done.
[  432.259863][T14413] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  432.384334][ T5224] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  432.790857][T16281] netlink: 'syz.1.4239': attribute type 1 has an invalid length.
[  432.806122][T16281] netlink: 9372 bytes leftover after parsing attributes in process `syz.1.4239'.
[  432.817508][T16281] netlink: 'syz.1.4239': attribute type 1 has an invalid length.
[  432.933875][T16283] loop2: detected capacity change from 0 to 8192
[  433.195274][T16298] binder: 16297:16298 ioctl 40046205 0 returned -22
[  433.246168][T16300] program syz.2.4247 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  433.386475][T16306] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4249'.
[  433.701213][T16293] loop4: detected capacity change from 0 to 32768
[  433.752524][T16293] jfs_lookup: iget failed on inum 5
[  433.770108][T16293] jfs_lookup: iget failed on inum 5
[  434.470128][   T29] audit: type=1326 audit(2134217883.224:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  434.556782][   T29] audit: type=1326 audit(2134217883.224:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  434.639980][   T29] audit: type=1326 audit(2134217883.224:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  434.717779][   T29] audit: type=1326 audit(2134217883.224:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  434.795209][   T29] audit: type=1326 audit(2134217883.224:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  434.856880][T16368] binder: BC_ACQUIRE_RESULT not supported
[  434.863812][T16367] loop5: detected capacity change from 0 to 1024
[  434.881341][T16368] binder: 16366:16368 ioctl c0306201 20000480 returned -22
[  434.882695][   T29] audit: type=1326 audit(2134217883.254:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  434.918500][T16367] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  434.940150][   T29] audit: type=1326 audit(2134217883.254:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  434.995439][   T29] audit: type=1326 audit(2134217883.254:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0ce6574ea7 code=0x7ffc0000
[  435.028588][   T29] audit: type=1326 audit(2134217883.274:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16353 comm="syz.1.4273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ce6519869 code=0x7ffc0000
[  435.143982][T16371] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  435.268655][T16379] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  435.275246][T16379] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  435.315217][T16379] vhci_hcd vhci_hcd.0: Device attached
[  435.358579][T16386] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(6)
[  435.365245][T16386] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  435.397968][T16386] vhci_hcd vhci_hcd.0: Device attached
[  435.425268][T16379] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(5)
[  435.431841][T16379] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  435.491200][ T1783] vhci_hcd: vhci_device speed not set
[  435.509579][T16386] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(8)
[  435.516161][T16386] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  435.538978][T16379] vhci_hcd vhci_hcd.0: Device attached
[  435.551187][T16386] vhci_hcd vhci_hcd.0: Device attached
[  435.567831][ T1783] usb 13-1: new full-speed USB device number 2 using vhci_hcd
[  435.588431][T16397] vhci_hcd: connection closed
[  435.589188][   T12] vhci_hcd: stop threads
[  435.599342][T16380] vhci_hcd: connection closed
[  435.599395][T16392] vhci_hcd: connection closed
[  435.601173][T16388] vhci_hcd: connection closed
[  435.610024][T16381] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  435.621514][   T12] vhci_hcd: release socket
[  435.655059][   T12] vhci_hcd: disconnect device
[  435.681069][   T12] vhci_hcd: stop threads
[  435.685375][   T12] vhci_hcd: release socket
[  435.689887][   T12] vhci_hcd: disconnect device
[  435.695360][   T12] vhci_hcd: stop threads
[  435.704567][   T12] vhci_hcd: release socket
[  435.709697][   T12] vhci_hcd: disconnect device
[  435.715138][   T12] vhci_hcd: stop threads
[  435.719399][   T12] vhci_hcd: release socket
[  435.726474][   T12] vhci_hcd: disconnect device
[  435.861085][T16409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4295'.
[  435.997445][T16415] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4297'.
[  436.391880][T16429] netlink: 'syz.4.4304': attribute type 1 has an invalid length.
[  436.429078][T16429] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4304'.
[  437.120078][T16454] loop2: detected capacity change from 0 to 512
[  437.141874][T16425] loop3: detected capacity change from 0 to 32768
[  437.151127][T16425] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4301 (16425)
[  437.164075][T16454] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  437.191159][ T5310] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  437.196904][T16425] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  437.217070][T16454] EXT4-fs (loop2): 1 truncate cleaned up
[  437.225254][T16454] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  437.255029][T16425] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[  437.295215][T16425] BTRFS info (device loop3): using free-space-tree
[  437.316198][ T5224] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.350459][ T5310] usb 2-1: Using ep0 maxpacket: 16
[  437.364846][ T5310] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  437.404161][ T5310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  437.433158][ T5310] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  437.451297][ T5310] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.479840][ T5310] usb 2-1: Product: syz
[  437.489988][ T5310] usb 2-1: Manufacturer: syz
[  437.500133][ T5310] usb 2-1: SerialNumber: syz
[  437.515255][ T5310] usb 2-1: config 0 descriptor??
[  437.531665][ T5310] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  437.541515][ T5310] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  437.753554][T14413] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  437.780700][ T5288] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  437.964230][ T5288] usb 3-1: Using ep0 maxpacket: 32
[  437.993227][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  438.020535][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  438.024617][T16485] mkiss: ax0: crc mode is auto.
[  438.042335][ T5288] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  438.080510][ T5288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.127979][ T5288] usb 3-1: config 0 descriptor??
[  438.154426][ T5288] hub 3-1:0.0: USB hub found
[  438.170119][ T5310] em28xx 2-1:0.0: chip ID is em2800
[  438.283305][T16496] program syz.3.4319 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  438.370896][ T5288] hub 3-1:0.0: 1 port detected
[  438.392345][ T5310] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  438.422978][ T5310] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  438.449960][ T5310] em28xx 2-1:0.0: No AC97 audio processor
[  438.478330][ T5310] usb 2-1: USB disconnect, device number 33
[  438.491542][ T5310] em28xx 2-1:0.0: Disconnecting em28xx
[  438.506462][T16504] loop3: detected capacity change from 0 to 64
[  438.533588][ T5310] em28xx 2-1:0.0: Freeing device
[  438.771694][ T5288] usb 3-1: USB disconnect, device number 40
[  439.387580][ T5288] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  439.492560][ T1252] ieee802154 phy0 wpan0: encryption failed: -22
[  439.493135][T16514] loop4: detected capacity change from 0 to 40427
[  439.498901][ T1252] ieee802154 phy1 wpan1: encryption failed: -22
[  439.537335][T16514] F2FS-fs (loop4): invalid crc value
[  439.549489][T16514] F2FS-fs (loop4): Found nat_bits in checkpoint
[  439.570740][ T5288] usb 6-1: Using ep0 maxpacket: 16
[  439.600617][ T5288] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  439.609377][ T5288] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  439.659921][ T5288] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  439.693912][ T5288] usb 6-1: config 1 has no interface number 1
[  439.710941][ T5288] usb 6-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  439.741991][ T5288] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  439.775480][ T5288] usb 6-1: config 1 interface 2 has no altsetting 0
[  439.776200][T16514] F2FS-fs (loop4): Start checkpoint disabled!
[  439.804990][ T5288] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  439.829917][T16514] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  439.830445][ T5288] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.889129][ T5288] usb 6-1: Product: syz
[  439.909118][ T5288] usb 6-1: Manufacturer: syz
[  439.923362][ T5288] usb 6-1: SerialNumber: syz
[  440.164030][ T5288] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  440.169195][   T11] kworker/u8:0: attempt to access beyond end of device
[  440.169195][   T11] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  440.184366][ T5288] usb 6-1: 2:1 : format type 39 is not supported yet
[  440.214425][ T5288] usb 6-1: selecting invalid altsetting 0
[  440.227879][   T11] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  440.250185][   T11] kworker/u8:0: attempt to access beyond end of device
[  440.250185][   T11] loop4: rw=2049, sector=40976, nr_sectors = 8 limit=40427
[  440.261663][ T5288] usb 6-1: USB disconnect, device number 31
[  440.285897][   T11] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  440.571517][T16572] bond0: option miimon: invalid value (18446744073072082944)
[  440.586371][T16572] bond0: option miimon: allowed values 0 - 2147483647
[  440.714864][T16575] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4361'.
[  440.781645][ T1783] vhci_hcd: vhci_device speed not set
[  440.810205][T16578] loop5: detected capacity change from 0 to 8
[  440.939081][T16582] vlan2: entered promiscuous mode
[  440.974318][T16582] mac80211_hwsim hwsim12 wlan0: entered promiscuous mode
[  441.040063][T16582] mac80211_hwsim hwsim12 wlan0: left promiscuous mode
[  441.117076][T16559] loop2: detected capacity change from 0 to 40427
[  441.138869][T16559] F2FS-fs (loop2): invalid crc value
[  441.154846][T16559] F2FS-fs (loop2): Found nat_bits in checkpoint
[  441.284802][T16559] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  441.334428][T16597] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4367'.
[  441.400332][T16603] loop4: detected capacity change from 0 to 256
[  441.468195][T16603] vfat: Unknown parameter ''
[  441.523673][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  441.523694][   T29] audit: type=1326 audit(2134217890.284:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16606 comm="syz.0.4376" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffa94b7def9 code=0x0
[  441.590012][T16603] loop4: detected capacity change from 0 to 1024
[  441.631511][T16603] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  441.649301][T16603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  441.678552][T16610] loop3: detected capacity change from 0 to 4096
[  441.758707][T16603] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  441.781522][T16610] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  441.999221][ T5243] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  442.085888][T14413] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  443.037119][T16659] netlink: 'syz.3.4394': attribute type 1 has an invalid length.
[  443.055437][T16659] netlink: 9372 bytes leftover after parsing attributes in process `syz.3.4394'.
[  443.087660][T16659] netlink: 'syz.3.4394': attribute type 1 has an invalid length.
[  443.586668][T16674] netlink: 'syz.0.4400': attribute type 1 has an invalid length.
[  443.617235][T16676] loop5: detected capacity change from 0 to 512
[  443.621150][T16674] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4400'.
[  443.637830][T16653] loop2: detected capacity change from 0 to 40427
[  443.649237][T16676] EXT4-fs: Ignoring removed mblk_io_submit option
[  443.689693][T16653] F2FS-fs (loop2): Found nat_bits in checkpoint
[  443.699117][T16676] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  443.747147][T16676] EXT4-fs (loop5): 1 truncate cleaned up
[  443.768663][T16676] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  443.828958][T16653] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  443.956265][ T6874] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.085883][ T5224] syz-executor: attempt to access beyond end of device
[  444.085883][ T5224] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  444.132711][ T5224] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  445.140688][T16696] loop3: detected capacity change from 0 to 32768
[  445.332748][T16703] loop4: detected capacity change from 0 to 32768
[  445.346465][T16696] XFS (loop3): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  445.416217][T16703] ERROR: (device loop4): dtSearch: DT_GETPAGE: dtree page corrupt
[  445.416217][T16703] 
[  445.453303][T16703] ERROR: (device loop4): remounting filesystem as read-only
[  445.462363][T16703] jfs_lookup: dtSearch returned -5
[  445.541383][T16703] ERROR: (device loop4): dtReadFirst: DT_GETPAGE: dtree page corrupt
[  445.541383][T16703] 
[  445.751067][T16696] XFS (loop3): Ending clean mount
[  445.782753][   T29] audit: type=1800 audit(2134217894.544:190): pid=16696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4409" name="file1" dev="loop3" ino=6150 res=0 errno=0
[  445.817918][T16727] loop5: detected capacity change from 0 to 1024
[  445.834219][ T5291] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  445.868282][T16727] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  445.937909][  T933] XFS (loop3): Metadata CRC error detected at xfs_rmapbt_read_verify+0x41/0xd0, xfs_rmapbt block 0x14 
[  445.964166][  T933] XFS (loop3): Unmount and run xfs_repair
[  445.983440][  T933] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  446.013531][ T5291] usb 2-1: config 0 interface 0 has no altsetting 0
[  446.025965][ T5291] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  446.036778][  T933] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  446.063136][  T933] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 10  ................
[  446.073494][ T5291] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.101804][  T933] 00000020: ed 37 bf 6e 74 ea 4e 01 af ba 5f ee 27 4b 0f 3a  .7.nt.N..._.'K.:
[  446.113855][ T5291] usb 2-1: config 0 descriptor??
[  446.141002][  T933] 00000030: 00 00 00 00 05 1b 0d e2 00 00 00 00 00 00 00 01  ................
[  446.162494][  T933] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  446.172856][  T933] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  446.219436][  T933] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  446.251860][  T933] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  446.284844][T16696] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x14 len 4 error 74
[  446.383079][T16696] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  446.410146][T16713] loop2: detected capacity change from 0 to 32768
[  446.435324][T16696] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  446.435965][T16713] XFS: ikeep mount option is deprecated.
[  446.550977][T16713] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  446.561417][T14413] XFS (loop3): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  446.835334][T16748] loop4: detected capacity change from 0 to 1024
[  446.878035][T16713] XFS (loop2): Ending clean mount
[  446.957510][ T5291] video4linux radio32: keene_cmd_main failed (-71)
[  446.971914][ T5291] radio-keene 2-1:0.0: V4L2 device registered as radio32
[  446.981847][T16713] XFS (loop2): Quotacheck needed: Please wait.
[  447.001482][ T5291] usb 2-1: USB disconnect, device number 34
[  447.096395][T16713] XFS (loop2): Quotacheck: Done.
[  447.127118][T16713] XFS (loop2): User initiated shutdown received.
[  447.133860][T16713] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0xe2/0x160 (fs/xfs/xfs_fsops.c:457).  Shutting down filesystem.
[  447.191819][T16713] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  447.212863][T16755] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  447.296577][ T5224] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  447.318084][T16758] sp0: Synchronizing with TNC
[  447.597274][T16765] loop3: detected capacity change from 0 to 4096
[  447.634126][T16765] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  447.722655][T16769] loop5: detected capacity change from 0 to 512
[  447.744142][T16769] EXT4-fs: Ignoring removed nobh option
[  447.802252][T16769] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  447.826908][T16765] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  447.852523][T16769] ext4 filesystem being mounted at /622/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  448.115649][T16767] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.4435: bg 0: block 224: padding at end of block bitmap is not set
[  448.220794][T16767] EXT4-fs (loop5): Remounting filesystem read-only
[  448.320202][ T6874] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.441005][   T25] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  448.513474][T16798] binder: 16797:16798 ioctl c00c620f 20000340 returned -22
[  448.640931][   T25] usb 2-1: Using ep0 maxpacket: 8
[  448.671141][   T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.711009][   T25] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x49, changing to 0x9
[  448.757168][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  448.791095][   T25] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 0
[  448.832814][   T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  448.880149][   T25] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=e2.d0
[  448.910458][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.919027][   T25] usb 2-1: Product: syz
[  448.961154][   T25] usb 2-1: Manufacturer: syz
[  448.965829][   T25] usb 2-1: SerialNumber: syz
[  449.011822][   T25] usb 2-1: config 0 descriptor??
[  449.260207][   T25] usb 2-1: probing VID:PID(0424:012C)   
[  449.268488][   T25] usb 2-1: vub300 testing BULK OUT EndPoint(0) 09
[  449.300928][   T25] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs
[  449.391519][   T25] vub300 2-1:0.0: probe with driver vub300 failed with error -22
[  449.440297][   T25] usb 2-1: USB disconnect, device number 35
[  449.691013][T16801] loop2: detected capacity change from 0 to 32768
[  449.744430][T16801] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  449.858896][T16794] loop3: detected capacity change from 0 to 40427
[  449.870568][T16794] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  449.878463][T16794] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  449.900311][T16794] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1fffff
[  449.960696][T16794] F2FS-fs (loop3): invalid crc value
[  450.004795][T16801] XFS (loop2): Ending clean mount
[  450.011948][T16794] F2FS-fs (loop3): Found nat_bits in checkpoint
[  450.045527][T16801] XFS (loop2): Quotacheck needed: Please wait.
[  450.123165][T16804] loop5: detected capacity change from 0 to 32768
[  450.168362][T16804] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.4449 (16804)
[  450.174663][T16801] XFS (loop2): Quotacheck: Done.
[  450.286734][T16804] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  450.306410][ T5224] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  450.321907][T16794] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  450.324862][T16804] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  450.329716][T16794] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  450.346454][T16804] BTRFS info (device loop5): using free-space-tree
[  450.435086][T16841] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.518255][T16794] syz.3.4444: attempt to access beyond end of device
[  450.518255][T16794] loop3: rw=2049, sector=53248, nr_sectors = 128 limit=40427
[  450.766620][T14413] syz-executor: attempt to access beyond end of device
[  450.766620][T14413] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  450.830884][T14413] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  451.040145][T16862] loop2: detected capacity change from 0 to 512
[  451.061701][T16862] EXT4-fs: Ignoring removed mblk_io_submit option
[  451.089246][T16862] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  451.148093][T16862] EXT4-fs (loop2): 1 truncate cleaned up
[  451.170100][T16862] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  451.185620][T16865] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4466'.
[  451.257571][ T6874] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  451.366366][ T5224] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.536355][T16869] cifs: Unknown parameter 'mpol'
[  452.881648][T16900] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4481'.
[  453.031770][T16907] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4483'.
[  453.322133][ T1783] kernel write not supported for file /amidi2 (pid: 1783 comm: kworker/1:2)
[  453.518206][T16920] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  453.643259][T16923] loop5: detected capacity change from 0 to 512
[  453.708202][T16923] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  453.775232][T16923] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended
[  453.841929][T16923] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.4491: bg 0: block 18: invalid block bitmap
[  453.872269][T16923] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  453.892402][T16923] EXT4-fs (loop5): 1 truncate cleaned up
[  453.900765][ T5291] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  453.922331][T16923] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  453.936195][T16923] ext2 filesystem being mounted at /630/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  453.975242][T16923] EXT4-fs error (device loop5): ext4_map_blocks:609: inode #2: block 3: comm syz.5.4491: lblock 0 mapped to illegal pblock 3 (length 1)
[  454.052490][T16940] syz.0.4499[16940] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  454.052779][T16940] syz.0.4499[16940] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  454.093255][ T5291] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  454.115456][T16941] loop3: detected capacity change from 0 to 1024
[  454.121461][T16944] netlink: 'syz.2.4500': attribute type 14 has an invalid length.
[  454.154023][T16941] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  454.167950][ T5291] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.207860][ T6874] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  454.257754][T16941] fscrypt (loop3, inode 18): Unsupported encryption flags (0x10)
[  454.268309][ T5291] usb 2-1: config 0 descriptor??
[  454.281107][T16948] netlink: 'syz.2.4504': attribute type 1 has an invalid length.
[  454.322948][ T5291] cp210x 2-1:0.0: cp210x converter detected
[  454.432890][T14413] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  454.459679][T16954] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4502'.
[  454.862082][T16961] loop2: detected capacity change from 0 to 2048
[  454.954785][T16964] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  454.975226][ T5291] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  454.998096][ T5291] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  455.019596][ T5291] usb 2-1: cp210x converter now attached to ttyUSB0
[  455.050852][ T5291] usb 2-1: USB disconnect, device number 36
[  455.077557][ T5291] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  455.161169][ T5291] cp210x 2-1:0.0: device disconnected
[  455.279142][T16945] loop4: detected capacity change from 0 to 32768
[  455.354991][T16945] JBD2: Ignoring recovery information on journal
[  455.366252][T16974] loop2: detected capacity change from 0 to 4096
[  455.382605][T16977] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4515'.
[  455.461439][T16945] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  455.637868][T16974] overlayfs: upper fs does not support tmpfile.
[  455.683201][T16974] overlayfs: workdir/#4 already exists
[  455.720769][ T5291] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  455.763714][ T5243] ocfs2: Unmounting device (7,4) on (node local)
[  455.832711][T16986] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  455.931150][ T5291] usb 6-1: Using ep0 maxpacket: 8
[  455.950292][ T5291] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  455.971381][ T5291] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  456.020619][ T5291] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  456.067729][ T5291] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  456.100550][ T5291] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  456.140628][ T5291] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  456.161168][ T5291] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.193750][ T5291] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  457.150717][   T25] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  457.321122][   T25] usb 3-1: Using ep0 maxpacket: 8
[  457.334292][   T25] usb 3-1: config 0 has an invalid interface number: 143 but max is 0
[  457.353622][   T25] usb 3-1: config 0 has no interface number 0
[  457.360720][   T25] usb 3-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  457.375736][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.402268][   T25] usb 3-1: config 0 descriptor??
[  457.531772][   T25] viperboard 3-1:0.143: version 0.00 found at bus 003 address 041
[  457.554832][   T25] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  457.585233][   T25] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  457.617829][T17026] loop2: detected capacity change from 0 to 64
[  457.680858][   T25] usb 3-1: USB disconnect, device number 41
[  457.780084][T17051] loop4: detected capacity change from 0 to 164
[  457.797850][T17051] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[  458.524421][   T25] usb 6-1: USB disconnect, device number 32
[  458.680324][T17071] loop2: detected capacity change from 0 to 2048
[  458.715174][T17071] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  458.732711][T17071] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  458.740623][    T8] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  458.910745][    T8] usb 4-1: Using ep0 maxpacket: 16
[  458.934477][    T8] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  458.954390][    T8] usb 4-1: config 0 has no interface number 0
[  458.970921][    T8] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  458.991736][    T8] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  458.992270][   T25] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  459.040247][    T8] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  459.060558][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.079907][    T8] usb 4-1: Product: syz
[  459.085126][    T8] usb 4-1: Manufacturer: syz
[  459.105143][    T8] usb 4-1: SerialNumber: syz
[  459.119410][    T8] usb 4-1: config 0 descriptor??
[  459.136071][T17067] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  459.151466][T17067] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  459.171211][   T25] usb 6-1: Using ep0 maxpacket: 8
[  459.177754][   T25] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[  459.197498][   T25] usb 6-1: config 0 has no interface number 0
[  459.208600][   T25] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  459.222120][   T25] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  459.235480][   T25] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 108, changing to 10
[  459.248830][   T25] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid maxpacket 8949, setting to 1024
[  459.263705][   T25] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  459.286044][   T25] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  459.327255][   T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.339743][   T25] usb 6-1: Product: syz
[  459.345833][   T25] usb 6-1: Manufacturer: syz
[  459.382893][   T25] usb 6-1: SerialNumber: syz
[  459.387893][T17067] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  459.405683][   T25] usb 6-1: config 0 descriptor??
[  459.421674][T17067] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  459.563106][T17086] loop4: detected capacity change from 0 to 2048
[  459.611074][T17086] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  459.639250][   T25] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  459.673782][T17086] EXT4-fs error (device loop4): __ext4_new_inode:1070: comm syz.4.4567: reserved inode found cleared - inode=1
[  459.761212][ T5243] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.853890][    T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[  459.887737][    T8] asix 4-1:0.251: probe with driver asix failed with error -524
[  459.905992][    T8] usb 6-1: USB disconnect, device number 33
[  459.918425][    T8] iowarrior 6-1:0.186: I/O-Warror #0 now disconnected
[  460.070070][   T25] usb 4-1: USB disconnect, device number 32
[  460.159926][T17102] loop2: detected capacity change from 0 to 1024
[  460.217725][   T11] hfsplus: b-tree write err: -5, ino 4
[  460.380606][    T8] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  460.536368][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  460.566167][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  460.598761][    T8] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  460.649870][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.685579][    T8] usb 2-1: config 0 descriptor??
[  460.800133][T17115] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4579'.
[  461.186207][    T8] pyra 0003:1E7D:2CF6.005D: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0
[  461.542145][ T5337] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  461.564879][    T8] pyra 0003:1E7D:2CF6.005D: couldn't init struct pyra_device
[  461.600807][    T8] pyra 0003:1E7D:2CF6.005D: couldn't install mouse
[  461.622217][    T8] pyra 0003:1E7D:2CF6.005D: probe with driver pyra failed with error -71
[  461.643784][    T8] usb 2-1: USB disconnect, device number 37
[  461.742574][ T5337] usb 5-1: Using ep0 maxpacket: 16
[  461.765564][ T5337] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  461.790590][ T5337] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.799491][ T5337] usb 5-1: Product: syz
[  461.820557][ T5337] usb 5-1: Manufacturer: syz
[  461.825734][ T5337] usb 5-1: SerialNumber: syz
[  461.855844][T17136] loop2: detected capacity change from 0 to 512
[  461.856980][ T5337] usb 5-1: config 0 descriptor??
[  461.892883][T17136] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  461.951101][T17136] EXT4-fs (loop2): 1 truncate cleaned up
[  461.960349][T17136] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  462.035194][T17136] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.4588: corrupted in-inode xattr: overlapping e_value 
[  462.065213][T17136] EXT4-fs warning (device loop2): ext4_xattr_set_entry:1772: inode #15: comm syz.2.4588: unable to update i_inline_off
[  462.080324][T17139] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.4588: corrupted in-inode xattr: overlapping e_value 
[  462.096971][T17119] loop5: detected capacity change from 0 to 40427
[  462.150579][T17119] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  462.159184][T17119] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  462.206760][ T5337] usb 5-1: USB disconnect, device number 35
[  462.273389][T17119] F2FS-fs (loop5): Found nat_bits in checkpoint
[  462.290303][ T5224] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  462.528282][T17119] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  462.548385][T17119] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  462.980026][T17167] binder: 17166:17167 ioctl c0306201 200002c0 returned -14
[  463.078420][T17169] loop2: detected capacity change from 0 to 1024
[  463.140578][T17169] hfsplus: request for non-existent node 3 in B*Tree
[  463.156844][T17169] hfsplus: request for non-existent node 3 in B*Tree
[  463.544267][T17181] loop3: detected capacity change from 0 to 64
[  463.620710][ T5310] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  463.763927][T17187] loop5: detected capacity change from 0 to 1024
[  463.791712][ T5310] usb 5-1: Using ep0 maxpacket: 16
[  463.818632][ T5310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  463.840352][ T5310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  463.863126][ T5310] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  463.891263][ T5310] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  463.908364][ T5310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.909702][   T29] audit: type=1800 audit(2134217912.664:191): pid=17187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4598" name="bus" dev="loop5" ino=0 res=0 errno=0
[  463.928783][ T5310] usb 5-1: config 0 descriptor??
[  464.191075][T17175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.243659][T17175] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.494247][ T5310] microsoft 0003:045E:07DA.005E: unknown main item tag 0x0
[  464.523083][ T5310] microsoft 0003:045E:07DA.005E: unknown main item tag 0x0
[  464.530372][ T5310] microsoft 0003:045E:07DA.005E: unknown main item tag 0x0
[  464.570522][ T5310] microsoft 0003:045E:07DA.005E: unknown main item tag 0x0
[  464.618452][ T5310] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.005E/input/input50
[  464.694374][ T5310] microsoft 0003:045E:07DA.005E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  464.768281][ T5310] usb 5-1: USB disconnect, device number 36
[  464.910684][ T5337] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  465.025764][T17206] loop5: detected capacity change from 0 to 4096
[  465.096951][T17209] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  465.121807][ T5337] usb 2-1: Using ep0 maxpacket: 16
[  465.124529][T17194] loop2: detected capacity change from 0 to 32768
[  465.149839][ T5337] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  465.180701][ T5337] usb 2-1: config 0 has no interface number 0
[  465.198061][ T5337] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  465.204780][T17194] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  465.230561][ T5337] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  465.263721][ T5337] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  465.300716][ T5337] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.400768][ T5337] usb 2-1: Product: syz
[  465.405446][ T5337] usb 2-1: Manufacturer: syz
[  465.441930][ T5337] usb 2-1: SerialNumber: syz
[  465.441974][T17194] XFS (loop2): Ending clean mount
[  465.470511][T17194] XFS (loop2): Quotacheck needed: Please wait.
[  465.475701][ T5337] usb 2-1: config 0 descriptor??
[  465.494389][T17204] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  465.510934][T17204] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  465.650462][T17194] XFS (loop2): Quotacheck: Done.
[  465.781187][T17204] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  465.790612][T17204] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  465.809495][ T5224] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  466.228855][T17242] loop4: detected capacity change from 0 to 64
[  466.277711][T17242] hfs: keylen 94 too large
[  466.398115][T17245] hfs: keylen 94 too large
[  466.437299][ T5337] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  466.464554][T17245] hfs: request for non-existent node 1818584064 in B*Tree
[  466.490823][ T5337] asix 2-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  466.501081][T17245] hfs: request for non-existent node 1818584064 in B*Tree
[  466.540714][ T5337] asix 2-1:0.251: probe with driver asix failed with error -71
[  466.594187][ T5337] usb 2-1: USB disconnect, device number 38
[  467.411166][ T5310] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  467.536895][T17271] loop2: detected capacity change from 0 to 64
[  467.590536][ T5310] usb 6-1: Using ep0 maxpacket: 16
[  467.621305][ T5310] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  467.653205][ T5310] usb 6-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4
[  467.673608][T17275] Trying to free block not in datazone
[  467.684433][ T5310] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.709867][T17275] Trying to free block not in datazone
[  467.731153][ T5310] usb 6-1: Product: syz
[  467.735381][ T5310] usb 6-1: Manufacturer: syz
[  467.749397][T17275] Trying to free block not in datazone
[  467.761028][ T5310] usb 6-1: SerialNumber: syz
[  467.765955][T17275] Trying to free block not in datazone
[  467.784744][ T5310] usb 6-1: config 0 descriptor??
[  467.806930][T17275] Trying to free block not in datazone
[  467.824099][T17275] minix_free_block (loop2:6): bit already cleared
[  467.849408][T17275] Trying to free block not in datazone
[  467.859296][T17275] Trying to free block not in datazone
[  468.219661][T17279] overlayfs: failed to resolve './file1': -2
[  468.239165][ T5310] usb 6-1: Found UVC 0.00 device syz (045e:0721)
[  468.256638][ T5310] usb 6-1: No valid video chain found.
[  468.270775][    T8] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  468.439614][T17293] loop2: detected capacity change from 0 to 8
[  468.459399][    T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  468.476391][ T1783] usb 6-1: USB disconnect, device number 34
[  468.520683][    T8] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  468.549537][    T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  468.575725][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.604462][T17281] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  468.625345][    T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  468.661691][T17301] loop2: detected capacity change from 0 to 512
[  468.707880][T17301] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  468.764027][T17301] ext4 filesystem being mounted at /833/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  468.872672][ T1783] usb 5-1: USB disconnect, device number 37
[  469.024006][ T5224] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  469.203295][T17317] loop3: detected capacity change from 0 to 512
[  469.251093][T17317] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  469.288773][T17317] EXT4-fs (loop3): 1 truncate cleaned up
[  469.299768][T17317] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  469.405702][T17317] EXT4-fs error (device loop3): swap_inode_boot_loader:384: inode #5: comm syz.3.4661: iget: bad extra_isize 46 (inode size 256)
[  469.655418][T14413] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  470.206253][T17342] loop3: detected capacity change from 0 to 4096
[  470.254846][T17347] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  470.379932][T17316] loop2: detected capacity change from 0 to 32768
[  470.403531][T17316] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4660 (17316)
[  470.448533][T17316] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  470.489502][T17316] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  470.511052][T17316] BTRFS info (device loop2): using free-space-tree
[  470.552183][T17368] loop4: detected capacity change from 0 to 256
[  470.766187][ T5224] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  471.156407][T17384] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  471.231534][T17384] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  471.628879][T17398] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  471.874129][T17401] loop2: detected capacity change from 0 to 4096
[  471.907547][T17401] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  471.989951][T17401] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  472.516395][T17390] loop3: detected capacity change from 0 to 32768
[  472.552389][T17390] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4689 (17390)
[  472.597075][T17390] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  472.629057][T17390] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[  472.659660][T17390] BTRFS info (device loop3): using free-space-tree
[  473.001394][T17440] delete_channel: no stack
[  473.027124][T14413] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  473.027686][T17439] delete_channel: no stack
[  473.326183][T17445] loop4: detected capacity change from 0 to 2048
[  473.361217][T17445] EXT4-fs: Ignoring removed nomblk_io_submit option
[  473.404676][T17445] EXT4-fs: Ignoring removed nobh option
[  473.494720][T17445] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  473.764675][ T5243] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  474.052112][T17463] bridge0: port 2(bridge_slave_1) entered listening state
[  475.127556][T17471] loop2: detected capacity change from 0 to 32768
[  475.154145][T17471] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4720 (17471)
[  475.213079][T17471] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  475.247069][T17471] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[  475.276708][T17471] BTRFS info (device loop2): using free-space-tree
[  475.529344][ T5224] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  475.622936][T17481] loop3: detected capacity change from 0 to 32768
[  475.641677][T17481] XFS: ikeep mount option is deprecated.
[  475.731676][T17481] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  475.975544][T17481] XFS (loop3): Ending clean mount
[  476.023489][T17481] XFS (loop3): Quotacheck needed: Please wait.
[  476.171737][T17481] XFS (loop3): Quotacheck: Done.
[  476.351709][T17534] netlink: 'syz.4.4737': attribute type 1 has an invalid length.
[  476.360049][T17534] netlink: 'syz.4.4737': attribute type 2 has an invalid length.
[  476.431929][T14413] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  476.450165][T17534] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check.
[  476.624236][T17542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4744'.
[  476.832913][T17546] mkiss: ax0: crc mode is auto.
[  477.199186][T17554] netlink: 'syz.4.4749': attribute type 10 has an invalid length.
[  477.228094][T17554] netlink: 152 bytes leftover after parsing attributes in process `syz.4.4749'.
[  477.270686][T17554] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  478.340802][T17586] loop2: detected capacity change from 0 to 64
[  479.012967][T17607] syz.0.4772[17607] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  479.013163][T17607] syz.0.4772[17607] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  479.101799][T17605] sp0: Synchronizing with TNC
[  479.513550][T17626] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4780'.
[  479.857951][T17638] loop2: detected capacity change from 0 to 256
[  479.866783][T17636] loop3: detected capacity change from 0 to 16
[  479.923136][T17636] erofs: (device loop3): mounted with root inode @ nid 36.
[  480.099101][   T29] audit: type=1326 audit(2134217928.854:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17641 comm="syz.1.4788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  480.177706][   T29] audit: type=1326 audit(2134217928.854:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17641 comm="syz.1.4788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  480.217536][T17647] loop2: detected capacity change from 0 to 1764
[  480.290990][   T29] audit: type=1326 audit(2134217928.864:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17641 comm="syz.1.4788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  480.348022][T17647] iso9660: Corrupted directory entry in block 2 of inode 1920
[  480.408047][   T29] audit: type=1326 audit(2134217928.864:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17641 comm="syz.1.4788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  480.488879][T17655] loop4: detected capacity change from 0 to 256
[  480.614618][T17655] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  480.779753][T17665] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4800'.
[  481.052210][ T5244] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  481.066718][ T5244] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  481.075830][ T5244] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  481.089497][ T5244] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  481.104138][ T5244] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  481.113474][ T5244] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  481.317123][T17675] wlan0 speed is unknown, defaulting to 1000
[  481.356445][T17675] lo speed is unknown, defaulting to 1000
[  481.768687][T17693] loop4: detected capacity change from 0 to 8192
[  481.826209][T17693] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  481.860495][T17693] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  481.869971][T17693] REISERFS (device loop4): using ordered data mode
[  481.875617][T17699] loop3: detected capacity change from 0 to 4096
[  481.888672][T17693] reiserfs: using flush barriers
[  481.903063][T17693] REISERFS warning (device loop4): sh-458 journal_init_dev: cannot init journal device unknown-block(7,4): -16
[  481.967960][T17693] REISERFS warning (device loop4): sh-462 journal_init: unable to initialize journal device
[  482.013103][T17693] REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space
[  482.055114][T17708] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  482.335810][T17716] loop2: detected capacity change from 0 to 1024
[  482.487271][T17675] chnl_net:caif_netlink_parms(): no params data found
[  483.251232][ T5238] Bluetooth: hci7: command tx timeout
[  483.377896][T17735] loop4: detected capacity change from 0 to 32768
[  483.436643][T17735] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  483.480286][T17675] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.488225][T17675] bridge0: port 1(bridge_slave_0) entered disabled state
[  483.528019][T17675] bridge_slave_0: entered allmulticast mode
[  483.541831][T17761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4833'.
[  483.582488][T17675] bridge_slave_0: entered promiscuous mode
[  483.606031][T17675] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.631889][T17675] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.679877][T17675] bridge_slave_1: entered allmulticast mode
[  483.730650][T17675] bridge_slave_1: entered promiscuous mode
[  483.766256][T17735] XFS (loop4): Ending clean mount
[  483.799691][T17735] XFS (loop4): Quotacheck needed: Please wait.
[  483.872695][T17768] macvlan3: entered promiscuous mode
[  483.903402][T17768] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  483.933506][T17768] team0: Port device macvlan3 added
[  483.940822][T17735] XFS (loop4): Quotacheck: Done.
[  483.972806][   T29] audit: type=1800 audit(2134217932.734:196): pid=17735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4827" name="file1" dev="loop4" ino=9286 res=0 errno=0
[  484.093749][T17675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  484.117705][ T5243] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  484.151939][T17775] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.209044][T17675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  484.452058][T17675] team0: Port device team_slave_0 added
[  484.458862][T17783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4844'.
[  484.576172][T17675] team0: Port device team_slave_1 added
[  484.802874][T17675] batman_adv: batadv0: Adding interface: batadv_slave_0
[  484.861646][T17675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  484.965433][T17675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  485.030517][T17675] batman_adv: batadv0: Adding interface: batadv_slave_1
[  485.037527][T17675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  485.161021][T17675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  485.241075][T17815] netlink: 88 bytes leftover after parsing attributes in process `syz.2.4857'.
[  485.276478][T17815] netlink: 192 bytes leftover after parsing attributes in process `syz.2.4857'.
[  485.331101][ T5244] Bluetooth: hci7: command tx timeout
[  485.496528][T17675] hsr_slave_0: entered promiscuous mode
[  485.519871][    T8] hid-generic 000D:0000:0000.005F: unknown main item tag 0x0
[  485.524858][T17675] hsr_slave_1: entered promiscuous mode
[  485.545213][    T8] hid-generic 000D:0000:0000.005F: unknown main item tag 0x0
[  485.554414][T17675] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  485.563569][T17675] Cannot create hsr debugfs directory
[  485.592097][    T8] hid-generic 000D:0000:0000.005F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  486.309881][T17675] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.460882][T17855] loop4: detected capacity change from 0 to 1024
[  486.670237][T17675] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.870026][T17675] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.096089][T17675] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.411995][ T5244] Bluetooth: hci7: command 0x040f tx timeout
[  487.696970][T17675] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  487.747400][T17675] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  487.831538][T17675] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  487.922559][T17675] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  488.286287][T17675] 8021q: adding VLAN 0 to HW filter on device bond0
[  488.299528][T17867] loop4: detected capacity change from 0 to 32768
[  488.335038][T17867] 
[  488.335038][T17867]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  488.335038][T17867] 
[  488.394966][T17675] 8021q: adding VLAN 0 to HW filter on device team0
[  488.436333][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.443521][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  488.518149][ T2480] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.526066][ T2480] bridge0: port 2(bridge_slave_1) entered forwarding state
[  488.576270][T17900] find_entry called with index = 0
[  488.626730][T17900] read_mapping_page failed!
[  488.645220][T17900] ERROR: (device loop4): txCommit: 
[  488.645220][T17900] 
[  488.886913][ T5243] 
[  488.886913][ T5243]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  488.886913][ T5243] 
[  488.901846][ T5243] 
[  488.901846][ T5243]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  488.901846][ T5243] 
[  489.490877][ T5238] Bluetooth: hci7: command 0x040f tx timeout
[  489.592356][T17675] 8021q: adding VLAN 0 to HW filter on device batadv0
[  489.986029][T17940] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  490.353605][T17949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4914'.
[  490.473872][T17675] veth0_vlan: entered promiscuous mode
[  490.517906][T17675] veth1_vlan: entered promiscuous mode
[  490.638293][T17675] veth0_macvtap: entered promiscuous mode
[  490.742085][T17675] veth1_macvtap: entered promiscuous mode
[  490.824039][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  490.890728][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.929415][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  490.981772][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.022090][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  491.056550][T17938] loop2: detected capacity change from 0 to 32768
[  491.072276][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.095887][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  491.121841][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.141177][T17938] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  491.179943][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  491.234283][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.298613][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  491.320761][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.373750][T17675] batman_adv: batadv0: Interface activated: batadv_slave_0
[  491.418728][ T5224] ocfs2: Unmounting device (7,2) on (node local)
[  491.494983][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.544589][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.572144][ T5238] Bluetooth: hci7: command 0x040f tx timeout
[  491.594201][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.658096][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.720750][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.758500][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.781853][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.806872][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.832045][T17675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.873760][T17675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.909931][T17960] loop4: detected capacity change from 0 to 32768
[  491.928558][T17675] batman_adv: batadv0: Interface activated: batadv_slave_1
[  492.013850][T17675] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  492.042680][T17675] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  492.066898][T17675] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  492.083550][T17675] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  492.095209][T17960] JBD2: Ignoring recovery information on journal
[  492.236115][T17961] loop3: detected capacity change from 0 to 40427
[  492.268653][T17960] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  492.270448][T17961] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  492.302436][    T8] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  492.336223][T17961] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  492.383776][T17961] F2FS-fs (loop3): Found nat_bits in checkpoint
[  492.507582][ T5243] ocfs2: Unmounting device (7,4) on (node local)
[  492.516037][    T8] usb 2-1: Using ep0 maxpacket: 32
[  492.536788][    T8] usb 2-1: config index 0 descriptor too short (expected 164, got 36)
[  492.571629][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.595716][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.608232][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.638714][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.660078][T17961] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  492.670618][T17961] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  492.679992][    T8] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  492.730729][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.731546][T17996] loop2: detected capacity change from 0 to 128
[  492.763021][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.783853][   T29] audit: type=1800 audit(2134217941.544:197): pid=17996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4933" name="bus" dev="loop2" ino=1048738 res=0 errno=0
[  492.784591][    T8] usb 2-1: config 0 descriptor??
[  492.804633][    C1] vkms_vblank_simulate: vblank timer overrun
[  492.852028][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  493.333871][    T8] logitech 0003:046D:C29C.0060: unknown main item tag 0x0
[  493.351884][    T8] logitech 0003:046D:C29C.0060: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[  493.751795][    T8] logitech 0003:046D:C29C.0060: no inputs found
[  493.785003][    T8] usb 2-1: USB disconnect, device number 39
[  494.374699][ T5238] Bluetooth: hci7: unexpected event for opcode 0x2062
[  494.640830][T18045] netlink: 248 bytes leftover after parsing attributes in process `syz.5.4952'.
[  495.085983][T18058] xt_CT: You must specify a L4 protocol and not use inversions on it
[  495.234610][T18028] loop4: detected capacity change from 0 to 32768
[  495.390940][T18028] ERROR: (device loop4): dbAllocNext: Corrupt dmap page
[  495.390940][T18028] 
[  495.443270][T18028] ERROR: (device loop4): remounting filesystem as read-only
[  495.468496][T18028] blkno = 0, nblocks = 1
[  495.494337][T18028] ERROR: (device loop4): dbFree: block to be freed is outside the map
[  495.494337][T18028] 
[  495.550891][T18028] ialloc: diAlloc returned -5!
[  495.629433][T18028] ERROR: (device loop4): dbAllocNext: Corrupt dmap page
[  495.629433][T18028] 
[  495.854490][T18040] loop3: detected capacity change from 0 to 32768
[  495.915771][T18072] loop5: detected capacity change from 0 to 4096
[  495.949714][T18072] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512).
[  496.034142][T18072] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  496.127081][T18072] ntfs3: loop5: ino=1b, "file0" failed to parse mft record
[  496.211637][T18072] ntfs3: loop5: ino=1b, "file0" attr_set_size
[  496.899641][T18111] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4984'.
[  497.101838][T18118] netlink: 'syz.1.4988': attribute type 2 has an invalid length.
[  497.153955][T18118] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  497.893961][T18113] loop2: detected capacity change from 0 to 32768
[  497.930587][T18113] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4985 (18113)
[  498.001177][T18113] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  498.048697][T18113] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[  498.215478][T18152] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4998'.
[  498.225953][T18152] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4998'.
[  498.258732][T18113] BTRFS info (device loop2): rebuilding free space tree
[  498.272320][T18160] loop3: detected capacity change from 0 to 512
[  498.305585][T18113] BTRFS info (device loop2): disabling free space tree
[  498.314048][T18113] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  498.325405][T18113] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  498.329975][T18160] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.4999: corrupted in-inode xattr: invalid ea_ino
[  498.404143][T18160] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.4999: couldn't read orphan inode 15 (err -117)
[  498.450781][ T5238] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0
[  498.459917][ T5238] Bluetooth: hci7: Injecting HCI hardware error event
[  498.472553][ T5244] Bluetooth: hci7: hardware error 0x00
[  498.506558][   T29] audit: type=1800 audit(2134217947.264:198): pid=18113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4985" name="file2" dev="loop2" ino=261 res=0 errno=0
[  498.521479][T18160] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  498.621253][T18160] EXT4-fs error (device loop3): ext4_find_dest_de:2067: inode #2: block 13: comm syz.3.4999: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  498.892734][ T5224] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  498.908750][T14413] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  499.277179][T18182] pimreg: entered allmulticast mode
[  499.333515][T18182] pimreg: left allmulticast mode
[  499.363311][T18186] loop3: detected capacity change from 0 to 64
[  499.412432][T18186] hfs: get root inode failed
[  499.761841][T18192] netlink: 'syz.2.5006': attribute type 29 has an invalid length.
[  499.812401][T18192] netlink: 'syz.2.5006': attribute type 29 has an invalid length.
[  499.848247][T18192] netlink: 'syz.2.5006': attribute type 29 has an invalid length.
[  500.108130][T18200] loop4: detected capacity change from 0 to 4096
[  500.138394][T18200] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512).
[  500.211894][T18200] ntfs3: loop4: Failed to load $Extend (-22).
[  500.271703][T18200] ntfs3: loop4: Failed to initialize $Extend.
[  500.620520][ T5244] Bluetooth: hci7: Opcode 0x0c03 failed: -110
[  500.722791][T18221] loop5: detected capacity change from 0 to 64
[  500.934197][ T1252] ieee802154 phy1 wpan1: encryption failed: -22
[  500.994474][T18186] loop3: detected capacity change from 0 to 40427
[  501.044448][T18186] F2FS-fs (loop3): invalid crc value
[  501.092198][T18186] F2FS-fs (loop3): Found nat_bits in checkpoint
[  501.218279][T18233] loop5: detected capacity change from 0 to 128
[  501.313952][T18186] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  501.320722][   T29] audit: type=1800 audit(2134217950.074:199): pid=18233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.5031" name="file1" dev="loop5" ino=1048743 res=0 errno=0
[  501.375849][T18233] FAT-fs (loop5): error, invalid FAT chain (i_pos 548, last_block 8)
[  501.404234][   T29] audit: type=1800 audit(2134217950.104:200): pid=18233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.5031" name="file1" dev="loop5" ino=1048743 res=0 errno=0
[  501.439663][T18233] FAT-fs (loop5): Filesystem has been set read-only
[  501.461664][T14413] syz-executor: attempt to access beyond end of device
[  501.461664][T14413] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  501.489406][T18233] FAT-fs (loop5): error, corrupted file size (i_pos 548, 522)
[  501.510555][T14413] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  502.117967][T18246] loop5: detected capacity change from 0 to 4096
[  502.240726][T18255] loop2: detected capacity change from 0 to 1024
[  502.343918][T18255] hfsplus: bad catalog entry type
[  502.475783][   T52] hfsplus: b-tree write err: -5, ino 4
[  502.635213][T18260] loop2: detected capacity change from 0 to 512
[  502.694331][ T5244] Bluetooth: hci7: Opcode 0x206c failed: -110
[  502.728434][T18265] loop3: detected capacity change from 0 to 1764
[  502.757215][T18260] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  502.771378][T18268] program syz.5.5047 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  502.811559][T18260] ext4 filesystem being mounted at /927/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  503.047759][T18277] loop5: detected capacity change from 0 to 16
[  503.063244][ T5224] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  503.104376][T18277] erofs: (device loop5): mounted with root inode @ nid 36.
[  503.174083][T18277] erofs: (device loop5): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36
[  503.220546][T18277] erofs: (device loop5): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36
[  503.262303][T18277] erofs: (device loop5): z_erofs_read_folio: read error -117 @ 123 of nid 36
[  503.311138][T18283] erofs: (device loop5): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36
[  503.397098][T18245] loop4: detected capacity change from 0 to 40427
[  503.513050][T18245] F2FS-fs (loop4): Found nat_bits in checkpoint
[  503.746727][T18245] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  503.908407][ T5243] syz-executor: attempt to access beyond end of device
[  503.908407][ T5243] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  504.016868][ T5243] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  504.539018][T18282] loop2: detected capacity change from 0 to 32768
[  504.606614][T18282] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  504.625721][T18303] veth1_macvtap: left promiscuous mode
[  504.771397][ T5244] Bluetooth: hci7: Opcode 0x2046 failed: -110
[  504.929719][T18282] XFS (loop2): Ending clean mount
[  504.982915][T18282] XFS (loop2): Quotacheck needed: Please wait.
[  505.115743][T18282] XFS (loop2): Quotacheck: Done.
[  505.194759][T18287] loop3: detected capacity change from 0 to 40427
[  505.254526][T18287] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  505.300666][T18287] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  505.376779][ T5224] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  505.409027][T18287] F2FS-fs (loop3): Found nat_bits in checkpoint
[  505.607236][T18287] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  505.619479][T18332] loop4: detected capacity change from 0 to 256
[  505.635696][T18287] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  505.685618][T18332] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  505.762417][   T29] audit: type=1800 audit(2134217954.524:201): pid=18287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5055" name="bus" dev="loop3" ino=11 res=0 errno=0
[  507.233394][T18356] Context (ID=0x1) not attached to queue pair (handle=0x1:0x0)
[  507.766979][T18339] loop5: detected capacity change from 0 to 32768
[  507.781346][T18362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5077'.
[  507.813203][T18362] netlink: 'syz.3.5077': attribute type 1 has an invalid length.
[  507.994177][T18339] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  508.348036][T18379] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5086'.
[  508.357057][T18339] XFS (loop5): Ending clean mount
[  508.404210][T18339] XFS (loop5): Quotacheck needed: Please wait.
[  508.563911][T18339] XFS (loop5): Quotacheck: Done.
[  508.712260][T18358] loop2: detected capacity change from 0 to 32768
[  508.798351][T18358] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  509.020378][T18339] XFS (loop5): User initiated shutdown received.
[  509.048348][ T5224] ocfs2: Unmounting device (7,2) on (node local)
[  509.065405][T18339] XFS (loop5): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x110/0x160 (fs/xfs/xfs_fsops.c:447).  Shutting down filesystem.
[  509.121804][T18339] XFS (loop5): Please unmount the filesystem and rectify the problem(s)
[  509.263108][T17675] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  510.023198][   T29] audit: type=1326 audit(2134217958.784:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18407 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  510.125636][   T29] audit: type=1326 audit(2134217958.784:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18407 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  510.210926][   T29] audit: type=1326 audit(2134217958.784:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18407 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  510.243574][T18411] input: syz0 as /devices/virtual/input/input53
[  510.309573][   T29] audit: type=1326 audit(2134217958.784:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18407 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x7ffc0000
[  510.553773][T18417] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.5103'.
[  511.096804][T18434] vlan2: entered allmulticast mode
[  511.130028][T18434] gretap0: entered allmulticast mode
[  511.194893][T18434] gretap0: left allmulticast mode
[  511.510759][ T1783] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  511.702832][ T1783] usb 6-1: Using ep0 maxpacket: 16
[  511.740119][ T1783] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.768606][ T1783] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  511.809445][ T1783] usb 6-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  511.835049][ T1783] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.869030][ T1783] usb 6-1: config 0 descriptor??
[  512.322535][ T1783] playstation 0003:054C:05C4.0061: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.5-1/input0
[  512.513669][ T1783] playstation 0003:054C:05C4.0061: Invalid byte count transferred, expected 16 got 0
[  512.544805][ T1783] playstation 0003:054C:05C4.0061: Failed to retrieve DualShock4 pairing info: -22
[  512.574903][ T1783] playstation 0003:054C:05C4.0061: Failed to get MAC address from DualShock4
[  512.604015][ T1783] playstation 0003:054C:05C4.0061: Failed to create dualshock4.
[  512.631894][ T1783] playstation 0003:054C:05C4.0061: probe with driver playstation failed with error -22
[  512.728432][ T1783] usb 6-1: USB disconnect, device number 35
[  512.785809][T18455] loop2: detected capacity change from 0 to 32768
[  512.801682][T18455] btrfs: Deprecated parameter 'usebackuproot'
[  512.818122][T18455] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  512.855436][T18455] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5118 (18455)
[  512.903295][T18455] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  512.941748][T18455] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  512.979105][T18456] loop4: detected capacity change from 0 to 32768
[  512.985873][T18455] BTRFS info (device loop2): disk space caching is enabled
[  513.006304][T18455] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  513.048659][T18456] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  513.145588][T18496] loop3: detected capacity change from 0 to 1024
[  513.165059][T18496] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  513.190028][T18455] btrfs: Deprecated parameter 'usebackuproot'
[  513.217761][T18455] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  513.236365][T18496] overlay: Unknown parameter '32
[  513.236365][T18496] time
[  513.236365][T18496] string
[  513.236365][T18496] statistic
[  513.236365][T18496] state
[  513.236365][T18496] realm
[  513.236365][T18496] rateest
[  513.236365][T18496] quota
[  513.236365][T18496] pkttype
[  513.236365][T18496] physdev
[  513.236365][T18496] cgroup
[  513.236365][T18496] cgroup
[  513.236365][T18496] cgroup
[  513.236365][T18496] owner
[  513.236365][T18496] nfacct
[  513.236365][T18496] nfacct
[  513.236365][T18496] mac
[  513.236365][T18496] limit
[  513.236365][T18496] ipvs
[  513.236365][T18496] helper
[  513.236365][T18496] devgroup
[  513.236365][T18496] cpu
[  513.236365][T18496] conntrack
[  513.236365][T18496] conntrack
[  513.236365][T18496] conntrack
[  513.236365][T18496] connlimit
[  513.236365][T18496] connlabel
[  513.236365][T18496] connbytes
[  513.236365][T18496] comment
[  513.236365][T18496] cluster
[  513.236365][T18496] bpf
[  513.236365][T18496] bpf
[  513.236365][T18496] addrtype
[  513.236365][T18496] connmark
[  513.236365][T18496] mark
[  513.236365][T18496] rpfilter
[  513.236365][T18496] ah
[  513.236365][T18496] tcpmss
[  513.236365][T18496] socket
[  513.236365][T18496] socket
[  513.236365][T18496] socket
[  513.236365][T18496] socket
[  513.236365][T18496] sctp
[  513.236365][T18496] recent
[  513.236365][T18496] recent
[  513.236365][T18496] policy
[  513.236365][T18496] osf
[  513.236365][T18496] multiport
[  513.236365][T18496] length
[  513.236365][T18496] l2tp
[  513.236365][T18496] iprange
[  513.236365][T18496] ipcomp
[  513.236365][T18496] ttl
[  513.236365][T18496] hashlimit
[  513.236365][T18496] hashlimit
[  513.236365][T18496] hashlimit
[  513.236365][T18496] esp
[  513.236365][T18496] ecn
[  513.236365][T18496] tos
[  513.236365][T18496] dscp
[  513.236365][T18496] dccp
[  513.236365][T18496] addrtype
[  513.236365][T18496] set
[  513.236365][T18496] set
[  513.236365][T18496] set
[  513.236365][T18496] set
[  513.236365][T18496] set
[  513.236365][T18496] icmp
[  513.423109][T18455] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW
[  513.434843][T18455] BTRFS info (device loop2 state M): enabling free space tree
[  513.442914][T18455] BTRFS info (device loop2 state M): force clearing of disk cache
[  513.451184][T18455] BTRFS info (device loop2 state M): trying to use backup root at mount time
[  513.472171][T18455] BTRFS info (device loop2 state M): disabling disk space caching
[  513.532732][T18456] XFS (loop4): Ending clean mount
[  513.619793][ T5224] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  513.845134][ T5243] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  514.352660][T18521] loop2: detected capacity change from 0 to 16
[  514.406100][T18521] erofs: (device loop2): mounted with root inode @ nid 36.
[  514.771013][ T5291] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  514.971898][ T5291] usb 4-1: Using ep0 maxpacket: 16
[  515.033832][ T5291] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  515.082843][ T5291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  515.166784][ T5291] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  515.197834][ T5291] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.231744][ T5291] usb 4-1: Product: syz
[  515.236448][ T5291] usb 4-1: Manufacturer: syz
[  515.276616][ T5291] usb 4-1: SerialNumber: syz
[  515.308912][ T5291] usb 4-1: config 0 descriptor??
[  515.342611][ T5291] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  515.357288][T18540] loop4: detected capacity change from 0 to 128
[  515.371802][ T5291] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  515.431249][T18543] [U] 
[  515.452920][T18540] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  515.558957][T18540] ext4 filesystem being mounted at /841/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  515.607911][  T933] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  515.618339][T18518] loop5: detected capacity change from 0 to 32768
[  515.676255][T18518] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5137 (18518)
[  515.727072][T18518] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  515.741801][T18518] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  515.760781][T18518] BTRFS info (device loop5): using free-space-tree
[  515.790814][  T933] usb 2-1: Using ep0 maxpacket: 16
[  515.814269][  T933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  515.841736][  T933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  515.853462][  T933] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  515.864214][  T933] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.877448][  T933] usb 2-1: config 0 descriptor??
[  515.958789][ T5291] em28xx 4-1:0.0: chip ID is em2840
[  516.050279][ T5243] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  516.174213][ T5291] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  516.212285][ T5291] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  516.262626][ T5291] em28xx 4-1:0.0: No AC97 audio processor
[  516.286597][ T5291] usb 4-1: USB disconnect, device number 33
[  516.354013][  T933] corsair 0003:1B1C:1B02.0062: unknown main item tag 0x0
[  516.364457][T17675] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  516.374999][ T5291] em28xx 4-1:0.0: Disconnecting em28xx
[  516.381870][ T5291] em28xx 4-1:0.0: Freeing device
[  516.390133][  T933] corsair 0003:1B1C:1B02.0062: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.1-1/input0
[  516.531967][  T933] corsair 0003:1B1C:1B02.0062: Read invalid backlight brightness: db.
[  516.718211][T18565] loop2: detected capacity change from 0 to 32768
[  516.767233][  T933] usb 2-1: USB disconnect, device number 40
[  516.820977][T18565] JBD2: Ignoring recovery information on journal
[  516.937494][T18565] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  517.109874][   T29] audit: type=1800 audit(2134217965.854:206): pid=18565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5152" name="file1" dev="loop2" ino=17058 res=0 errno=0
[  517.241366][ T5224] ocfs2: Unmounting device (7,2) on (node local)
[  517.388258][T18584] loop3: detected capacity change from 0 to 4096
[  517.558265][T18593] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  517.813872][T18590] netlink: 'syz.4.5162': attribute type 29 has an invalid length.
[  518.189550][T18588] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  518.215556][T18588] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  518.257366][T18613] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5169'.
[  518.268409][T18610] mkiss: ax0: crc mode is auto.
[  518.358280][T18588] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  518.394274][T18588] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  518.668355][   T29] audit: type=1326 audit(2134217967.424:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18631 comm="syz.1.5175" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce657def9 code=0x0
[  518.771396][T18641] loop3: detected capacity change from 0 to 512
[  518.903204][T18641] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  518.933811][T18641] ext4 filesystem being mounted at /267/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  519.181472][T14413] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.430348][T18662] loop4: detected capacity change from 0 to 47
[  519.551127][T18588] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  519.580760][T18588] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  519.594346][T18666] minix_free_block (loop4:20): bit already cleared
[  519.602400][T18666] minix_free_block (loop4:21): bit already cleared
[  519.610269][T18666] minix_free_block (loop4:19): bit already cleared
[  519.825924][T18588] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  519.861267][T18588] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[  519.983511][ T5310] wlan0 speed is unknown, defaulting to 1000
[  520.099502][T18588] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  520.127991][T18588] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  520.397429][T18640] loop2: detected capacity change from 0 to 32768
[  520.489088][T18640] XFS (loop2): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  520.696355][T18640] XFS (loop2): Ending clean mount
[  520.742767][T18640] XFS (loop2): Quotacheck needed: Please wait.
[  520.875353][T18640] XFS (loop2): Quotacheck: Done.
[  520.960877][   T29] audit: type=1800 audit(2134217969.694:208): pid=18640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5177" name="file1" dev="loop2" ino=7430 res=0 errno=0
[  521.098101][ T5224] XFS (loop2): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  521.372992][   T29] audit: type=1326 audit(2134217970.134:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18717 comm="syz.4.5199" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a27b7def9 code=0x0
[  521.926298][T18701] loop5: detected capacity change from 0 to 32768
[  521.987914][T18701] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  522.176667][T18701] XFS (loop5): Ending clean mount
[  522.216481][T18701] XFS (loop5): Quotacheck needed: Please wait.
[  522.328307][T18701] XFS (loop5): Quotacheck: Done.
[  522.604780][   T29] audit: type=1804 audit(2134217971.324:210): pid=18701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.5192" name="/newroot/44/file0/file1" dev="loop5" ino=9286 res=1 errno=0
[  522.632850][T18753] netlink: 88 bytes leftover after parsing attributes in process `syz.4.5206'.
[  522.717128][T17675] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  523.310597][ T5288] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  523.525796][ T5288] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  523.556545][ T5288] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x1D, changing to 0xD
[  523.623222][ T5288] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 16349, setting to 64
[  523.695186][ T5288] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  523.768570][ T5288] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  523.798597][ T5288] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  523.851088][ T5288] usb 4-1: Manufacturer: syz
[  523.878083][ T5288] usb 4-1: config 0 descriptor??
[  523.912300][T18766] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  523.981614][ T5288] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  524.110793][T18801] program syz.4.5223 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  524.156814][ T5288] usb 4-1: USB disconnect, device number 34
[  524.694914][T18820] netlink: 'syz.0.5228': attribute type 7 has an invalid length.
[  524.753133][T18820] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5228'.
[  524.761253][T18821] netlink: 'syz.0.5228': attribute type 3 has an invalid length.
[  524.847573][T18821] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5228'.
[  525.272194][T18806] loop2: detected capacity change from 0 to 32768
[  525.302211][T18806] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5225 (18806)
[  525.353250][T18806] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  525.380660][T18806] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[  525.399579][T18806] BTRFS info (device loop2): using free-space-tree
[  525.631895][T18857] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5234'.
[  525.647208][ T5224] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  526.053040][T18868] loop4: detected capacity change from 0 to 256
[  526.347117][T18878] loop2: detected capacity change from 0 to 512
[  526.383896][T18878] EXT4-fs: Ignoring removed oldalloc option
[  526.453170][T18878] EXT4-fs error (device loop2): ext4_xattr_inode_iget:436: comm syz.2.5236: Parent and EA inode have the same ino 15
[  526.480054][T18878] EXT4-fs error (device loop2): ext4_xattr_inode_iget:436: comm syz.2.5236: Parent and EA inode have the same ino 15
[  526.541103][T18878] EXT4-fs (loop2): 1 orphan inode deleted
[  526.547865][T18878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  526.570617][ T5288] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  526.746223][T18886] loop4: detected capacity change from 0 to 4096
[  526.756191][ T5288] usb 4-1: Using ep0 maxpacket: 8
[  526.782115][ T5224] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  526.799877][ T5288] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  526.810439][ T5288] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  526.818542][ T5288] usb 4-1: config 0 has no interface number 0
[  526.845000][ T5288] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  526.864166][ T5288] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  526.875872][ T5288] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  526.907847][ T5288] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  526.917705][ T5288] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  526.925961][ T5288] usb 4-1: Product: syz
[  526.951594][ T5288] usb 4-1: config 0 descriptor??
[  526.957985][T18877] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  527.139534][T18886] ntfs3: loop4: ino=0, "file0" failed to parse mft record
[  527.642737][ T5288] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input54
[  527.887338][  T933] usb 4-1: USB disconnect, device number 35
[  527.887448][    C1] keyspan_remote 4-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  528.032139][T18916] wlan0 speed is unknown, defaulting to 1000
[  528.049469][T18916] lo speed is unknown, defaulting to 1000
[  528.180895][ T5288] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  528.340537][ T5288] usb 5-1: Using ep0 maxpacket: 8
[  528.359595][ T5288] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  528.408567][ T5288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  528.455383][ T5288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  528.491139][ T5288] usb 5-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=d0.46
[  528.521927][ T5288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.550959][ T5288] usb 5-1: Product: syz
[  528.565554][ T5288] usb 5-1: Manufacturer: syz
[  528.570250][ T5288] usb 5-1: SerialNumber: syz
[  528.596235][ T5288] usb 5-1: config 0 descriptor??
[  528.711699][T18928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5260'.
[  528.821557][ T5288] radio-si470x 5-1:0.0: DeviceID=0x6256 ChipID=0x5900
[  529.015590][ T5288] radio-si470x 5-1:0.0: software version 98, hardware version 86
[  529.016057][T18910] loop5: detected capacity change from 0 to 32768
[  529.033517][T18936] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  529.041186][   T25] IPVS: starting estimator thread 0...
[  529.140893][T18939] IPVS: using max 16 ests per chain, 38400 per kthread
[  529.246911][ T5288] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71
[  529.282646][ T5288] radio-si470x 5-1:0.0: submitting int urb failed (-90)
[  529.329142][ T5288] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71
[  529.361946][T18946] netlink: 'syz.1.5269': attribute type 3 has an invalid length.
[  529.370895][ T5288] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -22
[  529.393443][ T5288] usb 5-1: USB disconnect, device number 38
[  529.416596][T18946] netlink: 196520 bytes leftover after parsing attributes in process `syz.1.5269'.
[  530.214299][T18962] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5278'.
[  530.267716][T18966] loop2: detected capacity change from 0 to 64
[  531.058854][   T29] audit: type=1326 audit(2134217979.814:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.116031][   T29] audit: type=1326 audit(2134217979.844:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.207033][   T29] audit: type=1326 audit(2134217979.854:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.235900][   T29] audit: type=1326 audit(2134217979.854:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.291591][   T29] audit: type=1326 audit(2134217979.854:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.321097][  T933] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  531.360348][   T29] audit: type=1326 audit(2134217979.854:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.420641][   T29] audit: type=1326 audit(2134217979.854:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.480596][   T29] audit: type=1326 audit(2134217979.864:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fa8b677def9 code=0x7ffc0000
[  531.507985][  T933] usb 2-1: Using ep0 maxpacket: 8
[  531.550829][  T933] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  531.571854][   T29] audit: type=1326 audit(2134217979.864:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa8b6774ea7 code=0x7ffc0000
[  531.584603][  T933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  531.648946][  T933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  531.655707][   T29] audit: type=1326 audit(2134217979.864:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18988 comm="syz.3.5289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa8b6719869 code=0x7ffc0000
[  531.706911][  T933] usb 2-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=d0.46
[  531.735116][  T933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.765200][  T933] usb 2-1: Product: syz
[  531.769926][  T933] usb 2-1: Manufacturer: syz
[  531.790717][  T933] usb 2-1: SerialNumber: syz
[  531.809337][  T933] usb 2-1: config 0 descriptor??
[  532.033270][  T933] radio-si470x 2-1:0.0: DeviceID=0x6256 ChipID=0x5900
[  532.041444][T18991] loop4: detected capacity change from 0 to 32768
[  532.060858][T18991] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5290 (18991)
[  532.132809][T18991] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  532.160352][T18991] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm
[  532.233939][  T933] radio-si470x 2-1:0.0: software version 98, hardware version 86
[  532.324500][T18991] BTRFS info (device loop4): rebuilding free space tree
[  532.353047][T19002] loop3: detected capacity change from 0 to 40427
[  532.369772][T19002] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1fffff
[  532.380519][T18991] BTRFS info (device loop4): disabling free space tree
[  532.389381][T18991] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  532.400932][T19002] F2FS-fs (loop3): Image doesn't support compression
[  532.407675][T19002] F2FS-fs (loop3): Image doesn't support compression
[  532.424823][T18991] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  532.436645][  T933] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  532.453294][T19002] F2FS-fs (loop3): invalid crc value
[  532.457729][  T933] radio-si470x 2-1:0.0: submitting int urb failed (-90)
[  532.478739][T19002] F2FS-fs (loop3): Found nat_bits in checkpoint
[  532.490126][  T933] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  532.511292][  T933] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22
[  532.539439][  T933] usb 2-1: USB disconnect, device number 41
[  532.620332][T19027] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5298'.
[  532.632610][T19002] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  532.699307][T19002] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x1d4/0xb90
[  532.782969][ T5243] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  532.802464][T14413] syz-executor: attempt to access beyond end of device
[  532.802464][T14413] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  532.851707][T19032] loop2: detected capacity change from 0 to 1024
[  532.871000][T14413] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  532.881864][T14413] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  533.205027][ T2480] hfsplus: b-tree write err: -5, ino 4
[  533.617368][T19047] netlink: 'syz.2.5307': attribute type 11 has an invalid length.
[  533.710134][T19049] loop3: detected capacity change from 0 to 512
[  533.787033][T19049] evm: overlay not supported
[  534.128872][T19066] IPVS: lc: SCTP 127.0.0.1:0 - no destination available
[  534.216205][  T933] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  534.448525][T19078] loop5: detected capacity change from 0 to 512
[  534.524771][T19078] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  534.580575][T19078] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  534.725568][T17675] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  535.141717][T19060] loop4: detected capacity change from 0 to 32768
[  535.193201][T19060] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  535.381017][ T5243] ocfs2: Unmounting device (7,4) on (node local)
[  535.945794][T19126] wlan0 speed is unknown, defaulting to 1000
[  536.001577][T19126] lo speed is unknown, defaulting to 1000
[  536.463106][T19111] loop2: detected capacity change from 0 to 32768
[  536.558488][T19111] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  536.760275][T19111] XFS (loop2): Ending clean mount
[  536.891411][ T5224] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  537.241277][T19125] loop5: detected capacity change from 0 to 32768
[  537.278299][T19133] loop4: detected capacity change from 0 to 32768
[  537.316631][T19133] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5345 (19133)
[  537.422355][T19125] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  537.444917][T19133] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  537.483216][T19133] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  537.494617][T19133] BTRFS info (device loop4): using free-space-tree
[  537.558250][T19162] loop2: detected capacity change from 0 to 64
[  537.850724][T19125] XFS (loop5): Ending clean mount
[  537.929131][T19133] BTRFS error (device loop4): balance: invalid convert metadata profile raid1c3
[  537.989030][T19150] loop3: detected capacity change from 0 to 32768
[  538.131807][T17675] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  538.139448][ T5243] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  538.250662][T19150] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  538.503103][T19190] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5357'.
[  538.609626][T14413] ocfs2: Unmounting device (7,3) on (node local)
[  538.835015][T19198] batman_adv: batadv0: Adding interface: gretap1
[  538.873388][T19198] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.940770][T19198] batman_adv: batadv0: Interface activated: gretap1
[  539.967705][T19236] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  540.181398][T19243] syzkaller0: tun_chr_ioctl cmd 1074025677
[  540.187545][T19243] syzkaller0: linktype set to 768
[  540.501007][ T5310] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  540.682080][ T5310] usb 2-1: Using ep0 maxpacket: 8
[  540.704204][ T5310] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  540.730906][ T5310] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16
[  540.764499][ T5310] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  540.799448][ T5310] usb 2-1: New USB device found, idVendor=0001, idProduct=8000, bcdDevice= 0.00
[  540.810482][ T5310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  540.818592][ T5310] usb 2-1: SerialNumber: syz
[  540.842454][T19247] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  540.855409][ T5310] hub 2-1:1.0: bad descriptor, ignoring hub
[  540.879633][ T5310] hub 2-1:1.0: probe with driver hub failed with error -5
[  541.001297][T19268] program syz.2.5393 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  541.067177][T19247] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  541.221958][T19272] tap0: tun_chr_ioctl cmd 1074025681
[  541.496246][ T5310] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42
[  541.830835][ T5310] usb 2-1: USB disconnect, device number 42
[  541.832564][ T5310] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device
[  542.004399][T19297] netlink: 'syz.5.5406': attribute type 3 has an invalid length.
[  542.391996][T19311] IPVS: dh: SCTP 172.20.20.187:0 - no destination available
[  542.629586][T19319] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  543.065713][T19295] loop3: detected capacity change from 0 to 32768
[  543.261542][T19343] loop4: detected capacity change from 0 to 1024
[  543.818389][    T8] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  543.828767][  T933] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  543.937278][T19361] loop5: detected capacity change from 0 to 1024
[  543.987556][T19335] loop2: detected capacity change from 0 to 32768
[  544.072059][T19335] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  544.102746][T19335] 
[  544.105125][T19335] ======================================================
[  544.112149][T19335] WARNING: possible circular locking dependency detected
[  544.119179][T19335] 6.11.0-syzkaller-04003-gfc1dc0d50780 #0 Not tainted
[  544.125949][T19335] ------------------------------------------------------
[  544.132976][T19335] syz.2.5425/19335 is trying to acquire lock:
[  544.139052][T19335] ffff888061743480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_xattr_set+0xe9e/0x1930
[  544.143570][T19366] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5431'.
[  544.151286][T19335] 
[  544.151286][T19335] but task is already holding lock:
[  544.151302][T19335] ffff88807fc486f8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x633/0x1930
[  544.151391][T19335] 
[  544.151391][T19335] which lock already depends on the new lock.
[  544.151391][T19335] 
[  544.151402][T19335] 
[  544.151402][T19335] the existing dependency chain (in reverse order) is:
[  544.151412][T19335] 
[  544.151412][T19335] -> #2 (&oi->ip_xattr_sem){++++}-{3:3}:
[  544.151457][T19335]        lock_acquire+0x1ed/0x550
[  544.151495][T19335]        down_read+0xb1/0xa40
[  544.151534][T19335]        ocfs2_init_acl+0x397/0x930
[  544.151560][T19335]        ocfs2_mknod+0x1c05/0x2b40
[  544.151600][T19335]        ocfs2_create+0x1ab/0x480
[  544.151638][T19335]        path_openat+0x1c05/0x3590
[  544.151669][T19335]        do_filp_open+0x235/0x490
[  544.151700][T19335]        do_sys_openat2+0x13e/0x1d0
[  544.151726][T19335]        __x64_sys_creat+0x123/0x170
[  544.151754][T19335]        do_syscall_64+0xf3/0x230
[  544.151790][T19335]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.151823][T19335] 
[  544.151823][T19335] -> #1 (jbd2_handle){++++}-{0:0}:
[  544.268863][T19335]        lock_acquire+0x1ed/0x550
[  544.273923][T19335]        jbd2_journal_lock_updates+0xaa/0x380
[  544.280011][T19335]        __ocfs2_flush_truncate_log+0x2ea/0x1250
[  544.286352][T19335]        ocfs2_flush_truncate_log+0x4f/0x70
[  544.292257][T19335]        ocfs2_sync_fs+0x125/0x390
[  544.297386][T19335]        sync_filesystem+0x1ca/0x230
[  544.303211][T19335]        generic_shutdown_super+0x72/0x2d0
[  544.309032][T19335]        kill_block_super+0x44/0x90
[  544.314249][T19335]        deactivate_locked_super+0xc6/0x130
[  544.320153][T19335]        cleanup_mnt+0x41f/0x4b0
[  544.325100][T19335]        task_work_run+0x251/0x310
[  544.330216][T19335]        syscall_exit_to_user_mode+0x168/0x370
[  544.336386][T19335]        do_syscall_64+0x100/0x230
[  544.341512][T19335]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.347941][T19335] 
[  544.347941][T19335] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}:
[  544.358488][T19335]        validate_chain+0x18ef/0x5920
[  544.363869][T19335]        __lock_acquire+0x1384/0x2050
[  544.369383][T19335]        lock_acquire+0x1ed/0x550
[  544.374426][T19335]        down_write+0x99/0x220
[  544.379217][T19335]        ocfs2_xattr_set+0xe9e/0x1930
[  544.384601][T19335]        __vfs_setxattr+0x46a/0x4a0
[  544.389812][T19335]        __vfs_setxattr_noperm+0x12e/0x660
[  544.395639][T19335]        vfs_setxattr+0x221/0x430
[  544.400678][T19335]        path_setxattr+0x37e/0x4d0
[  544.405796][T19335]        __x64_sys_setxattr+0xbb/0xd0
[  544.411184][T19335]        do_syscall_64+0xf3/0x230
[  544.416310][T19335]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.422736][T19335] 
[  544.422736][T19335] other info that might help us debug this:
[  544.422736][T19335] 
[  544.432967][T19335] Chain exists of:
[  544.432967][T19335]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2 --> jbd2_handle --> &oi->ip_xattr_sem
[  544.432967][T19335] 
[  544.448743][T19335]  Possible unsafe locking scenario:
[  544.448743][T19335] 
[  544.456194][T19335]        CPU0                    CPU1
[  544.461556][T19335]        ----                    ----
[  544.466919][T19335]   lock(&oi->ip_xattr_sem);
[  544.471523][T19335]                                lock(jbd2_handle);
[  544.478122][T19335]                                lock(&oi->ip_xattr_sem);
[  544.485239][T19335]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2);
[  544.492544][T19335] 
[  544.492544][T19335]  *** DEADLOCK ***
[  544.492544][T19335] 
[  544.500683][T19335] 3 locks held by syz.2.5425/19335:
[  544.505877][T19335]  #0: ffff88802f3ac420 (sb_writers#19){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[  544.515259][T19335]  #1: ffff88807fc489c0 (&sb->s_type->i_mutex_key#28){+.+.}-{3:3}, at: vfs_setxattr+0x1e1/0x430
[  544.525858][T19335]  #2: ffff88807fc486f8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x633/0x1930
[  544.535830][T19335] 
[  544.535830][T19335] stack backtrace:
[  544.541719][T19335] CPU: 1 UID: 0 PID: 19335 Comm: syz.2.5425 Not tainted 6.11.0-syzkaller-04003-gfc1dc0d50780 #0
[  544.552230][T19335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  544.562295][T19335] Call Trace:
[  544.565579][T19335]  <TASK>
[  544.568523][T19335]  dump_stack_lvl+0x241/0x360
[  544.573346][T19335]  ? __pfx_dump_stack_lvl+0x10/0x10
[  544.578591][T19335]  ? __pfx__printk+0x10/0x10
[  544.583213][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.588890][T19335]  print_circular_bug+0x13a/0x1b0
[  544.593953][T19335]  check_noncircular+0x36a/0x4a0
[  544.598918][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.604590][T19335]  ? __pfx_check_noncircular+0x10/0x10
[  544.610075][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.615753][T19335]  ? lockdep_lock+0x123/0x2b0
[  544.620470][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.626137][T19335]  ? deref_stack_reg+0x17c/0x210
[  544.631198][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.636887][T19335]  validate_chain+0x18ef/0x5920
[  544.641792][T19335]  ? __pfx_validate_chain+0x10/0x10
[  544.647272][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.652932][T19335]  ? stack_trace_save+0x118/0x1d0
[  544.657978][T19335]  ? __pfx_lock_acquire+0x10/0x10
[  544.663027][T19335]  ? __pfx_stack_trace_save+0x10/0x10
[  544.668429][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.674089][T19335]  ? look_up_lock_class+0x77/0x170
[  544.679222][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.684879][T19335]  ? register_lock_class+0x102/0x980
[  544.690199][T19335]  ? __pfx_register_lock_class+0x10/0x10
[  544.695863][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.701562][T19335]  ? mark_lock+0x9a/0x360
[  544.705941][T19335]  __lock_acquire+0x1384/0x2050
[  544.710837][T19335]  lock_acquire+0x1ed/0x550
[  544.715366][T19335]  ? ocfs2_xattr_set+0xe9e/0x1930
[  544.720421][T19335]  ? __pfx_lock_acquire+0x10/0x10
[  544.725471][T19335]  ? do_raw_spin_unlock+0x13c/0x8b0
[  544.730686][T19335]  ? __pfx___might_resched+0x10/0x10
[  544.735991][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.741650][T19335]  ? _raw_spin_unlock+0x28/0x50
[  544.746515][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.752257][T19335]  ? ocfs2_inode_lock_tracker+0x45a/0x760
[  544.757986][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.763852][T19335]  ? ocfs2_xattr_block_find+0x17e/0x540
[  544.769510][T19335]  down_write+0x99/0x220
[  544.773782][T19335]  ? ocfs2_xattr_set+0xe9e/0x1930
[  544.778827][T19335]  ? __pfx_down_write+0x10/0x10
[  544.783704][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.789366][T19335]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  544.794940][T19335]  ocfs2_xattr_set+0xe9e/0x1930
[  544.799818][T19335]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  544.805118][T19335]  ? __lock_acquire+0x1384/0x2050
[  544.810172][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.815922][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.821580][T19335]  ? ocfs2_inode_unlock_tracker+0x23e/0x2b0
[  544.827500][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.833156][T19335]  ? do_raw_spin_unlock+0x13c/0x8b0
[  544.838380][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.844038][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.849693][T19335]  ? posix_xattr_acl+0xa9/0xd0
[  544.854475][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.860132][T19335]  ? evm_protect_xattr+0x4be/0xb30
[  544.865262][T19335]  ? __pfx_ocfs2_permission+0x10/0x10
[  544.870664][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.876316][T19335]  ? ocfs2_xattr_user_set+0xae/0x100
[  544.881626][T19335]  ? __pfx_ocfs2_xattr_user_set+0x10/0x10
[  544.887375][T19335]  __vfs_setxattr+0x46a/0x4a0
[  544.892083][T19335]  __vfs_setxattr_noperm+0x12e/0x660
[  544.897479][T19335]  vfs_setxattr+0x221/0x430
[  544.902008][T19335]  ? __pfx_vfs_setxattr+0x10/0x10
[  544.907077][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.912757][T19335]  path_setxattr+0x37e/0x4d0
[  544.917366][T19335]  ? __pfx_path_setxattr+0x10/0x10
[  544.922483][T19335]  ? do_futex+0x33b/0x560
[  544.926845][T19335]  ? srso_alias_return_thunk+0x5/0xfbef5
[  544.932509][T19335]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  544.938509][T19335]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  544.944854][T19335]  ? do_syscall_64+0x100/0x230
[  544.949636][T19335]  __x64_sys_setxattr+0xbb/0xd0
[  544.954509][T19335]  do_syscall_64+0xf3/0x230
[  544.959033][T19335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.964946][T19335] RIP: 0033:0x7f0583f7def9
[  544.969370][T19335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.989069][T19335] RSP: 002b:00007f0584ca2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  544.997497][T19335] RAX: ffffffffffffffda RBX: 00007f0584135f80 RCX: 00007f0583f7def9
[  545.005480][T19335] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000080
[  545.013545][T19335] RBP: 00007f0583ff0b76 R08: 0000000000000000 R09: 0000000000000000
[  545.021801][T19335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  545.029793][T19335] R13: 0000000000000000 R14: 00007f0584135f80 R15: 00007ffc6a314598
[  545.037893][T19335]  </TASK>
[  545.108514][ T5224] ocfs2: Unmounting device (7,2) on (node local)
[  545.357098][T19373] loop5: detected capacity change from 0 to 32768
[  545.365060][T19373] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5442 (19373)
[  545.385073][T19373] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  545.395823][T19373] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[  545.404408][T19373] BTRFS info (device loop5): using free-space-tree
[  545.465493][T17675] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  552.133592][  T933] IPVS: ovf: UDP 127.0.0.1:0 - no destination available