last executing test programs: 1m11.628690729s ago: executing program 1 (id=510): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r0, 0x0, r2, 0x0, 0x88000cc, 0x0) write$eventfd(r1, &(0x7f0000000240), 0xffffff14) 1m10.640734004s ago: executing program 1 (id=525): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 1m10.367946249s ago: executing program 1 (id=529): syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f00000002c0)='./file0\x00', 0x2000090, &(0x7f0000000280), 0x1, 0x1cd, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLAEyjcMhSdNBh+mIj0fWjMYSzklSmmJsbJkKZ898kF/HpnGE4dEK5o11nnmNdYWpU/PS2JKqsqqy5k2cuHFmY2dj48qJdVFpfqsYW1JcNjV1MjI5bFET2MxsqD7JRnvCu/ZVD5McWHs8/JpPGSu9TmW+ZLywSOrUiqqZE74ozWY0/M5wh6dshYSGhpPEFQmLBhOGI3W2Da4gJ6Y0MKQphDEmqbGJtW05MyeEmZ/NbYFCS/IJptCjHEtnSlgcEKo6+dNS861DotuMbU8d2M7wHD7Os6agT9DouASD00LB/zIgYxIaGso01jIttV3wpUjjr4TXamOnDAZ3e6ZlsABlaQCRK6E8WbCehOQVHjqamkYpyQkNmyQSktwKDJUZtu7hXC3QwIAUbSoMDAzbGWFxCwHXYIxRMApGwSgYBaNgFIyCUTAKRsEoGAUjAgACAAD//8dJlv8=") r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x18, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x30]}, @NL80211_TXRATE_HT={0x6, 0x2, [{}]}]}]}]}, 0x34}}, 0x0) 1m10.057156733s ago: executing program 1 (id=533): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES64=0x0], 0x5, 0x6235, &(0x7f00000004c0)="$eJzs3ctvHVcdB/DfffoRmkZdVCVCyG3Do5TmWUKgQJsFLNiwQN2iRKlbRaSAkoDSKiKuvGHBHwFCYokQS1b8AV2wZccfQKQECdRVpxr7HHs8vfZ16vrOtc/nIzkzv3tmfM/4e+c+MjP3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQP/7RTy/0IuLab9INpyK+EIOIfsRSXa9ExNLKqbz8MCKei43meDYiRgsR9fob/zwd8WpEfHgy3RaxdnGf/fjhX//1p5+d+Mk//zI69/+/3R28ttty9+79/n9/f3CQLQYAAIDyVFVV9dLH/NPp832/604BADORX/+rJN+uVqvVarX6+NVN1WQPmkVErDXXqd8zOBwPAEfMWnzUdRfokPyLNoyIE113Aphrva47wKF49Pj+jV7Kt9d8PVjZbM/nguzIf623sV5ef9J0mvY5JrN6fK3HIJ7ZpT9LM+rDPMn599v5X9tsH6flDjv/Wdkt//HmpU/FyfkP2vm3HJ/8+xPzL1XOf/hE+Q/kDwAAAAAAcyz///+pjo//Lhx8U/Zlr+O/KzPqAwAAAAAAAAB83g46/t+W1vh/+TwA4/8BAABA9+rP6rU/nNy+bbfvYqtvf7MX8VRreaAsvXSxzHLXHQEAAAAAAAAAAACAkgwjlhsDnz+1vFxVVf3T1K6f1EHXP+pK334oWZdP8AAAsO3Dk61r+XsRixHxZvquv9Hy8nJVLS4tV8vV0kJ+PzteWKyWGp9r87S+bWG8jzfEw3FV/7LFxnpN0z4vT2tv/776vsbVYB8dm40OAweAiNh8NXrkFemYqaqno+t3ORwN9v/jx/7PfnT9OAUAAAAOX1VVVS8N83c6HfPvd90pAGAm8ut/+7iAWq1Wq9Xq41c3VZM9aBYRsdZcp37PYDh+ADhi1uKjrrtAh+RftGFEPNd1J4C51uu6AxyKR4/v3+ilfHvN14M0vns+F2RH/mu9jfXy+pOm07TPMZnV42s9BvHMLv15dkZ9mCc5/347/2ub7eO03GHnPyu75V9v56kO+tO1R4+vDutsB+38W45P/v2J+Zcq7//DJ8p/IH8AAAAAAJhj+f//T83V8d/xZ92cqfY6/ruyj/V9NwIAAAAAAAAA8+jR4/s38nWv+fj/lyYs5/rP4ynn35N/kXL+/Vb+X28tN2jMP7y6nf9/H9+/8ee7//linu43/4U800uPrF56RPTSPfWGaXqQrfu09dFgXN/TqNcfDNM5P9Xo7bgZt2I1zu9Ytp/+HtvtF3a01z0dbbRXg832izvah1vtef1LO9pH6Uynaim3n40b8cu4FW9ttNdtC1O2f3FKezWlPec/sP8XKec/bPzU+S+n9l5rWnv4Qf9T+31zOul+3rj55d+dP/zNmWo9Blvb1lRv3wsd9Gfjb3JiHL++s3r77L3rd+/evhBpsuPWi5Emn7Oc/yj9bD3/v7jZnp/3m/vrww/GT5z/vFiP4a75v9iYr7f3pRn3rQs5/3H6yfm/ldon7/9HOf/d9/+XO+gPAAAAAAAAAAAAAAAA7KWqqo1LRN+IiMvp+h/fcQ8AZciv/1WSb59VPZjx/anVR7zuzVl/Zlp/XM1Xf9Tqo1g3VZO93iwi4h/Nder3DL+d9MsAgHn2cUT8u+tO0Bn5Fyx/3189PdN1Z4CZuvPe+z+/fuvW6u07XfcEAAAAAAAAAPis8vifK43xn89UVfWgtdyO8V+vxspBx/8c5pmtAUZ3Gah68OTbtJf1/njQbww3/nzsNv73aGtur/G/h1PubzSlfTylfWFK++KU9okXejTk/J9vjHd+JiJOt4ZfP9Ljv1bbf8W9xn9tj3lfgpz/C43Hc53/11rLNfOv/njE8m9Yj/6O/M/dffdX5+689/4rN9+9/s7qO6u/uHThwvlLly9fuXLl3Ns3b62e3/y3wx4frpx/HvvaeaBlyfnnzOVflpz/V1It/7Lk/L+aavmXJeef3+/Jvyw5//zZR/5lyfm/lGr5lyXn/41Uy78sOf+XUy3/suT8v5lq+Zcl5/9KquVflpz/2VTLvyw5/3Op3mf+S4fdL2Yj55+PcNn/y5Lzz2c2yL8sOf+LqZZ/WXL+l1It/7Lk/F9NtfzLkvP/VqrlX5ac/+VUy78sOf9vp1r+Zcn5X0m1/MuS8/9OquVflpz/d1Mt/7Lk/F9LtfzLkvP/XqrlX5ac//dTLf+y5Px/kGr5lyXn/3qq5V+W7e//N2PmKM4sRcQcdOPYzXT9zAQAAAAAAAAAAAAAtM3idOKutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27jXGjrO8A/js1WuHJAZC6qSGbBwTQuJk13biC22KCdeGWwmEQi/YrndtFnzDa5dAI9koUCJhVFTRNnxoCwi1+VIRVXygFaB8QK0qVYL2A/2CqCqhKqoCCkhItIJsdWbe991zzp7L7vp4M2fm95Pix3vOzJl35rwzu886/zMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAs1tfP//pkSzLGv/lf2zNshc1/r55emv+2Gte6BECAAAAV+qX+Z/PXZ8eOLSKlZqW+edXfOdrS0tLS9n7xv5s4vNLS+mJ6Syb2JRl+XPRU//1/pHmZYLHsqmR0aavR/tsfqzP8+N9np/o8/xkn+c39Xl+qs/zKw7ACpuL38fkL7Yz/+vW4pBmN2QT+XM7O6z12Mim0dH4u5zcSL7O0sTxbCE7mc1nsy3LF8uO5Mt/49bGtt6SxW2NNm1re2OG/OTRY3EMI+EY72zZ1vJrRj96XTb90588euxvzj97U6fa9zC0vF4xzjt2NMb5yfBIMdaRbFM6JnGco03j3N7hPRlrGedIvl7j7+3jfG6V4xxbHuaGan/Pp7LR/O/fzY/TePOv9dJx2h4e+/ltWZZdWh52+zIrtpWNZltaHhldfn+mihnZeI3GVHpJNr6meXrrKuZpo87tbJ2n7edEfP9vDeuNdxlD89v0o09MNr3vv1hazzyNGnvd7Vxpn4ODPlfKMgfjvPhuvtOPd5yDO8P+P3p79znYce50mINpv5vm4I5+c3B0ciwfc3oTRvJ1lufg7pblx/ItjeT1mdt7z8GZ86fOzix+7ON3L5w6emL+xPzpvbt3z+7dt+/AgQMzxxdOzs8Wf67zaJfflmw0nQM7wrGL58Cr2pZtnqpLX5pccf1d73k41eM83Nq27KDPw/H2nRvZmBNy5Zwuzo33NA761OXRrMs5lr8/d175eZj2u+k8HG86Dzt+T+lwHo6v4jxsLHP2ztX9zDLe9F+nMXT/XnBlc3Br0xxs/3mkfQ4O+ueRsszBqTAvvn9n9+8F28N4H9+11p9HxlbMwbS74drTeCT9vD91IC+d5uXNjSeumcwuLM6fu+eRo+fPn9udhbIhXto0V9rn65amfcpWzNfRNc/XQwuvePzmDo9vDcdq6u7GH1Nd36vGMvfe0/u9yr+7dT6eLY/uyUIZsI0+np2+mzeO52SWfeHbn3jom49+4fVdj2ej3/zkzJX/LJ760qbr70SX62/s+58vtpde6rGxifHi/B1LR2ei5Xrc+laN59eukXzbz82s7no8Ef7b6OvxDT2ux9valh309Xiifefi9Xik3287rkz7+zkV5snJ2d7X48Yy2/asdU6O97we3xbqSDj+rw6dQuqLmuZOt3mbtjU+PhH2azxuoXWe7m1ZfiL0Zo1tPblnffP0jtuK1xpLe7dso+bpdNuyg56n6Xdf3ebpSL/fvq1P+/s5FebFDXt7z9PGMk/fe+XXzs3xr03Xzsl+c3BibLIx5ok0CfPrfba0Oc7Be7Jj2ZnsZDaXPzuZz6eRfFu77lvdHJwM/230tXJbjzl4R9uyg56D6ftYt7k3Mr5y5weg/f2cCvPiift6z8HGMm/YP9ifXe8Ij6Rlmn52bf/9Wrffed3cdpiu1lwZD+P89v7ev5ttLHPywFr7zN7H6a7wyDUdjlP7+dvtnJrLVnucRq74nGqM89kD3Y9TYzyNZT5/cJXz6VCWZRc/8kD++97w7yt/f+F7X2v5d5dO/6Zz8SMP/Pja4/+0lvEDMPyeL8qW4ntd079Mrebf/wEAAIChEPv+0VAT/T8AAABURuz74/8Vnuj/AQAAoDJi3z8ealKT/n/bG55deP5ilpL5S0F8Ph2GB4vlYsZ1Nnw9vbSs8fgDX5n/2T9eXN22R7Ms+8WDf9Rx+W0PxnEVpsM4n3pj6+MrfO3uVW37yMMX03ab8+tfDK8f92e106BTBHc2y7JvXP/ZfDvT77+c16cfPJLXhy49/lhjmecOFl/H9Z95abH8X4bw76HjR1vWfyYchx+GOvvWzscjrvfVy6/evv+9y9uL643suC7f7Sc+ULxuiMhuyh4rlo/Hudv4v/mZJ7/aWOGRV3Ye/8XRzuN/MrzuV0L935cXyze/B42v43qfCuOP24vr3fPlb3Uaf/bUp4vlz76pWO5IqHH7d4Svd77p2YXm4/XIyNGW/creXCwXtz/7vT/Jn4+vF1+/ffxThy+3HI/2+fH0vxevM9O2fHw8bif6h7btN16neX7G7T/5x0dajnO/7T/10DMvb7xu+/bvalvu7EfuzLe//Hqtn9j0V5/6bMftxfEc+ruzLftz6F3hPA7bf+IDYT6G5//vqeL12j9d4ci7Wq8/cfkvbr3Ysj/RW35abP+p157I66apzVuuedG11126pXHssuy7m4rX67X9+BkQzeP/0o3F8YjjiBn99u13E7d/7qO7Tp9ZvLAwl47qo9fnn53ztmI8cbzXh2tr+9eHz5z/4Py56dnp2Sybru5H6K3bl0P9cVEurXX9Ox8O7+fNf/GNLbf/22fi4//xnuLxy28tvm+9Kiz3ufD41vD+Xen2n7j1xvz8Hnm6+Lolxz4A23f+z4FVLRj2v/3ngjjfz77sg/lxaDyXf9+I5/UVjv8Hc8XrfD0c16Xwycw7blzeXvPy8bMRLr+7ON+v+PiFy1x8X/82vN9v/2Hx+nFccX9/EH6O+da21utdnB9fvzja/vr5p3hcCteT7FLxfFwqHu/Lz93YcXjxc0iySzflX/9pep2b1rSb3Sx+bHHm5MLpC4/MnJ9fPD+z+LGPHz515sLp84fzz/I8/KF+6y9fn7bk16e5+X33ZvnV6kxRrrIXevxnHz42t3/29rn540cvHD//8Nn5cyeOLS4em59bvP3o8ePzH+23/sLc/bv3HNy7f8+uEwtz9x84eHDvwV0Lp880hlEMqo99sx/edfrc4XyVxfvvPbj7vvvund116szc/P37Z2d3Xei3fv69aVdj7T/cdW7+5NHzC6fmdy0ufHz+/t0H9+3b0/fTAE+dPb44PXPuwumxbHH+3EyxL9Pn84cb3/v6rU81Lf5n8fNsu5Hig/iyd961L30+a8NXPtH1pYpF2j5A9NnwWTT/8uKzB1bzdez7J0JNatL/AwAAQB3Evn8y1ET/DwAAAJUR+/5NoSb6fwAAAKiM2PdPhZrUpP+vXP5/28VVbV/+v2P+P/uc/L/8fx3y/+/un/9vOPHXZ362Mfn/4noh/z8Yg8n/Pxi+kv+X/5f/l/+X/19z/n/mgvw/Sdny/7Hv35xltez/AQAAoA5i378l1ET/DwAAAJUR+/5rQk30/wAAAFAZse9/UahJTfp/+X/5/3Lk///72jh2+f/l9eT/C/L/8v9r4f7/vcn/9yH/P5PVK/9/aZDjl/+X/2elsuX/Y99/bahJTfp/AAAAqIPY918XaqL/BwAAgMqIff/1oSb6fwAAAKiM2PdvDTWpSf8v/y//X478/zL5/+X15P8L8v/y/2sh/9+b/H8f8v/u/y//L//PQJUt/x/7/heHmtSk/wcAAIA6iH3/S0JN9P8AAABQPuPrWy32/S8NNVnR/69zAwAAAMALLvb9N2RtQfCa/Pu//L/8v/y//L/8f+ftrz7/P5bJ/5eH/H9v8v99yP9XLf8/nsn/y//zgipb/j/v+7Op7GWhJjXp/wEAAKAOYt9/Y6iJ/h8AAAAqI/b9vxJqov8HAACAyoh9/7ZQk5r0//L/Vzv/v1n+X/5f/j/Oy8rm/93/v0yGJf8/2eVx+X/5f/n/4R3/kOT/X/NQl/Xl/7kaypb/j33/TaEmNen/AQAAoA5i339zqIn+HwAAACoj9v2/Gmqi/wcAAIDKiH3/9lCTmvT/8v/u/y//L/8v/995+/L/w2lY8v/dyP/L/8v/D+/4hyT/35X8P1dD2fL/se9/eahJTfp/AAAAqIPY978i1ET/DwAAAJUR+/5bQk30/wAAAFAZse+fDjWpSf8v/y//L/8v/y//33n78v/DSf6/N/n/PuT/5f/l/+X/Gaiy5f9j339rqElN+n8AAACog9j37wg10f8DAABAZcS+/7ZQE/0/AAAAVEbs+3eGmtSk/5f/r27+P85m+X/5f/l/+f86kf/vTf6/D/l/+X/5f/l/Bqps+f/Y978y1KQm/T8AAADUQez7bw810f8DAABAZcS+/1WhJvp/AAAAqIzY998RalKT/l/+v7r5/+G6//8taezy/8vryf8X5P/l/9eicvn/TP4/k/9P5P/LPX75f/l/Vipb/j/2/a8ONalJ/w8AAAB1EPv+O0NN9P8AAABQGbHvvyvURP8PAAAAlRH7/l2hJjXp/+X/5f/Lkf9fJv+/vN7Vz//fdF/z42XJ/7fHvuT/5f/XonL5f/f/z8n/F8qS/+/0c08m/y//L/9PB2XL/8e+/+5Qk5r0/wAAAFAHse+/J9RE/w8AAACVEfv+mVAT/T8AAABURuz7Z0NNKtf/T3d8VP5f/l/+v875/3Xc//+W5dd1//98NOPy/+Ui/9+b/H8f8v/u//+C5/8n5P+plLLl/2PfvzvUpHL9PwAAANRX7Pv3hJro/wEAAKAyYt+/N9RE/w8AAACVEfv+e0NNatL/y//L/8v/y/+X7f7/w5X/d///spH/723w+f+4i/L/8v/y/+7/L//PSmXL/8e+/75Qk5r0/wAAAFAHse/fF2qi/wcAAIDKiH3//lAT/T8AAABURuz7D4Sa1KT/l/+X/5f/l/+X/++8ffn/4ST/35v7//ch/y//L/8v/89AlS3/H/v+g6EmNen/AQAAoA5i3/+aUBP9PwAAAFRG7Pt/LdRE/w8AAACVEfv+Xw81qUn/L/8v/y//L/8v/995+/L/w0n+vzf5/z7k/+X/5f/l/xmosuX/Y99/f6hJTfp/AAAAqIPY9/9GqIn+HwAAACoj9v2vDTXR/wMAAEBlxL7/UKhJTfp/+X/5f/l/+X/5/87bX1f+fyLrSv5/Y8j/99ac/9/ca0H5f/l/+X/5f/l/BqBs+f/Y978u1KQm/T8AAADUQez7Hwg10f8DAABAZcS+//WhJvp/AAAAqIzY978h1KQm/b/8v/y//L/8v/x/5+27//9wkv/vzf3/+5D/l/+X/5f/Z6DKlv+Pff8bQ01q0v8DAABAHcS+/02hJvp/AAAAqIzY97851ET/DwAAAJUR+/63hJrUpP+X/5f/l/+X/5f/77x9+f/hJP/f25ry//HiKv8v/y//L/8v/89qTK18qGz5/9j3/2b7gGvS/wMAAEAdxL7/wVAT/T8AAABURuz73xpqov8HAACAyoh9/9tCTWrS/8v/D0n+f1z+P5P/l/9v2x/5f/n/TuT/exuy+///8rrwuPx/Qf6/3OMfrvz/0qb29eX/uRrKlv+Pff/bQ01q0v8DAABAHcS+/x2hJvp/AAAAqIzY978z1ET/DwAAAJUR+/7fCjWpSf8v/98Yx3J6ubT5f/f/l/+X/5f/l/9fFfn/3oYs/+/+/23k/8s9/uHK/68k/8/VULb8f+z73xVqUpP+HwAAAOog9v0PhZro/wEAAKAyYt//7lAT/T8AAABURuz73xNqUpP+X/5/SO7/L/8v/y//L/8v/78q8v+9yf93lu6ELv8v/y//L//PQJUt/x/7/odDTWrS/wMAAEAdxL7/vaEm+n8AAACojNj3/3aoif4fAAAAKiP2/e8LNalJ/y//Pyz5/2n5f/l/+f+2/ZH/l//vRP6/N/n/PuT/5f/XO/5N8v/y/3RStvx/7PvfH2pSk/4fAAAA6iD2/b8TaqL/BwAAgKFxTZ/nY9//u6Em+n8AAACojNj3/16oSU36f/n/Ycn/u/9/Jv8v/9+2P/L/8v+dbFz+P1555P/l/+X/o1rn/7vd///n4U2V/5f/r6my5f9j3//7oSY16f8BAACgDmLf/4FQE/0/AAAADIVO/092u9j3Hw410f8DAABAZcS+/0ioSU36f/l/+X/5/5Lm//98x79+/zvvOLJb/l/+X/5/TTb0/v+Nk3/d9//f3PFR+X/5f/n/4R2/+//L/7NS2fL/se8/GmpSk/4fAAAA6iD2/X8QaqL/BwAAgMqIff+xUBP9PwAAAFRG7PvnQk1q0v/L/8v/y/+XNP8/xPf/j8dD/r/VwPL/8aIr/9/Rhub/37ucE3f//7Xm/yc7Pir/L/8/zOOX/5f/Z6Wy5f9j3z8falKT/h8AAADqIPT9o8eLuvyE/h8AAAAqI/b9J0JN9P8AAABQGbHv/2CoSU36f/l/+X/5f/l/9//vvP3S5v/d/78n+f8VNjd/UZ78f2fy//L/wzx++X/5f1YqW/4/9v0LoSY16f8BAACgDmLf/6FQE/0/AAAAVEbs+z8caqL/BwAAgMqIff/JUOtG/v+FzP8vdcz/N89C+X/5f/l/+X/5/7WR/+9N/r8P+X/5f/l/+X8Gqmz5/9j3nwo18e//wP+zdx9PktfnHcdn8RKm+AN88AWf/SdwgJMP9tnlg11lH+wqlw9gG+NsA84R5xxwziiAhFBCOYESEspCOWehjFQ1KtjneWanp/fX07PdO7/+Pq/X5bFXXnWDtsAfse/6AgAAw8jdf0vcYv8DAADAMHL33xq32P8AAAAwjNz9PxW3NNn/+n/v/6/Z/99+7a70/zfp/y/1+fr/y+7/ny7T9P/zpP+fpv9fQf+v/9f/6//ZqLn1/7n7fzpuabL/AQAAoIPc/T8Tt9j/AAAAMIzc/bfFLfY/AAAADCN3/8/GLU32/0L/f26vZ/+fGa/+3/v/+n/9v/f/d9yV7f/veuqvfPp//b/+P+j/9f/6fxbNrf/P3X973NJk/wMAAEAHuft/Lm6x/wEAAGAYuft/Pm6x/wEAAGAYuft/IW5psv+9/+/9/0v0/z+w5f5/f0//r//X/9efVf3/5nj/f1qn/v+2x66/5YkHvuvBdT5/W/3/+cN/f/3/Fp3199f/6/85bm79f+7+X4xbmux/AAAA6CB3/y/FLfY/AAAADCN3/y/HLfY/AAAADCN3/6/ELU32v/5f/+/9f/2//n/55+v/d5P+f1qn/v80n+/9f/2//l//z2bNrf/P3f+rcUuT/Q8AAAAd5O7/tbjF/gcAAIBh5O6/I26x/wEAAGAYufvvjFua7H/9v/5f/6//1/8v/3z9/27S/0/T/6+g/9f/r/H9F/7T1f/r/1libv1/7v674pYm+x8AAAA6yN3/63GL/Q8AAADDyN3/G3GL/Q8AAADDyN3/m3FLk/2v/9f/6//1//r/5Z+v/99N+v9p+v8V9P+X289f3an/X6T/1/9z3Jr9/5MTf9neSP+fu/+34pYm+x8AAAA6yN3/23GL/Q8AAADDyN3/O3GL/Q8AAADDyN3/u3FLk/2v/9f/6//1//r/5Z+v/99N+v9pF/f/i2+XH7Ht/v/c+aU/rP/f+f6/1fv/i/T/+n+Om9v7/7n7fy9uabL/AQAAoIPc/b8ft9j/AAAAMIzc/X8Qt9j/AAAAMIzc/X8YtzTZ/9vs/xcb3kX6f/3/YT9/bX13/f/hz9ud/v+aIz/eof9/8KLvp/+fF/3/NO//r6D/1//r//X/bNTc+v/c/X8UtzTZ/wAAANBB7v674xb7HwAAAIaRu/+P4xb7HwAAAIaRu/9P4pYm+395/3/4r3v//2T0/0e/v/f/l//62FT/n/+O2+7/n7LD7//f7P3/nvT/0/T/K+j/9f9n2P8fHFzp/v/o39dX9P/7qz5f/88yG+r/DzbV/+fu/9O4pcn+BwAAgA5y9/9Z3GL/AwAAwDBy9/953GL/AwAAwDBy9/9F3NJk/2/z/f9V9P/6f/3/KO//HzWT/n+r7//vXfH+/7z+/4T0/9P0/yvo//X/3v/3/j8btaH+f29T/X/u/r+MW5rsfwAAAOggd/9fxS32PwAAAOyGi3/vwOJvKA25+/86brH/AQAAYBi5+/8mbmmy//X/+n/9v/5f/7/88+fV/3v//6T0/9P0/yvo/7fRz58frP+/51I/fw79/x36f2bmSP//0OGPn1X/n7v/b+OWJvsfAAAAOsjd/3dxi/0PAAAAw8jd//dxi/0PAAAAw8jd/w9xS5P9v/X+f//Sn63/1//r//X/+n/9/6bp/6e17P/X+U9hnP7/u9f4oy5n/X7+5Trr7z+H/t/7/8zNkf7/ImfV/+fu/8e4pcn+BwAAgA5y9/9T3GL/AwAAwDBy998Tt9j/AAAAMIzc/f8ctzTZ/97/1//r//X/+v/ln6//3036/2kt+/91jNP/n8pZ9/O7/v31//p/jptb/5+7/1/ilib7HwAAADrI3f+vcYv9DwAAAMPI3f9vcYv9DwAAAMPI3f/vcUuT/a//327/nz+u/9f/7+n/T9L/36z/v/B9n9T/n1rb/v/csr8THXeJ/v+Rn7jz+4/+SJ/+/+ifOP2//l//r/9no2bR/x8c/n+Xufv/I25psv8BAACgg9z9/xm32P8AAAAwjNz9/xW32P8AAAAwjNz9/x23NNn/+n/v/+v/9f8z6v+9/1/f95z+/5Ta9v8n5P3/FfT/+n/9v/6fjZpF/3/R/567/3/ilib7HwAAADrI3f+/cYv9DwAAAMPI3f9/cYv9DwAAAMPI3f//cUuT/a//X9n/X3WSPxb9/9Hvr/9f/utD/6//P3n/7/3/09L/T9P/r6D/1//r//X/bNTc+v/c/ffGLU32PwAAAHSQu/8ZcYv9DwAAAMPI3f/MuMX+BwAAgGHk7n9W3NJk/+v/vf+v/9f/6/+Xf77+fzfp/6e16f+/d+Lz75v4Asv6/4Nr9f/6f/2//p9Tmlv/n7v/2XFLk/0PAAAAHeTuvy9usf8BAABgGLn7749b7H8AAAAYRu7+58QtTfa//l//r//X/+v/l3++/n836f+nten/vf9/Kmfdz+/699f/6/85bm79f+7+58YtTfY/AAAAdJC7/4G4xf4HAACAYeTuf17cYv8DAADAMHL3Pxi3NNn/+n/9v/5f/6//X/75+v/dtL3+f0//r//fmf5/f60/6ENn3c9frhN+/5u29f31//p/jptb/5+7//lxS5P9DwAAAB3k7n9B3GL/AwAAwDBy978wbrH/AQAAYBi5+18UtzTZ//p//b/+X/+v/1/++fr/3eT9/2n6/xUG6f9Pq0n/v7Xvr//X/3Pc3Pr/3P0vjlua7H8AAADoIHf/Q3GL/Q8AAADDyN3/krjF/gcAAIBh5O5/adzSZP+v6P8P/4To/yfp/49+f/3/8l8f+n/9/0L/f92e/n/j9P/T9P8r6P/H7P+v2huo/9+/5M/X/zNHc+v/c/e/LG5psv8BAACgg9z9L49b7H8AAAAYRu7+V8Qt9j8AAAAMI3f/K+OWJvvf+//6f/2//l//v/zzvf+/m/T/0/T/K+j/x+z/vf+v/+fMzK3/z93/qrilyf4HAACADnL3vzpusf8BAABgR6z+bXe5+18Tt9j/AAAAMIzc/a+NW5rsf/2//l//r//X/y//fP3/btL/T9P/r6D/1//r//X/bNTc+v/c/a+LW5rsfwAAAOggd//DcYv9DwAAAMPI3f9I3GL/AwAAwDBy978+bmmy//X/+n/9/272/9fp//X/+v+l5tL/33jj9z2q/9f/6//1//p//X93W+v/4yes2//n7n9D3NJk/wMAAEAHufvfGLfY/wAAADCM3P1vilvsfwAAABhG7v43xy1N9v/x/v/qvQuF6gXL+v9o1PT/F9H/H/3++v/lvz68/6//1/9v31z6f+//n+77N+z/n/5Liv5/M876+6/V/99w/Oc/3f/v7+n/Gcrc3v/P3f9o3NJk/wMAAEAHufvfErfY/wAAADCM3P1vjVvsfwAAABhG7v7H4pYm+9/7//p//b/+X/+//PP1/7tJ/z9N/7+C9//1/97/v/XHvuOK9P8Hi3+/Z0xz6/9z978tbmmy/wEAAKCD3P1vj1uW7/9l/5gXAAAAmLnc/e+IW/zzfwAAABhG7v53xi1N9r/+X/8/1/5/f0//r/+/QP+v/1+H/n+a/n8F/f82+vlrNvLlTkD/7/1/5mdu/X/u/nfFLU32PwAAAHSQu//dcYv9DwAAAMPI3f+euMX+BwAAgGHk7n9v3NJk/+v/9f9z7f8vvP//I+v3/zcs9v8/qv9f+Hz9v/5/ZPr//Dv6cvr/FfT/3v/X/+v/2ai59f+5+x+PW5rsfwAAAOggd//74hb7HwAAAIaRu//9cYv9DwAAAMPI3f+BuKXJ/tf/9+r/z+3tWv/v/X/9v/5f/78e/f80/f8K+n/9v/5f/89Gza3/z93/wbilyf4HAACAXfWD3/OTj5/0/zZ3/4fiFvsfAAAAhpG7/8Nxi/0PAAAAw8jd/5G4pcn+1//36v937/1//b/+X/+v/1+P/n/aKfr/IwG7/l//P0X/r//X/7Nobv1/7v6Pxi0XDb/za/9RAgAAAHOSu/9jcUuTf/4PAAAAHeTu/3jccmz/H5zwd7UDAAAAc5O7/xNxS5N//q//n3n/v6f/1//r//X/+v916P+nXeb7/wfn9P/6/wn6f/2//p9Fc+v/c/d/Mm5psv8BAABgUEf+G4Xc/Z+KW+x/AAAAGEbu/k/HLfY/AAAADCN3/2filib7X/8/8/7/VO//79f/pP9v3v/ffd3Sz9f/6/9Hpv+fdpn9v/f/9f+T9P+r+/8fnnhYXP/PiObW/+fu/2zc0mT/AwAAQAe5+z8Xt9j/AAAAMIzc/Z+PW+x/AAAAGEbu/i/ELU32v/5/xP7f+//6/+nPH6f//87r73z4h378/nv1/xy6kv1//lrQ/+v/9f8X6P+9/6//Z9Hc+v/c/V+MW5rsfwAAAOggd/8TcYv9DwAAAMPI3f+luMX+BwAAgGHk7v9y3NJk/+v/9f/6/13s/7Mp7t7/e/9f/3+c9/+n6f9X0P/r//X/+n82am79f+7+r8QtTfY/AAAAdJC7/6txi/0PAAAAw8jd/7W4xf4HAACA3XF++l/O3f/1uKXJ/tf/6//1/3Pt/895/z/o//X/69D/T9P/r6D/1//r//X/bNTc+v/c/d+IW5rsfwAAAOggd/+TcYv9DwAAAMPI3f/NuMX+BwAAgGHk7v9W3NJk/+v/9f/6/7n2/1Pv/+v/9/T/+v9L0P9P0/+voP/X/+v/9f9s1Nz6/9z93w4AAP//hb1f0g==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000200)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)=ANY=[]) 1m9.201785506s ago: executing program 1 (id=544): mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x400, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x11a}, 0x20) 1m7.775613538s ago: executing program 1 (id=553): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x7, 0x5) write$binfmt_misc(r2, &(0x7f0000000400)='u', 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f00000002c0)='h', 0x1}], 0x1) 1m7.546511632s ago: executing program 32 (id=553): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x7, 0x5) write$binfmt_misc(r2, &(0x7f0000000400)='u', 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f00000002c0)='h', 0x1}], 0x1) 4.749460547s ago: executing program 3 (id=846): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd606410a600000001ff02"], 0x0) 4.649977169s ago: executing program 3 (id=848): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002300)={&(0x7f0000001040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x4, [@enum={0x2, 0x1, 0x0, 0x6, 0x4, [{0x2}]}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 4.56647516s ago: executing program 3 (id=849): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x7fffffffffffffff]}, 0x8, 0x0) read$hiddev(r1, &(0x7f0000000080)=""/155, 0x9b) 4.488103711s ago: executing program 3 (id=850): syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x8040, 0x0) 3.749618402s ago: executing program 4 (id=855): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)=ANY=[@ANYBLOB="940000000001010400000000000000000a0000003c0001802c00018014000300000000000000000000000000000000001400040000000000000000000000ffffac1e00010c00028005000100000000003c0002802c000180140003000000000000000000000000000000000114000400fe8000000000000000000003dfdee0aa0c0002800500010000000000080007"], 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x2, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 3.364997089s ago: executing program 3 (id=857): r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000ac0), 0x1, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000073000040"]) 3.364048599s ago: executing program 4 (id=864): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x114}], 0x1}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x18) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000500)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x17, 0x20, 0x3, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x2, 0x0, 0x0, @void}}}}}}}, 0x0) 2.486062232s ago: executing program 0 (id=867): syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000180)='./file2\x00', 0x4a0c, &(0x7f0000003240)=ANY=[], 0xe, 0x36d, &(0x7f0000001480)="$eJzs3U1rK1UYwPEnad4vt8lCFAXpwbvRzdDm+gEMci8IAUvbiK0gTNuJhoxJyYRqRGy70qW4dyW4KN0puChov0A37nQjgrtuBBdWUEfmLZlMJiWNqdH2/4NLTs45z+ScnBN4JreTuXj9k3eadUur611J5pQkREQuRUqSlEDCf0y65YyEHcoL9379/tn1zVrOq1CPKxsPy0qpxaVv3v0g73c7zcp56c2LX8o/nz95/vTFXxtvNyzVsFSr3VW62m7/2NW3s4babVhNTalV09AtQzValtHx2r/0j2O29/Z6Sm/t3i/sdQzzoUirp5pGT3XbqtvpKf0tvdHKCiZTO15b0ytTBu/MeDC4IZ1ORV8QkfxIS+14LgMCAABzFc3/k05KP03+vyWL1eqjNeV0HuT/J8+dde+99tWin/+fZuLy/xd/8I41lP87pxOD/L/d1bdNQ9WH83/LUno0//9MWkrTNHW/MMHsRzOiu2Xq/L90A4PBdJYyI1WJoWdO/l/wP7+uozdOlt0C+T8AAAAAAAAAAAAAAAAAAAAAAP8Hl7ZdtG27GDwG/waXEPjPcSuNW/+siOSc1bdZ/9tsfXNLcu6Fe84amx/t1/Zr3qPf4UxETDH+tKOcvRFceaQcJfnWPPDjD/ZrC25LpS4NJ15W5GMpufspFG/bj1+pPlpRHj++f5lSIRxflqI8EY7/2t2dTnx5ON5//Yw8/yAUr0lRvtuRtpiy60YOXv/DFaVefrUaic+7/UTkp399UQAAAAAAmDFN9cWev2vauHbvV0YqdfdrIkOWpSh/xJ/fL8een6eKz6TmPXsAAAAAAO4Gq/d+U5ek0XELphlXyMvYphkUUkM1aRGJ7ZyJ1KSvOvJCaIaTjicj3h1M/um8Pg/e1etEBX9I4Qy83+TfUUWmG08wf7cmkeo3/X7deSUOxd0Ah+GmpEwQnooOfsmpULGdH4w9zpE/kX5N8LVRZsz7LKujx0lesRPSIzV2YroN8NSnX/w2s8/FYAu/F9snEV6CI9OwD2SSRYkUnE022pT2X9n7Ig8AAADArTBI+oOal8LN4RuJhG+Ww//cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwQzfyk36RwrznCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPxX/B0AAP//Uv/z2g==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x105042, 0x63) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000b, 0x13, r0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xbcb5, 0x4000, 0x5, 0x1000}, 0x0, 0x0) write$cgroup_subtree(r0, 0x0, 0x32600) 2.392694824s ago: executing program 4 (id=868): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000001800)=0x200, 0x4) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 2.251142255s ago: executing program 4 (id=869): unshare(0x2a020480) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan0\x00') r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40}) lseek(r0, 0x8, 0x2) 2.069725488s ago: executing program 4 (id=871): r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000000180)={[{@clear_cache}, {@user_subvol_rm}, {@compress_force_algo={'compress-force', 0x3d, 'zlib'}}, {@ssd}, {@autodefrag}, {@autodefrag}, {@max_inline={'max_inline', 0x3d, [0x7, 0x32, 0x37, 0x2d, 0x32, 0x36, 0x32, 0x2d, 0x2d, 0x37]}}, {@space_cache}]}, 0x0, 0x559e, &(0x7f00000103c0)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x300, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xd0, 0x118, 0x0, {}, [@common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x360) ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000580)={0x1}) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000040)={0x0, {0x2b, 0x0, 0x56, 0x0, 0x40}}) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0/file0\x00', 0x42, 0x0) 2.069106438s ago: executing program 0 (id=879): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0x2, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71017000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 1.93806781s ago: executing program 0 (id=873): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) mprotect(&(0x7f00004a4000/0x800000)=nil, 0x800000, 0x0) 1.412849869s ago: executing program 0 (id=874): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0xff, "d4e9002b2c000000ff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x6) ioctl$TCFLSH(r1, 0x540b, 0x2) 1.32398171s ago: executing program 3 (id=875): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f00000000c0)={0x2, 0xffffffff, 0x4, 0x0, 0x70, 0x4}) 1.279465171s ago: executing program 2 (id=876): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) ioprio_set$pid(0x2, 0x0, 0x4007) 1.199409762s ago: executing program 0 (id=877): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x20108c0, &(0x7f0000007300)=ANY=[@ANYBLOB="646973636172642c696f636861727365743d63703835352c6572726f72733d72656d6f756e742d726f2c696e746567726974792c6e6f646973636172642c646973636172643d3078303030303030303030303030303030382c6572726f72733d636f6e74696e7565006969736f383835392d342c756d61736b3d3078303030303030303030303030303038312c696f6368617257fd743d6d6163677265656b2c71756f74612c6572726f1729def7e35bcb756e742d726f2c726573697a653d3078303030303030303030181829303030303030312c756d61736b3d3078303030303030303030303032303034352c66736d616769633d307830dcb1c47cb87a74ac1a3030303030303030303030303030392c646566636f6e746578743d726f6f742c66736e616d653d757d407d587d5b2d292b2c000d1c13f7c892c8615d265c6376539175380511bac765713e83a65e4fdf011c705fc6838005120385ac61b970f45d1492a0612eb8000000000000808fc76f91b7b9a5ce77887858ea333961d1ef1e4eabd4c84e81dbf575c47e9b8eea9d6806fa159e0525146f6312b4931cffed0000", @ANYRES16=0x0, @ANYRES32, @ANYRES8, @ANYBLOB="34dd0f00135ea23c22845cc5474e7cd7e7ab01d33c4486b62e3b4f9822364f30c24779205bbd653e2b0e7bbbcba1e3dc78833fbb91474ba644d13b9a3bfddc66bfc8ba12f680d556b1b4d4a1ec5b55eeedc8454a11312f3025c08220a36ab6d8100e6a0836f341eb18f984b2a7feaef926859b77e733f9bb7220a2460746c81448ccc7a901e32427b8cc656a1b8a1c52fac1524d3a90fc424c1300000000aa1ea205ddd2b967de4068647f1a5fade5146a344fd31daeeaeede8f61b1066ca3a10599230edf07182401e51b"], 0xfe, 0x6178, &(0x7f000000ca40)="$eJzs3c1vHGcdB/DfvvqltLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDT288TjzW7t1PHO2s/nIzkzv3lmvM/4u7Mv2Zl9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI73/vByudiLj287RgKeIz0YvoRizU9XJELCwv5fX7EfFc7DTHsxExmIuot9/55+mIVyPio6citrbXV+vFFw/Zj+/+8e+/++ETb/3tD4Pz//3Tnd5rk9a7e/dX//nzvaPtMwAAAJSmqqqqk97mn0nv77ttdwoAmIr8/F8lefmpr3/9z7f+Mkv9UavVarV6CnVTNd69ZhERG81t6tcMPo4HgBNmIz5uuwu0SP5F60fEE213AphpnbY7wLHY2l5f7aR8O83ng+Xd9nwuyL78NzoPru+YND3I6Dkm07p/bUYvnpnQn4Up9WGW5Py7o/lf220fpvWOO/9pmZT/cPfSp+Lk/Huj+Y84Pfl3x+Zfqpx//5Hy78kfAAAAAABmWP7//6WWP/+dO/quHMonff67PKU+AAAAAAAAAMDjdtTx/x4w/h8AAADMrPq9eu03T+0tm/RdbPXyq52IJ0fWBwqTLpZZbLsfAAAAAAAAAAAAAFCS/u45vFc7EYOIeHJxsaqq+qdptH5UR93+pCt9/6FkbT/IAwDAro+eGrmWvxMxHxFXo7vzXX+DxcXFqppfWKwWq4W5/Hp2ODdfLTTe1+ZpvWxueIgXxP1hVf+y+cZ2TQe9Xz6offT31bc1rHqH6NhjMkh/zQnNLYUNAMnus9GWZ6RTpqqenvTiA/Zx/J9CS7HU9v2K2df23RQAAAA4flVVVZ30dd5n0vh+3bY7BQBMRX7+H/1c4Eh1d0J7xOP5/Wq1Wq1Wqz9V3VSNd69ZRMRGc5v6NYPh+AHghNmIj9vuAi2Sf9H6EfFc250AZlqn7Q5wLLa211c7Kd9O8/kgje+ezwXZl/9GZ2e7vP246UFGzzGZ1v1rM3rxzIT+PDulPsySnH93NP9ru+3DtN5x5z8tk/If7lwyV56cf280/xGnJ//u2PxLlfPvP1L+PfkDAAAAAMAMy///v+Tz37zLAAAAAAAAAHDibG2vr+brXvPn/58bs57rP0+nnH/nUfNfSPPyP9Fy/t2R/L88sl6vMX//zb3j/9/b66u/v/Ovz+bpYfOfyzOddM/qpHtEJ91Sp5+mR9m7h20OesP6lgadbq+fzvmpBu/EjbgZa3Fh37rd9PfYa1/Z1173dLCv/eK+9v5D7Zf2tQ/S9w5UC7n9XKzGT+JmvL3TXrfNHbD/8we0Vwe05/x7Hv+LlPPvN37q/BdTe2dkWrv/Yfeh4745HXc7b9z4/C8vHP/uHGgzeg/2ranev7Mt9Gfnb/LEMH52e+3WubvX79y5tRJpsm/pxUiTxyznP9j5mdt7/H9htz0/7jeP1/sfDh85/1mxGf2J+b/QmK/396Up960NOf9h+sn5v53axx//Jzn/ycf/yy30BwAAAAAAAAAAAAAAAD5JVVU7l4i+ERGX0/U/bV2bCQBMV37+r5K8XK1Wq9Vq9emrm6rxXm8WEfHX5jb1a4ZfjPtlAMAs+19E/KPtTtAa+Rcsf99fPX2x7c4AU3X7/Q9+dP3mzbVbt9vuCQAAAAAAAADwaeXxP5cb4z+/GBFLI+vtG//1zVg+6vif/TzzYIDRxzzQ9wSb3WGv2xhu/PnYGZ/73KTxv8/Gw+N/5zFxe839mGBwQPvwgPa5A9rnxy7dS2vshR4NOf/nG+Od1/mfGRl+vYTxX0fHvC9Bzv9s4/5c5/+lkfWa+Ve/nbn8Nw674mZ09+V//s57Pz1/+/0PXrnx3vV3195d+/GllZULly5fvnLlyvl3btxcu7D77/H0egbk/PPY184DLUvOP2cu/7Lk/L+QavmXJef/xVTLvyw5//x6T/5lyfnn9z7yL0vO/6VUy78sOf+vpFr+ZdnaXp+r83851fIvSz7+v5pq+Zcl5/9KquVflpz/uVTLvyw5//OpPkT+vh7+FMn550+4HP9lyfmvpFr+Zcn5X0y1/MuS87+UavmXJef/aqrlX5ac/9dSLf+y5Pwvp1r+Zcn5fz3V8i9Lzv9KquVflpz/N1It/7Lk/L+ZavmXJef/WqrlX5ac/7dSLf+y5Py/nWr5lyXn/51Uy78sOf/XUy3/sux9/78ZM2bM5Jm2H5kAAAAAAAAAAAAAgFHTOJ247X0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7PDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1Eaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwd3cxcp31GcDP7Ie9dggxEIKTGtgkJoRkya4/4g9aFxMI0AClQEKhH9iud20W/IXXLoEi2TRQImFUVFE1vWgLKGojVRVWxQWtKM1F1Y+r0l7Qm4qqElKjyqCAitRWNFvNnPd9PTM7OzPrHa9nz/v7Scnfu3Nmzpkz78zus/azAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECzO98897laURT1/xr/21IUL6r/edPklsbn3nCjjxAAAABYrf9r/P/5W9InDvZxpaZt/u5V//j1xcXFxeIDo787/qXFxXTBZFGMbyyKxmXR5X//YK15m+CJYqI20vTxSI/dj/a4fKzH5eM9Lt/Q4/KNPS6f6HH5khOwxKby5zGNG9ve+OOW8pQWtxbjjcu2d7jWE7WNIyPxZzkNtcZ1FsePFfPFiWKumGnZvty21tj+m3fW9/X2Iu5rpGlf2+or5IefOhqPoRbO8faWfV29zej7byomf/TDTx3943NXbu80e56Gltsrj/Peu+rH+ZnwmfJYa8XGdE7icY40Hee2Do/JaMtx1hrXq/+5/Tif7/M4R68e5ppqf8wnipHGn7/dOE9jzT/WS+dpW/jcf99dFMXFq4fdvs2SfRUjxeaWz4xcfXwmyhVZv436UnppMbaidXpnH+u0Pme3t67T9udEfPzvDNcbW+YYmh+m7396w5LHfaXrNKrf6+WeK+1rcNDPlWFZg3FdfLtxp5/suAa3h/v/qXuWX4Md106HNZjud9MavKvXGhzZMNo45vQg1BrXuboGd7RsP9rYU60xn7un+xqcPnfyzPTCJz75+vmTR47PHZ87tWvHjplde/bs27dv+tj8ibmZ8v/XeLaH3+ZiJD0H7grnLj4HXtu2bfNSXfzK4J6HE12eh1vath3083Cs/c7V1uYJuXRNl8+NR+snfeLSSLHMc6zx+Ny3+udhut9Nz8Oxpudhx68pHZ6HY308D+vbnLmvv+9Zxpr+63QM1+trwZamNdj+/Uj7Ghz09yPDsgYnwrr41/uW/1qwLRzvk1Mr/X5kdMkaTHc3vPbUP5O+35/Y1xid1uUd9Qtu2lCcX5g7+8DjR86dO7ujCGNNvKxprbSv181N96lYsl5HVrxeD86/6sk7Onx+SzhXE6+v/29i2ceqvs3uB7o/Vo2vbp3PZ8tndxZhDNhan89OX83r5zNlyS7ns77NZ6ZX/714yqVNr7/jy7z+xtz/Qrm/dFNPjI6Plc/f0XR2xltej1sfqrHGa1etse/np/t7PR4P/6316/GtXV6Pt7ZtO+jX4/H2Oxdfj2u9ftqxOu2P50RYJydmur8e17fZunOla3Ks6+vx3WHWwvl/XUgKKRc1rZ3l1m3a19jYeLhfY3EPret0V8v24yGb1ff1zM5rW6f33l3e1mi6d1et1TqdbNt20Os0vV4tt05rvX76dm3aH8+JsC5u3dV9nda3eXb36l87N8U/Nr12bui1BsdHN9SPeTwtwvL1fnFTXIMPFEeL08WJYrZx6YbGeqo19jX1YH9rcEP4b61fK7d2WYP3tm076DWYvo4tt/ZqY0vv/AC0P54TYV089WD3NVjf5i17B/u9673hM2mbpu9d23++ttzPvO5oO03X82de9eP8m73dfzZb3+bEvpXmzO7n6f7wmZs6nKf25+9yz6nZYm3O09ZwnFf2LX+e6sdT3+ZL+/tcTweLorjwsYcaP+8Nf7/y5+e/8/WWv3fp9Hc6Fz720A9uPva3Kzl+ANa/F8qxufxa1/Q3U/38/T8AAACwLsTcPxJmIv8DAABAZcTcH/9VeCL/AwAAQGXE3D8WZpJJ/t/6livzL1woUjN/MYiXp9PwSLld7LjOhI8nF6+qf/6hp+d+/JcX+tv3SFEUP3nkNzpuv/WReFylyXCclx9u/fzSK17oa/+HH7u6XXN//cvh9uP96XcZdKrgzhRF8c1bvtDYz+QHLzXms48cbsz3Xnzyifo2z+8vP47Xf+5l5fZ/EMq/B48dabn+c+E8fC/MmXd0Ph/xel+79Lpte99/dX/xerW7Xty42099qLzd+HtyvvhEuX08z8sd/199/pmv1bd//DWdj//CSOfjfybc7tMPX5mvr7j/eWW5ffNjUP84Xu+z4fjj/p4O13/gq9/qePyXP1duf+at5XaHw4z7vzd8vP2tV+abz9fjtSMt96t4W7ld3P/Md367cXm8vXj77cc/cehSy/loXx/P/nN5O9Nt28fPx/1Ef9G2//rtNK/PuP9nfutwy3nutf/L733ulfXbbd///W3bjbZdv/03Nv3hZ7/QcX/xeA7+2ZmW+3PwPeF5HPb/1IfCegyX/+/lL7TsNzr8ntbXn7j9l7dcaLk/0dt/VO7/8huPN+Z/TP7492960c0vvvjq+rkrim+/r7y9Xvs//kenW47/K7fd13g84uWxo9++/+XE/Z/9+NSp0wvn52ebzmrjd+e8szyejRObNteP95bw2tr+8aHT5z48d3ZyZnKmKCar+yv0rtlXw/xBOS6u9Pr3PRYezzt+75ub7/mnz8fP/8uj5ecvvaP8uvXasN0Xw+e3lI/fYm2V+3/qztsaz+/as+XHLT32Adi2/T/39bVhuP/t3xfE9X7m5R9unIf6ZY2vG/F5vcrj/+5seTvfCOd1Mfxm5rtuu7q/5u3j70a49L7y+b7q8xde5uLj+ifh8X7X98rbj8cV7+93w/cx39ra+noX18c3Loy0337jt3hcDK8nxcXy8rhVPN+Xnr+t4+HF30NSXLy98fHvpNu5fUV3czkLn1iYPjF/6vzj0+fmFs5NL3zik4dOnj5/6tyhxu/yPPSRXte/+vq0ufH6NDu3Z3cxs6koitPFzBq8YF2f46//qb/jP/PY0dm9M/fMzh07cv7YucfOzJ09fnRh4ejc7MI9R44dm/t4r+vPzx7YsXP/rr07p47Pzx7Yt3//rv1T86dO1w+jPKge9sx8dOrU2UONqywc2L1/x4MP7p6ZOnl6du7A3pmZqfO9rt/42jRVv/avT52dO3Hk3PzJuamF+U/OHdixf8+enT1/G+DJM8cWJqfPnj81fX5h7ux0eV8mzzU+Xf/a1+v6VNPCv5Xfz7arlb+Ir3j3/XvS72ete/rTy95UuUnbLxC9En4XzT+85My+fj6OuX88zCST/A8AAAA5iLl/Q5iJ/A8AAACVEXP/xjAT+R8AAAAqI+b+iTCTTPK//r/+f3/9//LyQfb/O/XnC/3/oer/n/lY2Std7/3/2J/X/8/DDe7/r3r/+v/6/9Xr//ffn1/vx6//r//PUsPW/4+5f1NRZJn/AQAAIAcx928OM5H/AQAAoDJi7r8pzET+BwAAgMqIuf9FYSaZ5H/9/776/zt7Fa6q3/8f/Pv/6//r/69J/z8+OPr/2Vhx//79j7Z8qP8f6P/r/+v/6//r/7Nq48tecqP6/zH33xxmkkn+BwAAgBzE3P/iMBP5HwAAACoj5v5bwkzkfwAAAKiMmPu3hJlkkv/1/73/v/6//n+l+/+rff//poPR/18fvP9/d/r/PVxz/39C/3899v/HB3v8w93/73n4+v9cF8P2/v8x978kzCST/A8AAAA5iLn/pWEm8j8AAABURsz9Lwszkf8BAACgMmLuvzXMJJP8r/+v/6//r/+v/995/73f/7/8k/7/cNH/707/vwfv/59X/3/Axz/c/f9Bv///+MPt19f/p5Nh6//H3P/yMJNM8j8AAADkIOb+28JM5H8AAACojJj7XxFmIv8DAABAZcTcvzXMJJP8r/+v/6//r/+v/995/737/yX9/+Gi/9+d/n8P+v/6//r//fX/O3zzq/9PJ8PW/4+5//Ywk0zyPwAAAOQg5v47wkzkfwAAAKiMmPt/KsxE/gcAAIDKiLl/W5hJJvlf/1//X/8/r/7//Rv0//X/q03/vzv9/x70//X/9f/7fP//pVbS/9/Y68aojGHr/8fc/8owk0zyPwAAAOQg5v5XhZnI/wAAAFAZMfe/OsxE/gcAAIDKiLl/Mswkk/yv/1+t/v+f/vVTry70//X/e+y/ov3/uAz0/zOn/9+d/n8P+v/6//r/a9L/Jx/D1v+Puf/OMJNM8j8AAADkIOb+u8JM5H8AAACojJj77w4zkf8BAACgMmLu3x5mkkn+1/+vVv8/0v/X/++2/4r2/xP9/7zp/3fQ9CTV/+9B/1//P/v+f/zuV/+fwRi2/n/M/a8JM8kk/wMAAEAOYu6/J8xE/gcAAIDKiLn/tWEm8j8AAABURsz994aZZJL/9f/1//X/9f/1/zvvX/9/fdL/726l/f8N+v/6//r/mfX/vf8/gzVs/f+Y+18XZpJJ/gcAAIAcxNx/X5iJ/A8AAACVEf/9ZvnvXuV/AAAAqKKY+6fCTDLJ//r/+v859f9r+v/6//r/laf/3533/+9B/1//X/9f/5+BGrb+f8z9rw8zyST/AwAAQA5i7n8gzET+BwAAgMqIuX86zET+BwAAgMqIuX8mzCST/K//r/+fU//f+//r/+v/V5/+f3f6/z3o/+v/V63/XxT6/9xQw9b/j7l/R5hJJvkfAAAAchBz/84wE/kfAAAAKiPm/l1hJvI/AAAAVEbM/bvDTDLJ//r/+v/6//r/+v+d96//vz7p/3en/9+D/r/+f9X6/97/nxts2Pr/Mfc/GGaSSf4HAACAHMTcvyfMRP4HAACAyoi5f2+YScj/nf5dNwAAALC+xNy/L8wkk7//1/+vSP//N/++Zd/6//r/3fY/mP7/Jv3/MPX/h0tF+//tT4trpv/fg/7/devPFyMDOcQbdvz6//r/XJth6//H3L8/zCST/A8AAAA5iLn/DWEm8j8AAABURsz9Px1mIv8DAABAZcTc/zNhJpnkf/3/ivT/2+j/6/9327/3/9f/r7KK9v8HplL9/xH9//XU//f+//r/va5PNV3//n/8U3/9/5j7D4SZZJL/AQAAIAcx9/9smIn8DwAAAJURc/8bw0zkfwAAAKiMmPsPhplkkv/1//X/9f/1/69P//+NRbth7P/XF4/+f7UMcf9/vJ/96/97/3/9/zU5/vYvNQM5fv1//X+WGrb3/4+5/01hJpnkfwAAAMhBzP0PhZnI/wAAAFAZMfe/OcxE/gcAAIDKiLn/LWEmmeR//X/9f/1//X/v/995//r/69MQ9//7ov+v/6//v36PX/9f/5+lhq3/H3P/w2EmmeR/AAAAyEHM/W8NM5H/AQAAoDJi7n9bmIn8DwAAAJURc//bw0wyyf/6//r/+v/6//r/nfev/78+6f93p//fg/6//r/+v/4/AzVs/f+Y+38uzCST/A8AAAA5iLn/kTAT+R8AAAAqI+b+d4SZyP8AAABQGTH3vzPMJJP8r/+v/6//r/+v/995//r/65P+f3f6/z3o/+v/6//r/zNQw9b/j7n/XWEmmeR/AAAAyEHM/T8fZiL/AwAAQGXE3P/uMBP5HwAAACoj5v5fCDPJJP/r/+v/D1f/f/FC8/X0//X/i0H1/+tX0v/Pgv5/d/r/PXTo/2/U/9f/1//X/+eaDVv/P+b+94SZZJL/AQAAIAcx9783zET+BwAAgMqIuf99YSbyPwAAAFRGzP2Phplkkv/1/7Ps/6e7PHz9f+//r//v/f/1/1dH/787/f8evP+//r/+v/4/AzVs/f+Y+x8LM8kk/wMAAEAOYu5/f5iJ/A8AAACVEXP/L4aZyP8AAABQGTH3fyDMJJP8r/+fZf9/iN//v2r9/7GW9ZFT/3+i6fFM61L/X/9/Dej/d6f/34P+v/7/MPf/w2retMz19f8ZRsPW/4+5/4NhJpnkfwAAAMhBzP2/FGYi/wMAAEBlxNz/y2Em8j8AAABURsz9vxJmkkn+r2D//2Kh/6//PzT9/9b1kVP/3/v/L6X/vzb0/7vT/+9B/1//f5j7/z3o/zOMhq3/H3P/r4aZLBv8fvBffdxNAAAAYIjE3P+hMJNM/v4fAAAAchBz/6EwE/kfAAAAKiPm/sNhJpnk/wr2/1f5/v/xHVX1//X/B93/H9H/1//X/18Dg+v/v+LmotD/1//X/9f/1//X/2c1hq3/H3P/kTCTTPI/AAAA5CDm/l8LM5H/AQAAoDJi7j8aZiL/AwAAQGXE3D8bZpJJ/r+B/f/x4ez/e///a+3//0T/3/v/B/r/nen/rw3v/9+d/n8P+v/6//r/+v8M1LD1/2PunwszyST/AwAAQIWlHwfH3H8szET+BwAAgMqIuf94mIn8DwAAAJURc/+Hw0wyyf/e/1//3/v/34j+/1jL9vr/Jf1//f9B0P/vTv+/B/1//X/9f/1/BmrY+v8x98+HmWSS/wEAACAHMfd/JMxE/gcAAIDKiLn/o2Em8j8AAABURsz9J8JMMsn/+v/6/7n3/2tFcdH7/+v/d9q//v/6pP/fnf5/D/r/+v/6//r/DNSw9f9j7j8ZZpJJ/gcAAIAcxNx/KsxE/gf4f/buo0mu87rjcJsmEVb2R/DaKy/tFf0RvPXOVV67nOhsiaRylqicA5VzzonKOedM5RypSKkKKg7OOcBgGvciNKbvfc/zbI6BIjwNckjX36hfvQAAMIzc/f8ct9j/AAAAMIzc/f8StzTZ//p//X/3/n+zl/f/D//1+v+z9P/6/1040t9fv/2vu1gUftH+/6/++qZ/0P/r//X/k/T/+n/9PxdaWv+fu/9f45Ym+x8AAAA6yN3/b3GL/Q8AAADDyN3/73GL/Q8AAADDyN1/U9zSZP/r//X/+n/9/6H+/w79v/5/3bz/P03/P0P/r//X/+v/2aml9f+5+/8jbmmy/wEAAKCD3P3/GbfY/wAAADCM3P3/FbfY/wAAADCM3P3/Hbc02f/6f/2//n8t/f8J7/9f8PvR/+v/t9H/T9P/z9D/6//1//p/dmpp/X/u/v+JW5rsfwAAAOggd///xi32PwAAAAwjd///xS32PwAAAAwjd///xy1N9r/+X/+v/19L/39M7//r//X/K3f75tx/E/T/R+n/Z8z0/5uN/n/KJffz23976/n8F6H/1/9z1NL6/9z994pb/nazOXGlv0kAAABgUXL33ztuafLn/wAAANBB7v6b4xb7HwAAAIaRu/+WuKXJ/tf/6//1//p//f/2r6//Xyfv/0+7+v7/L//8n/6xb//v/f9p3v/fdf9/z3eG/p91W1r/n7v/1rilyf4HAACADnL33ydusf8BAABgGLn77xu32P8AAAAwjNz994tbmux//f9o/f+fHvp15/X/B7WL/l//r//X/49O/z/N+/8zDv4zd7p+qP/X/3v/X//P1Vla/5+7//5xS5P9DwAAAB3k7n9A3GL/AwAAwDBy9z8wbrH/AQAAYBi5+x8UtzTZ//r/0fr/w7/O+//6/21fX/+v/x+Z/n+a/n/GKO//X+F3zb77+au178+v/9f/c9TS+v/c/Q+OW5rsfwAAAOggd/9D4hb7HwAAAIaRu/+hcYv9DwAAAMPI3f+wuKXJ/tf/6//X0f/nV9D/6/+vff+f9P/rpP+fpv+fMUr/f4X23c+v/fPr//X/HLW0/j93/8Pjlib7HwAAADrI3f+IuMX+BwAAgGHk7n9k3GL/AwAAwDBy9z8qbmmy//X/+v919P/e/9f/e/9f/39p9P/T9P8z9P/6f/2//p+dWlr/n7v/trilyf4HAACADnL3Pzpusf8BAABgGLn7HxO32P8AAAAwjNz9j41bmux//b/+X/+v/9f/b//6+v910v9P0//PaN7/b27R/+v/9f/s1oL6//N+1anN4+KWJvsfAAAAOsjd//i4xf4HAACAYeTuf0LcYv8DAADAMHL3PzFuabL/9f+L6f8Pcr6x+v/Tm81G/79p2v+fPu+fZ31f6v/1/8dA/z9N/z+jef+/735+7Z9f/6//56gF9f8HP87d/6S4pcn+BwAAgA5y9z85brH/AQAAYBi5+58St9j/AAAAMIzc/U+NW5rsf/3/Yvr/A2P1/97/v/D7o1P/7/3/o/T/x0P/P03/P0P/r//X/+v/2aml9f+5+58WN5244Yp/iwAAAMDC5O5/etzS5M//AQAAoIPc/c+IW+x/AAAAWKnbjvxM7v5nxi1N9r/+f7f9/4nzfk7/r/+/8PtD/6//1/9fe/r/afr/Gfp//b/+X//PTi2t/8/d/6y4pcn+BwAAgA5y998et9j/AAAAMIzc/c+OW+x/AAAAGEbu/ufELU32v/7f+//6f/3/XP9/7jlU/b/+f/n0/9P0/zP0//r//fb/J8/9j/p/xnAZ/f+ZM2duvub9f+7+58YtTfY/AAAAdJC7/3lxi/0PAAAAw8jd//y4xf4HAACAYeTuf0Hc0mT/6/+b9v/5rb6u/v+WzUb/7/1//b/+f5r+f5r+f4b+X//v/X/9Pzu1tPf/c/e/MG5psv8BAACgg9z9L4pb7H8AAAAYRu7+F8ct9j8AAAAMI3f/S+KWJvtf/9+0//f+v/5f/3/c/f/dG/3/sVhF/3/64l9/6f3/rfp//f+Edv3/3/3NoR/q//X/HLW0/j93/0vjlib7HwAAADrI3f+yuMX+BwAAgGHk7n953GL/AwAAwDBy978ibrq+yf7X/+v/9f/6f/3/9q9/zO//n9hsNvr/HVhF/z9h6f3/bt7/v/Df8nP0//r/NX9+/b/+n6OW1v/n7n9l3NJk/wMAAEAHuftfFbfY/wAAADCM3P2vjlvsfwAAABhG7v7XxC1N9r/+X/+v/9f/D9//37qK/t/7/zui/5+2jP7/4vT/+v81f379v/6fS7ev/j93/2vjlib7HwAAADrI3f+6uMX+BwAAgGHk7n993GL/AwAAwDBy978hbmmy//X/+v/L6f/zc+r/x+r/Ty6u/z916H9fk/f/9f87ov+fpv+fof/X/+v/b9P/s0tLe/8/d/8b45Ym+x8AAAA6yN3/prj1/7q1/wEAAGAYufvfHLfY/wAAADCM3P1viVua7H/9v/7f+//6/+Hf/9f/t6L/n6b/n6H/1//r/73/z04trf/P3f/WuKXJ/gcAAIAOcve/LW6x/wEAAGAYufvfHrfY/wAAADCM3P13xC1N9r/+X/+v/9f/6//P/jPU/49B/z/tePr/0/p//X/1838S/xbo//X/c7+eMS2t/8/d/464pcn+BwAAgA5y978zbrH/AQAAYBi5+98Vt9j/AAAAsErXb/m53P3vjlua7H/9v/5f/6//1/9v//r6/3XaS/+f3xT6f+//hz79/18c+tHa3v+/8P9+6f/1/+ze0vr/3P3viVua7H8AAADoIHf/e+MW+x8AAACGkbv/fXGL/Q8AAADDyN3//rilyf7X/+v/9f/6f/3/9q+v/18n7/9P0//P0P/v9f38tX9+/b/+n6OW1v/n7v9A3NJk/wMAAEAHufs/GLfY/wAAADCM3P0filvsfwAAABjGwe7PuKzh/tf/6//1//p//f/2r6//Xyf9/zT9/wz9v/5f/6//Z6eW1v9/+OBXndp8JG5psv8BAACgg9z9H41b7H8AAAAYRu7+j8Ut9j8AAAAMI3f/x+OWJvtf/6//X0f/f+bMmZv1//r/w7+fc/3/nfp/iv5/mv5/hv5f/6//1/+zU0vr/3P3fyJuabL/AQAAoIPc/Z+MW+x/AAAAGEbu/k/FLfY/AAAADCN3/6fjlib7X/+/gP7/lP7f+//6/433/4/2/9ed/Y+y/v/y6P+n6f9njNj/n7r03/6++/mrte/Pr//X/3PU0vr/3P2fiVua7H8AAADoIHf/Z+MW+x8AAACGkbv/c3GL/Q8AAADDyN3/+bilyf7X/x9f/3/P37su7/+f3mz//Pp//b/+3/v/15r+f5r+f8aI/f9l2Hc/v/bPr//X/3PU0vr/3P1fiFsOD78bLu93CQAAACxJ7v4vxi1N/vwfAAAAOsjd/6W4xf4HAACAYeTu/3Lc0mT/6/8X8P7/gP2/9/+3f3/o/xfd/1+n/x+D/n+a/n+G/l//r//fUf+f3836/+6W1v/n7v9K3NJk/wMAAEAHufu/GrfY/wAAADCM3P1fi1vsfwAAABhG7v4745bz9v+2tnsU+n/9v/5f/6//3/719f/rpP+fdqn9/8nN1fX/Sf+v/9f/d+3/vf/PWUvr/3P3fz1u8ef/AAAAsDo3XOTnc/d/I26x/wEAAGAYufu/GbfY/wAAADCM3P3filvuum5fH+lY6f/1//p//b/+f/vX1/+vk/5/mvf/Z+j/d9HP36j/H6P/32z0/1y9pfX/ufu/Hbf4838AAAAYRu7+78Qt9j8AAAAMI3f/d+MW+x8AAACGkbv/e3FLk/2v/9f/X2X/f5Bm6v/P0v+fpf/fTv9/PPT/0/T/M/T/3v/X/3v/n51aWv+fu//7cUuT/Q8AAAAd5O7/Qdxi/wMAAMAwcvf/MG6x/wEAAGAYuft/FLc02f976//jb7X+f/X9v/f/9f/6f/3/ouj/p+n/Z+j/9f/6f/0/O7W0/j93/4/jlib7HwAAADrI3f+TuMX+BwAAgGHk7v9p3GL/AwAAwDBy9/8sbmmy/73/r//X/+v/9f/bv77+f530/9P0/9vVPyj9v/5f/6//Z6eW1v/n7v953NJk/wMAAEAHuft/EbfY/wAAADCM3P13xS32PwAAAAwjd/8v45Ym+1//r//X/+v/9f/bv77+f530/9P22f///Z/Nf1nv/++9/8+PoP/X/+v/2Yml9f+5+38VtzTZ/wAAANBB7v5fxy32PwAAAAwjd/9v4hb7HwAAAIaRu/+3cUuT/T/T/5+sv1D/P0n/f/jz6/+3f3/o//X/+v9rT/8/zfv/M/T/3v/X/+v/2aml9f+5+38XtzTZ/wAAANBB7v674xb7HwAAAIaRu//3cYv9DwAAAMPI3f+HuKXJ/vf+/5r6/xv1//p//b/+X/8/Q/8/Tf8/Q/+v/9f/6//ZqaX1/7n7/xgAAP//RD5ONQ==") open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') 1.073049124s ago: executing program 2 (id=878): bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000c00)=ANY=[], 0x1, 0x6d3, &(0x7f00000014c0)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSCsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitELgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJQi1y+88bDMr67MtldXZo/Vxe0kZbqRNLurFHeT4nEyV5YXfUv61pt8vHjtrc+erH7ezTXrpao/tl27IYbUXa6XTNf9TQ9tOb7bXSzX4eWlJDfq9aCJ3fY1ULEctPP1Gg5dZ1AjneW9NN/LdQscMb2nU9F9bm4ylRxPMln/HpD67tAYXYQHY093OQAAAHhBfXrvsCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF0/9/f9FvTTqdaZT9L7/f6K3rU4fQXO7rvnoQOMAAAAAAAAAgNH4+tM8zcOc6OU7RfU3/3NV5lS+6CRfyvt5kIXcz8U8zHyWspT7uZxkqq+jiYfzS0v3L6+1LA1veWVoyyujOmIAAAAAAAAA+J/0y7TW//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHQZGMdVfVcqpeZyqNZtbLspz8M8nEYce7B8WwjY9GHwcAAAA8l8lnaPPlp3mahznRy3eK6jX/V6rXy5N5P3ezlMUspZ2F3KxfQ5ev+hurK7Pt1ZXZO+VS5gf7/f6/9xTGRN3DWJUbtuczVY1WbmWx2nIxN6pgbqbR3ff55Ewvnr64+nxUxlR8r7bLyJr1sJY7+/1W7yLsi8G3Ihrb1GytB5esjchMHVvZ8mR3BIrqjZpk40jseHaaA7mpqtfxtT1dTmPtnZ9TBzDmx+t1eTy/OdAx36u1kWikGokrvdlXXjPbj0Tyjb/+6e3b7bvv3r714MLROaQdjG2xfeOcmO0biVdf6JFo7rH+TDUSp9fy1/Oj/CQXMp03cz+L+Wnms5SFdOry+Xo+lz+nth+puYHcmztFMlGfl+45201M0/lhlZrPuartiSymyL3czEJer/5dyeV8O1dzNdf6zvDpLeOujq266hsbr/remf7b0ODPf7NOlHe3367f5ea2O+KtZud+6d77y3E92Teu3Vn/ZK3Wyb7rYKZvlF7ujc740M6f5d7Y/GqdKPfxqx2eE6M1VY9EeQH1nhK96F7pjkSzehZtnud/6JTt0r7b6dyef2+L/pc35F+r1+W0WvnaTrV7hp+K/VXOl5czWd9JBmdHWfbK2l2mr6yzPpe7ZYNP3LLd6aqsKHpX6o9zr5oAm6/Uifp3uM09XanKXt1Qdra+h5dlZ/rKBn7fyr20c3ME4wfAs/jH22vJqRyfaP2r9Wnrk9avW7dbb0z+4Nh3jp2dyPjfx7/bnBl7rXG2+Es+yc/XX/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP7sEHH747324v3B+eaGxdNJBoZeOWnXrekCjqL/TZW6ujm5hMMrCl+p6jkYfR2hjGpkTnF8nIx6f3JYLD6/yuTDQ3zahhibmBLX/e3OFHe4yw2N11cYCJRka707EMnwCHeFMCRuLS0p33Lj344MNvLd6Zf2fhnYW741evXpu5dvX12Uu3FtsLM92fhx0lcBDWH/qHHQkAAAAAAAAAAACwW8M+GHDupZ0+NLIp0Uiy8TMe/mchAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsC+uX0jzUYpcnrk4U+ZXV2bb5dJLr9dsJmk0kuJnSfE4mUt3yVRfd0X++DidIfv5ePHaW589Wf18va9mt37SqNdb2740yXK9ZDrJWL1+DgP93Xju/or/9I6hHLAvOp3O3PPFB/vjvwEAAP//5CHw8g==") bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000100)={0xf1e5b317, 0x800000, 0x0, 0xfffffffc, 0x40001000}) 784.058658ms ago: executing program 2 (id=880): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) 534.834162ms ago: executing program 2 (id=881): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x28, r1, 0x1, 0xffffffff, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}]}, 0x28}}, 0x0) 344.520905ms ago: executing program 2 (id=882): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x24, r0, 0xb97534d5fe9700cf, 0x70bd25, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x14055}, 0x4004004) 223.010337ms ago: executing program 4 (id=883): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010700000000fcdbdf256700000008000300", @ANYRES32=r3, @ANYBLOB="0800c300741300000800c4"], 0x2c}}, 0x40) 68.217969ms ago: executing program 2 (id=884): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4003, 0x0, 0x6, 0x2) mlockall(0x7) 0s ago: executing program 0 (id=885): r0 = creat(&(0x7f0000000200)='./file1\x00', 0x12e) close(r0) openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0) r1 = fsopen(&(0x7f00000003c0)='nfs4\x00', 0x1) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0xa, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) kernel console output (not intermixed with test programs): 11.086153][ T23] usb 4-1: Using ep0 maxpacket: 8 [ 111.094376][ T23] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 111.112856][ T23] usb 4-1: config 179 has no interface number 0 [ 111.129002][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 111.141698][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 111.162653][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 111.180443][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 111.199961][ T23] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 111.213875][ T23] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 111.215316][ T9] wacom 0003:056A:0307.0005: hidraw0: USB HID v0.00 Device [HID 056a:0307] on usb-dummy_hcd.0-1/input0 [ 111.234469][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.262923][ T6777] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 111.424543][ T9] usb 1-1: USB disconnect, device number 6 [ 111.559941][ T23] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input10 [ 111.707115][ T6802] loop2: detected capacity change from 0 to 512 [ 111.725534][ T6802] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 111.757708][ T6777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.776062][ T6777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.811883][ T6802] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #17: comm syz.2.300: corrupted in-inode xattr: e_value out of bounds [ 111.832643][ T6802] EXT4-fs (loop2): Remounting filesystem read-only [ 111.843587][ T6802] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.876812][ T28] audit: type=1326 audit(1750349307.576:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6801 comm="syz.2.300" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64dc78e929 code=0x0 [ 112.019955][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 112.028313][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 112.037353][ T786] usb 4-1: USB disconnect, device number 5 [ 112.046425][ T786] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 112.202000][ T6813] netlink: 36 bytes leftover after parsing attributes in process `syz.0.303'. [ 112.297588][ T6819] loop0: detected capacity change from 0 to 256 [ 112.359435][ T6819] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 112.514317][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.545295][ T6825] loop0: detected capacity change from 0 to 1024 [ 112.566500][ T6825] EXT4-fs: Ignoring removed nobh option [ 112.608513][ T6825] EXT4-fs: Ignoring removed bh option [ 112.618275][ T6825] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 112.698928][ T6825] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.826211][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.884823][ T6836] loop3: detected capacity change from 0 to 512 [ 112.893154][ T6836] EXT4-fs: Ignoring removed mblk_io_submit option [ 112.986365][ T6836] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 112.994689][ T6836] EXT4-fs (loop3): orphan cleanup on readonly fs [ 113.005667][ T8] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 113.048946][ T6836] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 113.095903][ T6836] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 113.147991][ T6836] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 113.189169][ T6836] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.315: bg 0: block 40: padding at end of block bitmap is not set [ 113.218054][ T6848] loop0: detected capacity change from 0 to 256 [ 113.235489][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 113.261719][ T6836] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 113.261741][ T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 113.284465][ T6836] EXT4-fs (loop3): 1 truncate cleaned up [ 113.288262][ T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 28528, setting to 8 [ 113.296964][ T6836] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 113.306687][ T8] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 113.324972][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.342055][ T6830] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 113.361326][ T8] hub 3-1:1.0: bad descriptor, ignoring hub [ 113.381161][ T8] hub: probe of 3-1:1.0 failed with error -5 [ 113.418115][ T8] cdc_wdm 3-1:1.0: skipping garbage [ 113.424348][ T6836] EXT4-fs error (device loop3): ext4_get_link:104: inode #16: comm syz.3.315: bad symlink. [ 113.435181][ T8] cdc_wdm 3-1:1.0: skipping garbage [ 113.446123][ T8] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 113.462329][ T8] cdc_wdm 3-1:1.0: Unknown control protocol [ 113.487103][ T6853] EXT4-fs error (device loop3): ext4_get_link:104: inode #16: comm syz.3.315: bad symlink. [ 113.596921][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.619514][ T6855] loop1: detected capacity change from 0 to 8192 [ 113.662114][ T6855] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 114.185752][ T23] usb 3-1: USB disconnect, device number 5 [ 114.193894][ T6830] cdc_wdm 3-1:1.0: Error autopm - -16 [ 114.346592][ T786] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 114.375835][ T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 114.536923][ T786] usb 2-1: Using ep0 maxpacket: 32 [ 114.557666][ T786] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 114.575661][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 114.580867][ T786] usb 2-1: config 1 has no interface number 1 [ 114.589744][ T786] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 114.603332][ T23] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 114.634230][ T23] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 114.654054][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 119, changing to 10 [ 114.666630][ T786] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 114.676661][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.684678][ T786] usb 2-1: Product: syz [ 114.689269][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26480, setting to 1024 [ 114.701577][ T23] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 114.710763][ T786] usb 2-1: Manufacturer: syz [ 114.715970][ T786] usb 2-1: SerialNumber: syz [ 114.721872][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.746921][ T6858] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 114.756803][ T23] hub 3-1:1.0: bad descriptor, ignoring hub [ 114.763759][ T23] hub: probe of 3-1:1.0 failed with error -5 [ 114.786414][ T23] cdc_wdm 3-1:1.0: skipping garbage [ 114.791746][ T23] cdc_wdm 3-1:1.0: skipping garbage [ 114.802484][ T23] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 114.808773][ T23] cdc_wdm 3-1:1.0: Unknown control protocol [ 114.953144][ T786] usb 2-1: found format II with max.bitrate = 8, frame size=6 [ 114.969238][ T786] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 114.994393][ T786] usb 2-1: USB disconnect, device number 6 [ 115.023584][ T5780] udevd[5780]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 115.085994][ T9] usb 3-1: USB disconnect, device number 6 [ 115.436968][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 115.619479][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 115.630409][ T9] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 115.654263][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 115.655118][ T6898] pim6reg1: entered promiscuous mode [ 115.670075][ T6898] pim6reg1: entered allmulticast mode [ 115.679889][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 115.706125][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 115.733129][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.773188][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 115.783601][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.800712][ T6901] loop2: detected capacity change from 0 to 512 [ 115.840167][ T6901] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.343: bg 0: block 393: padding at end of block bitmap is not set [ 115.860427][ T6901] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 115.904271][ T6901] EXT4-fs (loop2): 2 truncates cleaned up [ 115.918241][ T6901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.027225][ T9] usb 4-1: usb_control_msg returned -32 [ 116.035708][ T9] usbtmc 4-1:16.0: can't read capabilities [ 116.120041][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.278483][ T6907] loop2: detected capacity change from 0 to 2048 [ 116.324671][ T6907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.397827][ T6907] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 116.427024][ T6914] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 116.464196][ T23] usb 4-1: USB disconnect, device number 6 [ 116.485327][ T6905] loop0: detected capacity change from 0 to 32768 [ 116.507672][ T6907] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28 [ 116.537544][ T6916] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 116.564358][ T6907] EXT4-fs (loop2): This should not happen!! Data will be lost [ 116.564358][ T6907] [ 116.569694][ T6905] JBD2: Ignoring recovery information on journal [ 116.584765][ T6916] EXT4-fs (loop2): This should not happen!! Data will be lost [ 116.584765][ T6916] [ 116.613829][ T6907] EXT4-fs (loop2): Total free blocks count 0 [ 116.635812][ T6916] EXT4-fs (loop2): Total free blocks count 0 [ 116.655989][ T6907] EXT4-fs (loop2): Free/Dirty block details [ 116.661405][ T6916] EXT4-fs (loop2): Free/Dirty block details [ 116.668298][ T6916] EXT4-fs (loop2): free_blocks=66060288 [ 116.711924][ T6905] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 116.942469][ T5764] ocfs2: Unmounting device (7,0) on (node local) [ 116.979195][ T6922] loop2: detected capacity change from 0 to 7 [ 116.995735][ T5780] Dev loop2: unable to read RDB block 7 [ 117.016151][ T5780] loop2: AHDI p1 p2 p3 [ 117.020360][ T5780] loop2: partition table partially beyond EOD, truncated [ 117.038422][ T5780] loop2: p1 start 1601398130 is beyond EOD, truncated [ 117.055664][ T5780] loop2: p2 start 1702059890 is beyond EOD, truncated [ 117.063427][ T6922] Dev loop2: unable to read RDB block 7 [ 117.075730][ T6922] loop2: AHDI p1 p2 p3 [ 117.079937][ T6922] loop2: partition table partially beyond EOD, truncated [ 117.109517][ T6922] loop2: p1 start 1601398130 is beyond EOD, truncated [ 117.127726][ T6922] loop2: p2 start 1702059890 is beyond EOD, truncated [ 117.300206][ T6926] loop0: detected capacity change from 0 to 1024 [ 117.313082][ T6928] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 117.485786][ T23] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 117.675832][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 117.690809][ T23] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 117.713860][ T23] usb 4-1: config 1 has no interface number 1 [ 117.735818][ T23] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 117.801786][ T23] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 117.824274][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.855777][ T23] usb 4-1: Product: syz [ 117.866499][ T23] usb 4-1: Manufacturer: syz [ 117.871132][ T23] usb 4-1: SerialNumber: syz [ 118.167638][ T23] usb 4-1: found format II with max.bitrate = 8, frame size=6 [ 118.213513][ T23] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 118.318987][ T23] usb 4-1: USB disconnect, device number 7 [ 118.412436][ T5780] udevd[5780]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 118.935676][ T23] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 118.950733][ T6967] loop2: detected capacity change from 0 to 4096 [ 119.082680][ T6971] loop3: detected capacity change from 0 to 256 [ 119.147666][ T28] audit: type=1800 audit(1750349314.836:10): pid=6971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.368" name="file1" dev="loop3" ino=1048595 res=0 errno=0 [ 119.194218][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.225790][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.250530][ T23] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.261984][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.283303][ T23] usb 2-1: Product: syz [ 119.293618][ T23] usb 2-1: Manufacturer: syz [ 119.305627][ T23] usb 2-1: SerialNumber: syz [ 119.603255][ T6979] loop3: detected capacity change from 0 to 256 [ 119.653530][ T28] audit: type=1804 audit(1750349315.346:11): pid=6979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.370" name="/newroot/100/file1/file0" dev="loop3" ino=1048596 res=1 errno=0 [ 119.748689][ T23] cdc_ncm 2-1:1.0: bind() failure [ 119.755712][ T5085] Bluetooth: hci3: command tx timeout [ 119.762386][ T23] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 119.826140][ T23] cdc_ncm 2-1:1.1: bind() failure [ 119.846282][ T23] usb 2-1: USB disconnect, device number 7 [ 120.103254][ T6988] loop2: detected capacity change from 0 to 1024 [ 120.128845][ T6988] EXT4-fs: Ignoring removed oldalloc option [ 120.142574][ T6988] EXT4-fs: Ignoring removed nomblk_io_submit option [ 120.180110][ T6988] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.274114][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.575018][ T6999] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.715974][ T7002] input: syz1 as /devices/virtual/input/input11 [ 120.766025][ T23] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 120.965792][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 121.001377][ T23] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 121.022208][ T23] usb 3-1: config 1 has no interface number 1 [ 121.033440][ T23] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 121.058162][ T23] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 121.071215][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.081317][ T23] usb 3-1: Product: syz [ 121.085506][ T23] usb 3-1: Manufacturer: syz [ 121.095123][ T23] usb 3-1: SerialNumber: syz [ 121.232116][ T7004] loop1: detected capacity change from 0 to 32768 [ 121.242428][ T7004] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.381 (7004) [ 121.311139][ T7004] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 121.351241][ T23] usb 3-1: found format II with max.bitrate = 8, frame size=6 [ 121.359852][ T7004] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 121.370397][ T23] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 121.392938][ T7004] BTRFS info (device loop1): using free space tree [ 121.421360][ T7021] loop3: detected capacity change from 0 to 2048 [ 121.456741][ T23] usb 3-1: USB disconnect, device number 7 [ 121.465157][ T7021] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 121.485196][ T5780] udevd[5780]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 121.552695][ T7004] BTRFS info (device loop1): enabling ssd optimizations [ 121.570513][ T7004] BTRFS info (device loop1): auto enabling async discard [ 121.602403][ T7021] UDF-fs: error (device loop3): udf_rename: failed to find renamed entry again in directory (ino 1408) [ 121.718310][ T5765] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 121.773547][ T7039] loop0: detected capacity change from 0 to 1024 [ 122.004217][ T5780] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 10 /dev/loop1 scanned by udevd (5780) [ 122.138127][ T7048] loop2: detected capacity change from 0 to 7 [ 122.147628][ T7048] Dev loop2: unable to read RDB block 7 [ 122.153919][ T7048] loop2: unable to read partition table [ 122.163219][ T7048] loop2: partition table beyond EOD, truncated [ 122.191925][ T7048] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 122.734476][ T28] audit: type=1326 audit(1750349318.426:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 122.775827][ T28] audit: type=1326 audit(1750349318.426:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 122.808995][ T28] audit: type=1326 audit(1750349318.456:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 122.831579][ T28] audit: type=1326 audit(1750349318.456:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 122.856866][ T28] audit: type=1326 audit(1750349318.456:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 122.880174][ T28] audit: type=1326 audit(1750349318.456:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 122.903655][ T28] audit: type=1326 audit(1750349318.486:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 122.929730][ T28] audit: type=1326 audit(1750349318.486:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7064 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f35933c11e5 code=0x7ffc0000 [ 123.045751][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 123.124607][ T7069] loop3: detected capacity change from 0 to 128 [ 123.187607][ T7069] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 123.230128][ T7069] ext4 filesystem being mounted at /109/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 123.262923][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 123.273423][ T8] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 123.282674][ T8] usb 1-1: config 1 has no interface number 1 [ 123.296205][ T8] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 123.339828][ T8] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 123.350569][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.360178][ T8] usb 1-1: Product: syz [ 123.378648][ T8] usb 1-1: Manufacturer: syz [ 123.383417][ T8] usb 1-1: SerialNumber: syz [ 123.433784][ T5763] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 123.646156][ T8] usb 1-1: found format II with max.bitrate = 8, frame size=6 [ 123.663886][ T8] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 123.708855][ T8] usb 1-1: USB disconnect, device number 7 [ 123.988042][ T7075] loop1: detected capacity change from 0 to 40427 [ 124.028858][ T7075] F2FS-fs (loop1): invalid crc value [ 124.052282][ T7075] F2FS-fs (loop1): Found nat_bits in checkpoint [ 124.140326][ T7075] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 124.238874][ T5765] syz-executor: attempt to access beyond end of device [ 124.238874][ T5765] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 124.261405][ T5765] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 124.305036][ T5765] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 124.676002][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 124.718432][ T7099] loop0: detected capacity change from 0 to 2048 [ 124.783874][ T7099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.831025][ T7099] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 124.862954][ T7099] EXT4-fs (loop0): Remounting filesystem read-only [ 124.870523][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 124.880876][ T9] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 124.890526][ T9] usb 3-1: config 0 has no interface number 0 [ 124.896852][ T9] usb 3-1: config 0 interface 184 has no altsetting 0 [ 124.910823][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 124.911432][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.920002][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.920023][ T9] usb 3-1: Product: syz [ 124.920036][ T9] usb 3-1: Manufacturer: syz [ 124.920050][ T9] usb 3-1: SerialNumber: syz [ 124.932448][ T9] usb 3-1: config 0 descriptor?? [ 124.968545][ T9] smsc75xx v1.0.0 [ 125.005958][ T5774] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 125.199682][ T5774] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 125.225725][ T5774] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.247662][ T5774] usb 4-1: config 0 descriptor?? [ 125.254837][ T5774] cp210x 4-1:0.0: cp210x converter detected [ 125.580392][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 125.592445][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 125.674203][ T5774] usb 4-1: cp210x converter now attached to ttyUSB0 [ 125.816345][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 125.858551][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 125.872273][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 125.880217][ T5774] usb 4-1: USB disconnect, device number 8 [ 125.882442][ T9] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 125.901426][ T5774] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 125.905299][ T9] usb 3-1: USB disconnect, device number 8 [ 125.941235][ T5774] cp210x 4-1:0.0: device disconnected [ 126.110641][ T7121] loop0: Can't mount, would change RO state [ 126.600972][ T7130] loop3: detected capacity change from 0 to 1024 [ 126.645999][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 126.646103][ T7130] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.785567][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.866971][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 126.875408][ T9] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 126.891983][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 126.912965][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 126.924285][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 126.941421][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 126.953860][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 126.971400][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 127.009954][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.100627][ T7138] loop2: detected capacity change from 0 to 4096 [ 127.240227][ T9] usb 2-1: GET_CAPABILITIES returned 0 [ 127.256203][ T9] usbtmc 2-1:16.0: can't read capabilities [ 127.368353][ T7146] loop3: detected capacity change from 0 to 128 [ 127.490216][ T9] usb 2-1: USB disconnect, device number 8 [ 127.763536][ T7151] loop3: detected capacity change from 0 to 4096 [ 127.985238][ T7161] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 127.991806][ T7151] overlayfs: upper fs does not support tmpfile. [ 128.081982][ T7151] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 128.164161][ T7166] loop1: detected capacity change from 0 to 1024 [ 128.181525][ T7166] EXT4-fs: Ignoring removed nobh option [ 128.228718][ T7166] EXT4-fs: Ignoring removed bh option [ 128.249997][ T7166] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 128.303686][ T7166] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.428788][ T7174] loop3: detected capacity change from 0 to 256 [ 128.429921][ T7166] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.438: Allocating blocks 385-513 which overlap fs metadata [ 128.436116][ T7174] exfat: Deprecated parameter 'namecase' [ 128.480072][ T7174] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 128.623159][ T7165] EXT4-fs (loop1): pa ffff888079a5f0e8: logic 16, phys. 129, len 24 [ 128.631598][ T7165] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 8 [ 128.737315][ T7178] loop3: detected capacity change from 0 to 1024 [ 128.747918][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.760972][ T7178] EXT4-fs: Ignoring removed nobh option [ 128.781160][ T7178] EXT4-fs: Ignoring removed bh option [ 128.873764][ T7178] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.901486][ T7162] loop2: detected capacity change from 0 to 32768 [ 128.987149][ T7162] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 128.987149][ T7162] [ 129.176024][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.851404][ T7197] loop1: detected capacity change from 0 to 256 [ 130.380784][ T7218] loop2: detected capacity change from 0 to 1024 [ 130.745933][ T5774] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 130.907948][ T7232] loop0: detected capacity change from 0 to 1764 [ 130.947180][ T5774] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 130.961643][ T5774] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.977386][ T5774] usb 3-1: config 0 descriptor?? [ 130.986785][ T5774] cp210x 3-1:0.0: cp210x converter detected [ 131.045547][ T7226] loop1: detected capacity change from 0 to 32768 [ 131.110795][ T7226] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 131.161422][ T7239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.467'. [ 131.183678][ T7239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.467'. [ 131.225111][ T7226] XFS (loop1): Ending clean mount [ 131.385091][ T5765] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 131.602543][ T5774] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 131.627505][ T5774] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 131.652559][ T7253] netlink: 404 bytes leftover after parsing attributes in process `syz.3.473'. [ 131.655798][ T5774] usb 3-1: cp210x converter now attached to ttyUSB0 [ 131.717402][ T5774] usb 3-1: USB disconnect, device number 9 [ 131.737273][ T5774] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 131.758797][ T5774] cp210x 3-1:0.0: device disconnected [ 131.794830][ T7251] loop0: detected capacity change from 0 to 8192 [ 131.837111][ T7251] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 131.861752][ T7251] UDF-fs: Scanning with blocksize 512 failed [ 131.882611][ T7251] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 131.905019][ T7251] UDF-fs: Scanning with blocksize 1024 failed [ 131.925543][ T7259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.475'. [ 131.936988][ T7251] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 131.944643][ T7251] UDF-fs: Scanning with blocksize 2048 failed [ 131.971133][ T7251] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.010576][ T2918] hfsplus: b-tree write err: -5, ino 4 [ 132.645266][ T7280] xt_CT: No such helper "snmp" [ 132.768497][ T7289] loop0: detected capacity change from 0 to 256 [ 132.795366][ T7289] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 132.815866][ T7289] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 132.850375][ T7289] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 132.874179][ T7292] warning: `syz.3.488' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 132.961537][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.113786][ T7299] loop3: detected capacity change from 0 to 2048 [ 133.151180][ T7299] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 133.220478][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 133.220490][ T28] audit: type=1800 audit(1750349328.886:28): pid=7299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.489" name="file1" dev="loop3" ino=1335 res=0 errno=0 [ 133.324754][ T7306] netlink: 4 bytes leftover after parsing attributes in process `syz.2.494'. [ 133.350847][ T7303] loop1: detected capacity change from 0 to 1024 [ 133.351893][ T7306] bridge_slave_1: left allmulticast mode [ 133.374377][ T7303] EXT4-fs: Ignoring removed bh option [ 133.403045][ T7306] bridge_slave_1: left promiscuous mode [ 133.427766][ T7306] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.462033][ T7303] EXT4-fs (loop1): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.511344][ T7306] bridge_slave_0: left allmulticast mode [ 133.537648][ T7306] bridge_slave_0: left promiscuous mode [ 133.543373][ T7306] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.593476][ T5765] EXT4-fs (loop1): unmounting filesystem 05000000-0000-0000-0000-000000000000. [ 133.933230][ T7327] loop0: detected capacity change from 0 to 512 [ 133.940197][ T7326] netlink: 12 bytes leftover after parsing attributes in process `syz.1.499'. [ 133.970796][ T7326] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.980357][ T7326] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.989162][ T7326] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.998021][ T7326] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.016993][ T7326] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.026042][ T7326] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.034920][ T7326] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.043866][ T7326] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.061414][ T7327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.101656][ T7327] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.107264][ T7330] loop3: detected capacity change from 0 to 4096 [ 134.195657][ T5774] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 134.306135][ T28] audit: type=1800 audit(1750349330.006:29): pid=7330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.501" name="file1" dev="loop3" ino=33 res=0 errno=0 [ 134.326392][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.347428][ T7333] loop1: detected capacity change from 0 to 512 [ 134.375068][ T7333] EXT4-fs: Ignoring removed mblk_io_submit option [ 134.413437][ T7333] EXT4-fs: Ignoring removed mblk_io_submit option [ 134.420985][ T5774] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.434027][ T5774] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.467410][ T7333] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 134.476344][ T5774] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 134.500428][ T5774] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 134.512752][ T5774] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.512990][ T7333] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c11c, mo2=0002] [ 134.531114][ T5774] usb 3-1: config 0 descriptor?? [ 134.553144][ T7333] System zones: 1-12 [ 134.573834][ T7333] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.502: corrupted in-inode xattr: e_value size too large [ 134.599019][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.611416][ T7333] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.502: couldn't read orphan inode 15 (err -117) [ 134.632281][ T7333] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.704107][ T7333] EXT4-fs warning (device loop1): __ext4fs_dirhash:283: invalid/unsupported hash tree version 11 [ 134.782806][ T7341] loop0: detected capacity change from 0 to 256 [ 134.793063][ T7341] exfat: Deprecated parameter 'namecase' [ 134.818593][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.852549][ T7341] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 134.951653][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 134.985658][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.009368][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.024471][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.040923][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.073765][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.092878][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.119014][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.153401][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.170886][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.190793][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.203660][ T7349] syzkaller1: entered promiscuous mode [ 135.209530][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.211548][ T7349] syzkaller1: entered allmulticast mode [ 135.223576][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.242048][ T5774] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 135.256539][ T5774] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 135.316050][ T5774] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 135.342008][ T7351] loop1: detected capacity change from 0 to 16 [ 135.362742][ T7351] erofs: (device loop1): mounted with root inode @ nid 36. [ 135.365892][ T5774] usb 3-1: USB disconnect, device number 10 [ 135.557974][ T7352] fido_id[7352]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 135.710077][ T7358] loop0: detected capacity change from 0 to 512 [ 135.802318][ T7358] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.519: bad orphan inode 11862016 [ 135.873290][ T7358] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 135.898322][ T7368] loop2: detected capacity change from 0 to 1024 [ 135.939473][ T7368] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.961999][ T7358] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.079666][ T7358] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000d40000 ro. [ 136.119027][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.211707][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 136.792652][ T7402] loop1: detected capacity change from 0 to 8 [ 136.825703][ T7402] SQUASHFS error: zlib decompression failed, data probably corrupt [ 136.856231][ T7402] SQUASHFS error: Failed to read block 0x9b: -5 [ 136.864453][ T7402] SQUASHFS error: Unable to read metadata cache entry [99] [ 136.885827][ T7402] SQUASHFS error: Unable to read inode 0x127 [ 137.275206][ T7416] loop3: detected capacity change from 0 to 64 [ 137.715533][ T7412] loop1: detected capacity change from 0 to 32768 [ 137.862908][ T7428] netlink: 12 bytes leftover after parsing attributes in process `syz.3.541'. [ 137.897926][ T5765] non-latin1 character 0x3ff found in JFS file name [ 137.927028][ T5765] mount with iocharset=utf8 to access [ 137.942476][ T7428] xfrm1: entered promiscuous mode [ 137.961721][ T7431] loop8: detected capacity change from 0 to 7 [ 137.962841][ T7428] xfrm1: entered allmulticast mode [ 137.974329][ T7431] Dev loop8: unable to read RDB block 7 [ 137.977026][ T5765] read_mapping_page failed! [ 137.980498][ T7431] loop8: unable to read partition table [ 137.990142][ T5765] ERROR: (device loop1): txCommit: [ 137.990142][ T5765] [ 137.999600][ T5765] ERROR: (device loop1): remounting filesystem as read-only [ 138.003981][ T7431] loop8: partition table beyond EOD, truncated [ 138.015052][ T7431] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 138.084994][ T7432] loop2: detected capacity change from 0 to 4096 [ 138.186487][ T7432] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.303612][ T28] audit: type=1800 audit(1750349333.996:30): pid=7432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.543" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 138.328446][ T7437] loop3: detected capacity change from 0 to 16 [ 138.363437][ T7437] erofs: (device loop3): mounted with root inode @ nid 36. [ 138.396225][ T7437] erofs: (device loop3): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 138.429500][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.435899][ T7437] erofs: (device loop3): z_erofs_readahead: readahead error at folio 16 @ nid 36 [ 138.507657][ T7437] syz.3.545: attempt to access beyond end of device [ 138.507657][ T7437] loop3: rw=524288, sector=1049264, nr_sectors = 32 limit=16 [ 138.560505][ T7437] syz.3.545: attempt to access beyond end of device [ 138.560505][ T7437] loop3: rw=524288, sector=1049272, nr_sectors = 32 limit=16 [ 138.594650][ T7437] syz.3.545: attempt to access beyond end of device [ 138.594650][ T7437] loop3: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 138.615464][ T7437] syz.3.545: attempt to access beyond end of device [ 138.615464][ T7437] loop3: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 138.654014][ T7437] syz.3.545: attempt to access beyond end of device [ 138.654014][ T7437] loop3: rw=524288, sector=376, nr_sectors = 32 limit=16 [ 138.917459][ T1132] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.122143][ T1132] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.261939][ T1132] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.307095][ T7454] sctp: [Deprecated]: syz.2.552 (pid 7454) Use of int in max_burst socket option. [ 139.307095][ T7454] Use struct sctp_assoc_value instead [ 139.347528][ T1132] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.355544][ T5777] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 140.384192][ T5777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 140.392418][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 140.401174][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 140.420881][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 140.438224][ T5777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 141.232484][ T7483] loop3: detected capacity change from 0 to 40427 [ 141.257914][ T7483] F2FS-fs (loop3): invalid crc value [ 141.285355][ T7483] F2FS-fs (loop3): Found nat_bits in checkpoint [ 141.362946][ T7483] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 141.720825][ T7477] chnl_net:caif_netlink_parms(): no params data found [ 141.742089][ T5763] syz-executor: attempt to access beyond end of device [ 141.742089][ T5763] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 141.793986][ T5763] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 141.814229][ T5763] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 141.835815][ T1132] hsr_slave_0: left promiscuous mode [ 141.848759][ T1132] hsr_slave_1: left promiscuous mode [ 141.867010][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.874521][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.884110][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.906701][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.921531][ T1132] bridge_slave_1: left allmulticast mode [ 141.927524][ T5812] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 141.942403][ T1132] bridge_slave_1: left promiscuous mode [ 141.958698][ T1132] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.978050][ T1132] bridge_slave_0: left allmulticast mode [ 141.983744][ T1132] bridge_slave_0: left promiscuous mode [ 141.995214][ T1132] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.067004][ T1132] veth1_macvtap: left promiscuous mode [ 142.086709][ T1132] veth0_macvtap: left promiscuous mode [ 142.092393][ T1132] veth1_vlan: left promiscuous mode [ 142.110491][ T1132] veth0_vlan: left promiscuous mode [ 142.150759][ T5812] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 142.186238][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.216779][ T5812] usb 1-1: config 0 descriptor?? [ 142.242261][ T5812] cp210x 1-1:0.0: cp210x converter detected [ 142.476080][ T5085] Bluetooth: hci3: command tx timeout [ 142.645400][ T5812] usb 1-1: cp210x converter now attached to ttyUSB0 [ 142.881687][ T23] usb 1-1: USB disconnect, device number 8 [ 142.916276][ T23] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 142.941603][ T23] cp210x 1-1:0.0: device disconnected [ 142.972197][ T7519] loop3: detected capacity change from 0 to 512 [ 142.978164][ T7518] loop2: detected capacity change from 0 to 1024 [ 143.055102][ T7518] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.066191][ T7519] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.571: bg 0: block 393: padding at end of block bitmap is not set [ 143.114699][ T7519] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 143.165194][ T7519] EXT4-fs (loop3): 2 truncates cleaned up [ 143.172779][ T7519] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.242655][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.343550][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.621961][ T1132] team0 (unregistering): Port device team_slave_1 removed [ 143.664999][ T1132] team0 (unregistering): Port device team_slave_0 removed [ 143.704894][ T1132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 143.757635][ T1132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 143.786026][ T5863] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 143.980671][ T5863] usb 1-1: Using ep0 maxpacket: 8 [ 144.005681][ T5863] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 144.013807][ T5863] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 144.046367][ T5863] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 144.057322][ T5863] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 144.071885][ T5863] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 144.082943][ T5863] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 144.096188][ T5863] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 144.105237][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.317537][ T1132] bond0 (unregistering): Released all slaves [ 144.363354][ T5863] usb 1-1: GET_CAPABILITIES returned 0 [ 144.380834][ T5863] usbtmc 1-1:16.0: can't read capabilities [ 144.547762][ T7477] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.555011][ T7477] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.562976][ T5085] Bluetooth: hci3: command tx timeout [ 144.563044][ T7477] bridge_slave_0: entered allmulticast mode [ 144.587148][ T7477] bridge_slave_0: entered promiscuous mode [ 144.594756][ T7477] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.604236][ T7477] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.616492][ T23] usb 1-1: USB disconnect, device number 9 [ 144.628435][ T7477] bridge_slave_1: entered allmulticast mode [ 144.635089][ T7477] bridge_slave_1: entered promiscuous mode [ 144.722042][ T7477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 144.756493][ T7477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.834754][ T7477] team0: Port device team_slave_0 added [ 144.853040][ T7477] team0: Port device team_slave_1 added [ 144.913643][ T7477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 144.937397][ T7477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.967584][ T7477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.985508][ T7477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.996860][ T7477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 145.028193][ T7477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.113734][ T7477] hsr_slave_0: entered promiscuous mode [ 145.120510][ T7477] hsr_slave_1: entered promiscuous mode [ 145.428573][ T7477] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 145.438416][ T7477] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 145.458294][ T7477] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 145.472834][ T7477] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 145.774340][ T7477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.819575][ T7477] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.819669][ T7564] loop0: detected capacity change from 0 to 1024 [ 145.862571][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.869746][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.902649][ T7564] Quota error (device loop0): do_check_range: Getting block 64 out of range 1-5 [ 145.931866][ T7564] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 145.947681][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.954864][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.965770][ T7564] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.569: Failed to acquire dquot type 0 [ 145.989808][ T7564] EXT4-fs error (device loop0): mb_free_blocks:1943: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 146.026482][ T7564] EXT4-fs error (device loop0): ext4_do_update_inode:5224: inode #13: comm syz.0.569: corrupted inode contents [ 146.073319][ T7564] EXT4-fs error (device loop0): ext4_dirty_inode:6100: inode #13: comm syz.0.569: mark_inode_dirty error [ 146.123016][ T7564] EXT4-fs error (device loop0): ext4_do_update_inode:5224: inode #13: comm syz.0.569: corrupted inode contents [ 146.163084][ T7564] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #13: comm syz.0.569: mark_inode_dirty error [ 146.223832][ T7564] EXT4-fs error (device loop0): ext4_do_update_inode:5224: inode #13: comm syz.0.569: corrupted inode contents [ 146.268577][ T7564] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 146.296120][ T7564] EXT4-fs error (device loop0): ext4_do_update_inode:5224: inode #13: comm syz.0.569: corrupted inode contents [ 146.321415][ T7564] EXT4-fs error (device loop0): ext4_truncate:4283: inode #13: comm syz.0.569: mark_inode_dirty error [ 146.335151][ T7577] loop2: detected capacity change from 0 to 16 [ 146.358789][ T7564] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 146.372045][ T7577] erofs: (device loop2): mounted with root inode @ nid 36. [ 146.405519][ T7577] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 146.421563][ T7564] EXT4-fs (loop0): 1 truncate cleaned up [ 146.426862][ T7577] erofs: (device loop2): z_erofs_readahead: readahead error at folio 16 @ nid 36 [ 146.437969][ T7564] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.460177][ T7577] syz.2.570: attempt to access beyond end of device [ 146.460177][ T7577] loop2: rw=524288, sector=1049264, nr_sectors = 32 limit=16 [ 146.490287][ T7577] syz.2.570: attempt to access beyond end of device [ 146.490287][ T7577] loop2: rw=524288, sector=1049272, nr_sectors = 32 limit=16 [ 146.500853][ T7477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 146.548484][ T7577] syz.2.570: attempt to access beyond end of device [ 146.548484][ T7577] loop2: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 146.576023][ T7577] syz.2.570: attempt to access beyond end of device [ 146.576023][ T7577] loop2: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 146.596118][ T7577] syz.2.570: attempt to access beyond end of device [ 146.596118][ T7577] loop2: rw=524288, sector=376, nr_sectors = 32 limit=16 [ 146.620836][ T7564] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 146.639781][ T5085] Bluetooth: hci3: command tx timeout [ 146.705758][ T7564] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 146.763363][ T7564] Quota error (device loop0): do_check_range: Getting block 64 out of range 1-5 [ 146.783075][ T7564] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 146.804779][ T7564] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.569: Failed to acquire dquot type 0 [ 146.824364][ T7564] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 146.939567][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.288901][ T7477] veth0_vlan: entered promiscuous mode [ 147.336310][ T7477] veth1_vlan: entered promiscuous mode [ 147.417131][ T7477] veth0_macvtap: entered promiscuous mode [ 147.457915][ T7477] veth1_macvtap: entered promiscuous mode [ 147.509723][ T7477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.543107][ T7477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.565797][ T7477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.596958][ T7477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.625791][ T7477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.653199][ T7477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.675159][ T7477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.718079][ T7477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.751750][ T7477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.774500][ T7477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.785335][ T7477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.800177][ T7477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.809870][ T7587] loop2: detected capacity change from 0 to 40427 [ 147.817960][ T7477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.822039][ T7589] loop3: detected capacity change from 0 to 32768 [ 147.861911][ T7477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.886286][ T7587] F2FS-fs (loop2): invalid crc value [ 147.895061][ T7477] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.914316][ T7477] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.929268][ T7587] F2FS-fs (loop2): Found nat_bits in checkpoint [ 147.949998][ T7477] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.980588][ T7477] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.029449][ T7589] syz.3.573: attempt to access beyond end of device [ 148.029449][ T7589] loop3: rw=2049, sector=2621792, nr_sectors = 8 limit=32768 [ 148.151216][ T7587] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 148.211737][ T111] blkno = 5002c, nblocks = 1 [ 148.235864][ T111] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map [ 148.235864][ T111] [ 148.266034][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.276332][ T111] ERROR: (device loop3): remounting filesystem as read-only [ 148.319924][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.431677][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.460488][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.501503][ T5762] syz-executor: attempt to access beyond end of device [ 148.501503][ T5762] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 148.563657][ T5762] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 148.586630][ T5762] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 148.663191][ T7617] loop4: detected capacity change from 0 to 512 [ 148.718331][ T5085] Bluetooth: hci3: command tx timeout [ 148.748422][ T7617] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #15: comm syz.4.554: casefold flag without casefold feature [ 148.841071][ T7617] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.554: couldn't read orphan inode 15 (err -117) [ 148.922011][ T7617] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.046368][ T28] audit: type=1800 audit(1750349344.736:31): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.554" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 149.134648][ T7477] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.505198][ T7642] netlink: 'syz.4.579': attribute type 39 has an invalid length. [ 149.903452][ T7653] can0: slcan on ptm0. [ 150.036900][ T7665] netlink: 'syz.0.582': attribute type 29 has an invalid length. [ 150.048947][ T7665] netlink: 'syz.0.582': attribute type 29 has an invalid length. [ 150.065835][ T7652] can0 (unregistered): slcan off ptm0. [ 150.076835][ T7665] netlink: 'syz.0.582': attribute type 29 has an invalid length. [ 150.103991][ T7665] netlink: 'syz.0.582': attribute type 29 has an invalid length. [ 150.152201][ T7665] netlink: 'syz.0.582': attribute type 29 has an invalid length. [ 150.441590][ T7676] loop2: detected capacity change from 0 to 256 [ 150.626037][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 150.647709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 150.716463][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 150.945923][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 150.981921][ T7684] loop2: detected capacity change from 0 to 7 [ 150.991974][ T5757] Dev loop2: unable to read RDB block 7 [ 151.004329][ T5757] loop2: AHDI p1 p2 p3 [ 151.009975][ T5757] loop2: partition table partially beyond EOD, truncated [ 151.031812][ T5757] loop2: p1 start 1601398130 is beyond EOD, truncated [ 151.050281][ T5757] loop2: p2 start 1702059890 is beyond EOD, truncated [ 151.078367][ T7684] Dev loop2: unable to read RDB block 7 [ 151.092396][ T7684] loop2: AHDI p1 p2 p3 [ 151.099484][ T7684] loop2: partition table partially beyond EOD, truncated [ 151.129229][ T7684] loop2: p1 start 1601398130 is beyond EOD, truncated [ 151.145747][ T7684] loop2: p2 start 1702059890 is beyond EOD, truncated [ 151.669659][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 151.885841][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 151.904888][ T8] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 151.922926][ T8] usb 1-1: config 179 has no interface number 0 [ 151.929436][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 151.955884][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 151.976932][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 152.005706][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 152.038209][ T8] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 152.063545][ T8] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 152.085737][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.107705][ T7693] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 152.593328][ T5863] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input13 [ 152.890916][ T7693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.926426][ T7693] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.247988][ T786] usb 1-1: USB disconnect, device number 10 [ 153.248075][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 153.262729][ C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 153.263085][ T786] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 153.400027][ T7726] netlink: 'syz.2.596': attribute type 29 has an invalid length. [ 153.416068][ T7726] netlink: 'syz.2.596': attribute type 29 has an invalid length. [ 153.444047][ T7730] can0: slcan on ptm0. [ 153.444093][ T7726] netlink: 'syz.2.596': attribute type 29 has an invalid length. [ 153.474067][ T7726] netlink: 'syz.2.596': attribute type 29 has an invalid length. [ 153.557513][ T7729] can0 (unregistered): slcan off ptm0. [ 153.684814][ T7734] loop2: detected capacity change from 0 to 1024 [ 153.750661][ T7739] loop4: detected capacity change from 0 to 1024 [ 153.758984][ T7734] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5 [ 153.785324][ T7739] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.811553][ T7734] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 153.821615][ T7734] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.597: Failed to acquire dquot type 0 [ 153.839857][ T7734] EXT4-fs error (device loop2): mb_free_blocks:1943: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 153.858079][ T7734] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.597: corrupted inode contents [ 153.886523][ T7734] EXT4-fs error (device loop2): ext4_dirty_inode:6100: inode #13: comm syz.2.597: mark_inode_dirty error [ 153.898464][ T7734] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.597: corrupted inode contents [ 153.932120][ T7734] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #13: comm syz.2.597: mark_inode_dirty error [ 153.964607][ T7734] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.597: corrupted inode contents [ 154.016277][ T7734] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 154.032572][ T7734] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.597: corrupted inode contents [ 154.046248][ T7734] EXT4-fs error (device loop2): ext4_truncate:4283: inode #13: comm syz.2.597: mark_inode_dirty error [ 154.062447][ T7734] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 154.072733][ T7734] EXT4-fs (loop2): 1 truncate cleaned up [ 154.085318][ T7734] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.127602][ T7728] loop3: detected capacity change from 0 to 32768 [ 154.157125][ T7728] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.603 (7728) [ 154.188553][ T7477] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.264281][ T7728] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 154.281382][ T7734] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 154.294769][ T7749] loop0: detected capacity change from 0 to 64 [ 154.346234][ T7728] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 154.354940][ T7728] BTRFS info (device loop3): doing ref verification [ 154.365801][ T7750] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 154.416191][ T7728] BTRFS info (device loop3): turning on async discard [ 154.424366][ T7750] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5 [ 154.433531][ T7728] BTRFS info (device loop3): force clearing of disk cache [ 154.445465][ T7728] BTRFS info (device loop3): doing ref verification [ 154.461537][ T7750] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 154.463971][ T7756] loop4: detected capacity change from 0 to 256 [ 154.471080][ T7728] BTRFS info (device loop3): disabling free space tree [ 154.500059][ T7750] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.597: Failed to acquire dquot type 0 [ 154.514963][ T7728] BTRFS info (device loop3): max_inline at 4096 [ 154.524935][ T7750] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 154.680475][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.713211][ T7756] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 154.718267][ T7728] BTRFS info (device loop3): rebuilding free space tree [ 154.818275][ T7728] BTRFS info (device loop3): disabling free space tree [ 154.845792][ T7728] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 154.855494][ T7728] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 154.964528][ T7778] loop4: detected capacity change from 0 to 256 [ 155.303862][ T5763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 155.331270][ T7788] loop2: detected capacity change from 0 to 1024 [ 156.241973][ T7807] validate_nla: 1 callbacks suppressed [ 156.241997][ T7807] netlink: 'syz.4.607': attribute type 29 has an invalid length. [ 156.337907][ T7807] netlink: 'syz.4.607': attribute type 29 has an invalid length. [ 156.372383][ T7809] netlink: 'syz.4.607': attribute type 29 has an invalid length. [ 156.401574][ T7811] netlink: 'syz.4.607': attribute type 29 has an invalid length. [ 156.469326][ T7807] netlink: 'syz.4.607': attribute type 29 has an invalid length. [ 156.641701][ T7797] loop3: detected capacity change from 0 to 32768 [ 156.665945][ T7816] netlink: 'syz.2.612': attribute type 39 has an invalid length. [ 156.696264][ T7797] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 156.761236][ T7817] loop4: detected capacity change from 0 to 4096 [ 156.957357][ T5757] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 157.258422][ T7827] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 157.943770][ T7846] netlink: 'syz.4.620': attribute type 29 has an invalid length. [ 157.981963][ T7846] netlink: 'syz.4.620': attribute type 29 has an invalid length. [ 158.025818][ T7846] netlink: 'syz.4.620': attribute type 29 has an invalid length. [ 158.055643][ T7846] netlink: 'syz.4.620': attribute type 29 has an invalid length. [ 158.133466][ T7834] loop2: detected capacity change from 0 to 32768 [ 158.197277][ T7834] jfs_lookup: iget failed on inum 32 [ 158.202986][ T7834] jfs_lookup: iget failed on inum 32 [ 158.256464][ T7834] find_entry called with index = 0 [ 158.262547][ T7834] find_entry called with index = 0 [ 158.313411][ T7834] jfs_lookup: iget failed on inum 32 [ 158.357471][ T7834] jfs_lookup: iget failed on inum 32 [ 158.699618][ T7844] loop0: detected capacity change from 0 to 32768 [ 158.730642][ T7844] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.619 (7844) [ 158.795149][ T7844] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 158.820763][ T7844] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 158.859350][ T7844] BTRFS info (device loop0): doing ref verification [ 158.886967][ T7844] BTRFS info (device loop0): turning on async discard [ 158.911191][ T7844] BTRFS info (device loop0): force clearing of disk cache [ 158.928053][ T7844] BTRFS info (device loop0): doing ref verification [ 158.945202][ T7844] BTRFS info (device loop0): disabling free space tree [ 158.969140][ T7844] BTRFS info (device loop0): max_inline at 4096 [ 159.099982][ T7844] BTRFS info (device loop0): rebuilding free space tree [ 159.162391][ T7844] BTRFS info (device loop0): disabling free space tree [ 159.195252][ T7844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 159.255699][ T7844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 159.272625][ T7852] loop4: detected capacity change from 0 to 32768 [ 159.367532][ T7852] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 159.505873][ T7852] XFS (loop4): Ending clean mount [ 159.663206][ T5764] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 160.120199][ T7477] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 160.596830][ T7887] loop3: detected capacity change from 0 to 40427 [ 160.653453][ T7887] F2FS-fs (loop3): invalid crc value [ 160.727223][ T7887] F2FS-fs (loop3): Found nat_bits in checkpoint [ 160.839729][ T7896] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 161.003598][ T7887] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 161.690170][ T7902] loop2: detected capacity change from 0 to 4096 [ 161.977460][ T7902] overlayfs: upper fs does not support tmpfile. [ 162.018354][ T7903] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 162.060365][ T7902] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 162.158553][ T7899] loop0: detected capacity change from 0 to 40427 [ 162.192773][ T7899] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 162.232478][ T7899] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 162.291255][ T7899] F2FS-fs (loop0): invalid crc value [ 162.328399][ T7899] F2FS-fs (loop0): Found nat_bits in checkpoint [ 162.518785][ T5763] syz-executor: attempt to access beyond end of device [ 162.518785][ T5763] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 162.533998][ T5763] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 162.593511][ T7899] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 162.636117][ T7899] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 162.731193][ T7893] loop4: detected capacity change from 0 to 262144 [ 162.771408][ T7899] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 162.779739][ T7899] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 162.788813][ T7899] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 162.798470][ T7899] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 162.807843][ T7899] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 162.832242][ T7893] F2FS-fs (loop4): invalid crc value [ 162.844518][ T7893] F2FS-fs (loop4): Found nat_bits in checkpoint [ 162.894647][ T7893] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 162.903192][ T7899] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 162.918916][ T7917] syz.0.636: attempt to access beyond end of device [ 162.918916][ T7917] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 162.959081][ T7899] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 164.239083][ T7941] loop0: detected capacity change from 0 to 2048 [ 164.252586][ T7943] loop2: detected capacity change from 0 to 2048 [ 164.301220][ T7941] loop0: p1 < > p3 [ 164.312934][ T7941] loop0: p3 size 134217728 extends beyond EOD, truncated [ 164.327032][ T7943] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.612893][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.820732][ T7956] loop3: detected capacity change from 0 to 4096 [ 165.827090][ T7982] loop4: detected capacity change from 0 to 1024 [ 166.147697][ T5819] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 166.337784][ T5819] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 166.347110][ T5819] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.366633][ T5819] usb 5-1: config 0 descriptor?? [ 166.384706][ T5819] cp210x 5-1:0.0: cp210x converter detected [ 167.008231][ T5819] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 167.023359][ T5819] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 167.039106][ T5819] usb 5-1: cp210x converter now attached to ttyUSB0 [ 167.063133][ T5819] usb 5-1: USB disconnect, device number 2 [ 167.084890][ T5819] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 167.115509][ T5819] cp210x 5-1:0.0: device disconnected [ 167.647596][ T1136] hfsplus: b-tree write err: -5, ino 4 [ 168.193893][ T8063] loop2: detected capacity change from 0 to 40427 [ 168.233357][ T8063] F2FS-fs (loop2): invalid crc value [ 168.250675][ T8063] F2FS-fs (loop2): Found nat_bits in checkpoint [ 168.360205][ T8063] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 168.718237][ T5762] syz-executor: attempt to access beyond end of device [ 168.718237][ T5762] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 168.765808][ T5762] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 168.944992][ T8088] loop3: detected capacity change from 0 to 256 [ 169.002576][ T8088] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 169.464588][ T8097] xt_bpf: check failed: parse error [ 169.522851][ T8099] binder: 8098:8099 ioctl c0306201 200000000680 returned -14 [ 169.718500][ T8086] loop0: detected capacity change from 0 to 32768 [ 169.808480][ T8086] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 169.908156][ T8086] XFS (loop0): Ending clean mount [ 170.161102][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.661'. [ 170.230623][ T5764] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 170.612137][ T8141] loop3: detected capacity change from 0 to 2048 [ 170.619712][ T8141] UDF-fs: bad mount option "mode&00000000000000000000777" or missing value [ 170.661006][ T5757] blk_print_req_error: 82 callbacks suppressed [ 170.661020][ T5757] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 170.700489][ T8141] Bluetooth: MGMT ver 1.22 [ 170.980760][ T8152] loop4: detected capacity change from 0 to 2048 [ 171.002606][ T8152] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 171.037219][ T28] audit: type=1800 audit(1750349366.736:32): pid=8152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.673" name="file1" dev="loop4" ino=1335 res=0 errno=0 [ 171.705995][ T8162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.675'. [ 171.873717][ T8167] loop3: detected capacity change from 0 to 2048 [ 171.917506][ T8167] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.007519][ T5863] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 172.117955][ T8174] loop2: detected capacity change from 0 to 2048 [ 172.121179][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.129334][ T8174] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 172.241864][ T5863] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.275689][ T5863] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 172.295175][ T5863] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 172.335364][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.362905][ T5863] usb 1-1: config 0 descriptor?? [ 172.378206][ T5863] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 172.391505][ T5863] dvb-usb: bulk message failed: -22 (3/0) [ 172.430924][ T5863] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 172.456209][ T5863] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 172.465066][ T5863] usb 1-1: media controller created [ 172.475471][ T5762] UDF-fs: error (device loop2): udf_read_inode: (ino 1329) failed !bh [ 172.503804][ T5863] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 172.557828][ T5762] UDF-fs: error (device loop2): udf_read_inode: (ino 1329) failed !bh [ 172.624952][ T5863] dvb-usb: bulk message failed: -22 (6/0) [ 172.666394][ T5863] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 172.691685][ T5863] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input14 [ 172.706659][ T8188] xt_bpf: check failed: parse error [ 172.736467][ T5863] dvb-usb: schedule remote query interval to 150 msecs. [ 172.755844][ T5863] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 172.781200][ T5863] usb 1-1: USB disconnect, device number 11 [ 172.887263][ T5863] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 173.468361][ T28] audit: type=1326 audit(1750349369.166:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.527957][ T28] audit: type=1326 audit(1750349369.166:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.566320][ T8204] loop0: detected capacity change from 0 to 2048 [ 173.575045][ T28] audit: type=1326 audit(1750349369.186:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.600158][ T28] audit: type=1326 audit(1750349369.186:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.623029][ T28] audit: type=1326 audit(1750349369.186:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.664335][ T28] audit: type=1326 audit(1750349369.186:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.698075][ T8204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.721507][ T28] audit: type=1326 audit(1750349369.196:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.788285][ T28] audit: type=1326 audit(1750349369.196:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.838247][ T28] audit: type=1326 audit(1750349369.206:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f359338e929 code=0x7ffc0000 [ 173.851263][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.182893][ T5777] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 174.198007][ T1132] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.205920][ T5777] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 174.217650][ T5777] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 174.226175][ T5777] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 174.235086][ T5777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 174.242872][ T5777] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 174.396950][ T1132] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.465820][ T786] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 174.509872][ T1132] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.614502][ T1132] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.686094][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.716900][ T786] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 174.735005][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.761981][ T786] usb 4-1: config 0 descriptor?? [ 174.965489][ T8217] chnl_net:caif_netlink_parms(): no params data found [ 175.220108][ T786] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor [ 175.240452][ T786] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0007/input/input15 [ 175.346113][ T5863] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 175.434768][ T8217] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.473304][ T8217] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.487515][ T786] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 175.505015][ T8217] bridge_slave_0: entered allmulticast mode [ 175.514484][ T8217] bridge_slave_0: entered promiscuous mode [ 175.537836][ T5863] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 175.570306][ T5863] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 175.604227][ T8217] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.609030][ T5863] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 175.637110][ T8217] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.641074][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.644405][ T8217] bridge_slave_1: entered allmulticast mode [ 175.693898][ T5863] usb 5-1: config 0 descriptor?? [ 175.721076][ T8217] bridge_slave_1: entered promiscuous mode [ 175.740163][ T5863] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 175.760019][ T5863] dvb-usb: bulk message failed: -22 (3/0) [ 175.781186][ T786] usb 4-1: USB disconnect, device number 9 [ 175.784853][ T5863] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 175.814802][ T5863] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 175.844885][ T5863] usb 5-1: media controller created [ 175.870130][ T5863] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 175.931296][ T8217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.949597][ T5863] dvb-usb: bulk message failed: -22 (6/0) [ 175.957312][ T5863] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 175.986816][ T8217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.000619][ T5863] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input16 [ 176.041962][ T5863] dvb-usb: schedule remote query interval to 150 msecs. [ 176.049304][ T5863] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 176.073964][ T5863] usb 5-1: USB disconnect, device number 3 [ 176.114227][ T5863] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 176.192361][ T8217] team0: Port device team_slave_0 added [ 176.233595][ T8217] team0: Port device team_slave_1 added [ 176.290304][ T8217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.297489][ T8217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.327182][ T5777] Bluetooth: hci0: command tx timeout [ 176.346944][ T8217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.367783][ T8217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.378619][ T8217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.452161][ T8217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.633720][ T8217] hsr_slave_0: entered promiscuous mode [ 176.650817][ T8217] hsr_slave_1: entered promiscuous mode [ 176.658788][ T8217] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.679202][ T8217] Cannot create hsr debugfs directory [ 177.311059][ T1132] hsr_slave_0: left promiscuous mode [ 177.319206][ T1132] hsr_slave_1: left promiscuous mode [ 177.334153][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.345113][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.358763][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.371971][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.413726][ T1132] veth1_macvtap: left promiscuous mode [ 177.422243][ T1132] veth0_macvtap: left promiscuous mode [ 177.429879][ T1132] veth1_vlan: left promiscuous mode [ 177.437653][ T1132] veth0_vlan: left promiscuous mode [ 177.969829][ T1132] team0 (unregistering): Port device team_slave_1 removed [ 178.014690][ T1132] team0 (unregistering): Port device team_slave_0 removed [ 178.058490][ T1132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.122612][ T1132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 178.402992][ T5777] Bluetooth: hci0: command tx timeout [ 178.609911][ T1132] bond0 (unregistering): Released all slaves [ 180.482147][ T5777] Bluetooth: hci0: command tx timeout [ 180.723254][ T8307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.715'. [ 181.060127][ T1132] IPVS: stop unused estimator thread 0... [ 181.661544][ T8217] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 181.703472][ T8217] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 181.722544][ T8217] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 181.784787][ T8217] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 181.851864][ T8331] loop4: detected capacity change from 0 to 1024 [ 181.907725][ T8331] EXT4-fs: Ignoring removed orlov option [ 182.003830][ T8331] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.021197][ T8318] loop0: detected capacity change from 0 to 32768 [ 182.038774][ T8318] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.719 (8318) [ 182.119880][ T8318] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 182.157090][ T8318] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 182.199130][ T8217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.209752][ T8318] BTRFS info (device loop0): force clearing of disk cache [ 182.226850][ T8318] BTRFS info (device loop0): force zlib compression, level 3 [ 182.255769][ T8318] BTRFS info (device loop0): enabling ssd optimizations [ 182.262779][ T8318] BTRFS info (device loop0): enabling auto defrag [ 182.279661][ T8217] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.296842][ T8318] BTRFS info (device loop0): max_inline at 0 [ 182.302888][ T8318] BTRFS info (device loop0): enabling disk space caching [ 182.304255][ T8320] loop3: detected capacity change from 0 to 40427 [ 182.330181][ T8318] BTRFS info (device loop0): disk space caching is enabled [ 182.338882][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.346060][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.407560][ T8320] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 182.476327][ T8320] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 182.490146][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.497327][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.532850][ T8318] BTRFS info (device loop0): auto enabling async discard [ 182.541257][ T8320] F2FS-fs (loop3): invalid crc value [ 182.556145][ T5777] Bluetooth: hci0: command tx timeout [ 182.568967][ T8318] BTRFS info (device loop0): rebuilding free space tree [ 182.594691][ T8320] F2FS-fs (loop3): Found nat_bits in checkpoint [ 182.680042][ T8318] BTRFS info (device loop0): disabling free space tree [ 182.728324][ T8318] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 182.781099][ T8318] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 182.845917][ T8320] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 182.853013][ T8320] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 182.940719][ T8320] syz.3.720: attempt to access beyond end of device [ 182.940719][ T8320] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 182.983202][ T8320] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 182.994884][ T7477] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.184210][ T1136] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 183.246765][ T5764] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 183.436237][ T8217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.626353][ T8217] veth0_vlan: entered promiscuous mode [ 183.658923][ T8383] loop4: detected capacity change from 0 to 64 [ 183.700717][ T8217] veth1_vlan: entered promiscuous mode [ 183.829853][ T8217] veth0_macvtap: entered promiscuous mode [ 183.891632][ T8217] veth1_macvtap: entered promiscuous mode [ 183.973417][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.990628][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 183.990643][ T28] audit: type=1326 audit(1750349379.686:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.013841][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.030741][ T28] audit: type=1326 audit(1750349379.686:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.036325][ T8391] validate_nla: 2 callbacks suppressed [ 184.036340][ T8391] netlink: 'syz.3.724': attribute type 16 has an invalid length. [ 184.070590][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.085795][ T28] audit: type=1326 audit(1750349379.726:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.108295][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.108319][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.108334][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.146315][ T8391] netlink: 'syz.3.724': attribute type 3 has an invalid length. [ 184.154525][ T8391] netlink: 64066 bytes leftover after parsing attributes in process `syz.3.724'. [ 184.192662][ T28] audit: type=1326 audit(1750349379.726:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.215169][ T28] audit: type=1326 audit(1750349379.726:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.241521][ T28] audit: type=1326 audit(1750349379.766:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.269633][ T28] audit: type=1326 audit(1750349379.766:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.292510][ T28] audit: type=1326 audit(1750349379.766:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.344220][ T8217] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.373375][ T28] audit: type=1326 audit(1750349379.776:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.423255][ T28] audit: type=1326 audit(1750349379.776:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0596f8e929 code=0x7ffc0000 [ 184.424554][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.501045][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.529931][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.544555][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.559329][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.574398][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.597289][ T8217] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.633973][ T8217] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.675934][ T8217] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.723322][ T8217] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.745763][ T8217] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.130387][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.163593][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.198396][ T8421] syz.3.733 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 185.262353][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.289587][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.157467][ T8445] loop2: detected capacity change from 0 to 128 [ 186.186301][ T8445] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 186.218255][ T8445] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.240831][ T5776] Bluetooth: hci2: command 0x0406 tx timeout [ 186.240845][ T5771] Bluetooth: hci1: command 0x0406 tx timeout [ 186.341002][ T8445] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 186.710921][ T8455] loop2: detected capacity change from 0 to 2048 [ 186.758834][ T8455] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 188.058539][ T8469] loop3: detected capacity change from 0 to 32768 [ 188.069563][ T8469] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.745 (8469) [ 188.103757][ T8492] input: syz0 as /devices/virtual/input/input17 [ 188.140887][ T8469] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 188.168138][ T8469] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 188.212211][ T8469] BTRFS info (device loop3): force clearing of disk cache [ 188.241090][ T8469] BTRFS info (device loop3): force zlib compression, level 3 [ 188.264270][ T8469] BTRFS info (device loop3): enabling ssd optimizations [ 188.295659][ T8469] BTRFS info (device loop3): enabling auto defrag [ 188.332258][ T8469] BTRFS info (device loop3): max_inline at 0 [ 188.355736][ T8469] BTRFS info (device loop3): enabling disk space caching [ 188.362821][ T8469] BTRFS info (device loop3): disk space caching is enabled [ 188.594240][ T8469] BTRFS info (device loop3): auto enabling async discard [ 188.663793][ T8469] BTRFS info (device loop3): rebuilding free space tree [ 188.733407][ T8469] BTRFS info (device loop3): disabling free space tree [ 188.768525][ T8469] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 188.792208][ T8469] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 189.017990][ T5812] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 189.074457][ T11] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 189.143109][ T5763] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 189.283178][ T5812] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.338234][ T5812] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 189.385714][ T5812] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 189.405647][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.443104][ T5812] usb 1-1: config 0 descriptor?? [ 189.549915][ T5812] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 189.585705][ T5812] dvb-usb: bulk message failed: -22 (3/0) [ 189.635182][ T5812] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 189.699691][ T5812] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 189.727203][ T8526] dvb-usb: bulk message failed: -22 (2/0) [ 189.757164][ T5812] usb 1-1: media controller created [ 189.764042][ T5812] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 189.867737][ T5812] dvb-usb: bulk message failed: -22 (6/0) [ 189.902221][ T5812] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 189.978350][ T5812] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input18 [ 190.027919][ T5812] dvb-usb: schedule remote query interval to 150 msecs. [ 190.034924][ T5812] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 190.107960][ T5812] usb 1-1: USB disconnect, device number 12 [ 190.214228][ T5812] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 190.221269][ T8532] loop2: detected capacity change from 0 to 32768 [ 190.276856][ T8532] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 190.344020][ T8532] XFS (loop2): Ending clean mount [ 190.641768][ T8217] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 190.754560][ T8569] loop4: detected capacity change from 0 to 1024 [ 190.840441][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 190.840454][ T28] audit: type=1800 audit(1750349386.536:57): pid=8569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.768" name="file2" dev="loop4" ino=22 res=0 errno=0 [ 191.393175][ T8579] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000005 [ 191.859516][ T8542] udevd[8542]: symlink '../../loop4' '/dev/disk/by-diskseq/365.tmp-b7:4' failed: Read-only file system [ 192.063851][ T5757] udevd[5757]: symlink '../../loop2' '/dev/disk/by-diskseq/366.tmp-b7:2' failed: Read-only file system [ 192.262024][ T8542] udevd[8542]: symlink '../../loop4' '/dev/disk/by-diskseq/365.tmp-b7:4' failed: Read-only file system [ 192.692903][ T8610] loop0: detected capacity change from 0 to 512 [ 192.727454][ T8610] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 192.780656][ T5757] udevd[5757]: symlink '../../loop0' '/dev/disk/by-diskseq/367.tmp-b7:0' failed: Read-only file system [ 192.804229][ T8610] EXT4-fs (loop0): 1 truncate cleaned up [ 192.828502][ T8610] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.844499][ T5757] udevd[5757]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 192.922893][ T8605] loop4: detected capacity change from 0 to 40427 [ 192.948962][ T8605] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff [ 192.968157][ T8605] F2FS-fs (loop4): heap/no_heap options were deprecated [ 192.985399][ T8605] F2FS-fs (loop4): Image doesn't support compression [ 192.993897][ T5757] udevd[5757]: symlink '../../loop0' '/dev/disk/by-diskseq/367.tmp-b7:0' failed: Read-only file system [ 193.005722][ T8] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 193.018352][ T8605] F2FS-fs (loop4): invalid crc value [ 193.029192][ T8605] F2FS-fs (loop4): Found nat_bits in checkpoint [ 193.042533][ T5757] udevd[5757]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 193.048218][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.130262][ T8542] udevd[8542]: symlink '../../loop4' '/dev/disk/by-diskseq/368.tmp-b7:4' failed: Read-only file system [ 193.147167][ T5757] udevd[5757]: symlink '../../loop0' '/dev/disk/by-diskseq/367.tmp-b7:0' failed: Read-only file system [ 193.162769][ T8542] udevd[8542]: symlink '../../loop4' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:4' failed: Read-only file system [ 193.205803][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 193.213466][ T8] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 193.218545][ T8605] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 193.240035][ T8] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 193.259530][ T8] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 193.280345][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 193.300649][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 193.327195][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 193.363609][ T8] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 193.386937][ T8605] F2FS-fs (loop4): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50 [ 193.397614][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.419149][ T8] usb 4-1: config 0 descriptor?? [ 193.481423][ T7477] syz-executor: attempt to access beyond end of device [ 193.481423][ T7477] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 193.504325][ T7477] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 193.514554][ T7477] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 193.650836][ T8] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 193.682375][ T8] usb 4-1: USB disconnect, device number 10 [ 193.716346][ T8] usblp0: removed [ 193.742963][ T8623] loop2: detected capacity change from 0 to 2048 [ 193.799450][ T8623] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.858529][ T8623] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 193.980801][ T8217] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.226828][ T8634] loop4: detected capacity change from 0 to 4096 [ 194.257684][ T8] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 194.400866][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.468925][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 194.490380][ T8] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 194.514534][ T8] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 194.540866][ T8] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 194.561931][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 194.584093][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 194.614496][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 194.655674][ T8] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 194.671744][ T8632] loop2: detected capacity change from 0 to 32768 [ 194.678297][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.699613][ T8] usb 4-1: config 0 descriptor?? [ 194.939505][ T8640] loop4: detected capacity change from 0 to 8192 [ 195.001946][ T8640] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 195.016117][ T8640] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 195.032612][ T8640] REISERFS (device loop4): using ordered data mode [ 195.045680][ T8640] reiserfs: using flush barriers [ 195.059464][ T8640] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 195.076818][ T8640] REISERFS (device loop4): checking transaction log (loop4) [ 195.100749][ T8640] REISERFS (device loop4): Using r5 hash to sort names [ 195.112181][ T8640] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 195.526400][ T8649] syz_tun: entered allmulticast mode [ 195.703466][ T8653] loop2: detected capacity change from 0 to 1024 [ 195.752725][ T8653] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.785906][ T8653] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.857666][ T8217] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.040049][ T8646] loop0: detected capacity change from 0 to 40427 [ 196.060222][ T8646] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 196.088395][ T8646] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 196.122752][ T8646] F2FS-fs (loop0): invalid crc value [ 196.147843][ T8646] F2FS-fs (loop0): Found nat_bits in checkpoint [ 196.314467][ T8651] loop4: detected capacity change from 0 to 32768 [ 196.327958][ T8651] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 scanned by syz.4.798 (8651) [ 196.342399][ T8646] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 196.355774][ T8646] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 196.389266][ T8651] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 196.396163][ T8] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 196.437316][ T8651] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 196.451541][ T8] usb 4-1: USB disconnect, device number 11 [ 196.482279][ T8] usblp0: removed [ 196.491299][ T8646] syz.0.797: attempt to access beyond end of device [ 196.491299][ T8646] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 196.510898][ T8651] BTRFS info (device loop4): using free space tree [ 196.563456][ T8646] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 196.643650][ T8671] loop3: detected capacity change from 0 to 512 [ 196.664326][ T8671] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 196.701384][ T8651] BTRFS info (device loop4): enabling ssd optimizations [ 196.750095][ T8651] BTRFS info (device loop4): auto enabling async discard [ 196.772895][ T8671] EXT4-fs (loop3): 1 truncate cleaned up [ 196.793368][ T8671] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.800675][ T8657] loop2: detected capacity change from 0 to 32768 [ 196.870670][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:3' failed: Read-only file system [ 196.998740][ T8542] udevd[8542]: symlink '../../loop4' '/dev/disk/by-diskseq/382.tmp-b7:4' failed: Read-only file system [ 197.014085][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.067308][ T8542] udevd[8542]: symlink '../../loop4' '/dev/disk/by-uuid/3d39d0ba-bdae-447e-827b-b091e1a68885.tmp-b7:4' failed: Read-only file system [ 197.120245][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/383.tmp-b7:3' failed: Read-only file system [ 197.172846][ T5895] udevd[5895]: symlink '../../loop2' '/dev/disk/by-diskseq/384.tmp-b7:2' failed: Read-only file system [ 197.213185][ T5780] udevd[5780]: symlink '../../loop0' '/dev/disk/by-diskseq/381.tmp-b7:0' failed: Read-only file system [ 197.218102][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/383.tmp-b7:3' failed: Read-only file system [ 197.256452][ T5895] udevd[5895]: symlink '../../loop2' '/dev/disk/by-uuid/45b0d9a3-5e0b-4fd0-ae05-2ff6b274033b.tmp-b7:2' failed: Read-only file system [ 197.315132][ T7477] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 197.332938][ T5780] udevd[5780]: symlink '../../loop0' '/dev/disk/by-diskseq/381.tmp-b7:0' failed: Read-only file system [ 197.339455][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/385.tmp-b7:3' failed: Read-only file system [ 197.387592][ T8689] loop2: detected capacity change from 0 to 128 [ 197.485715][ T28] audit: type=1800 audit(1750349393.176:58): pid=8689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.806" name="file2" dev="loop2" ino=1048609 res=0 errno=0 [ 197.514445][ T8689] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 197.576369][ T8689] FAT-fs (loop2): Filesystem has been set read-only [ 197.591074][ T8689] syz.2.806: attempt to access beyond end of device [ 197.591074][ T8689] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 197.654634][ T8689] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 197.695945][ T8689] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 197.760922][ T8689] syz.2.806: attempt to access beyond end of device [ 197.760922][ T8689] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 197.822009][ T8689] syz.2.806: attempt to access beyond end of device [ 197.822009][ T8689] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 198.311829][ T8709] mmap: syz.0.803 (8709) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 198.334299][ T8710] loop2: detected capacity change from 0 to 256 [ 198.348579][ T8710] exfat: Deprecated parameter 'utf8' [ 198.353969][ T8710] exfat: Deprecated parameter 'namecase' [ 198.410870][ T8710] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 198.746783][ T8716] loop0: detected capacity change from 0 to 512 [ 198.765473][ T8716] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 198.815805][ T8716] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 198.870016][ T8716] EXT4-fs (loop0): 1 truncate cleaned up [ 198.879198][ T8716] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.252509][ T8712] loop4: detected capacity change from 0 to 40427 [ 199.269385][ T8712] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 199.285366][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.292141][ T8712] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 199.392521][ T8712] F2FS-fs (loop4): Found nat_bits in checkpoint [ 199.587000][ T8712] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 199.606904][ T8712] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 199.800074][ T8729] f2fs_ckpt-7:4: attempt to access beyond end of device [ 199.800074][ T8729] loop4: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 199.868589][ T8729] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 199.876278][ T8729] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 199.883190][ T8729] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 199.931929][ T8729] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 200.362872][ T8736] loop0: detected capacity change from 0 to 32768 [ 200.476254][ T8736] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 200.576946][ T8736] XFS (loop0): Ending clean mount [ 200.647698][ T8736] XFS (loop0): Quotacheck needed: Please wait. [ 200.737508][ T8736] XFS (loop0): Quotacheck: Done. [ 200.782044][ T8757] loop3: detected capacity change from 0 to 128 [ 200.865497][ T28] audit: type=1800 audit(1750349396.556:59): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.831" name="file2" dev="loop3" ino=1048611 res=0 errno=0 [ 200.893202][ T8757] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 200.905348][ T8757] FAT-fs (loop3): Filesystem has been set read-only [ 200.912545][ T8757] syz.3.831: attempt to access beyond end of device [ 200.912545][ T8757] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 200.936363][ T8757] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 200.944368][ T8757] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 200.959519][ T8757] syz.3.831: attempt to access beyond end of device [ 200.959519][ T8757] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 200.988295][ T5764] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 200.999283][ T8757] syz.3.831: attempt to access beyond end of device [ 200.999283][ T8757] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 201.124062][ T8763] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 201.608407][ T8773] loop0: detected capacity change from 0 to 2048 [ 202.065410][ T5757] udevd[5757]: symlink '../../loop4' '/dev/disk/by-diskseq/397.tmp-b7:4' failed: Read-only file system [ 202.132132][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/399.tmp-b7:3' failed: Read-only file system [ 202.170832][ T5757] udevd[5757]: symlink '../../loop4' '/dev/disk/by-diskseq/397.tmp-b7:4' failed: Read-only file system [ 202.244602][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/399.tmp-b7:3' failed: Read-only file system [ 202.282873][ T5757] udevd[5757]: symlink '../../loop4' '/dev/disk/by-diskseq/397.tmp-b7:4' failed: Read-only file system [ 202.337395][ T8789] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 202.371766][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/399.tmp-b7:3' failed: Read-only file system [ 202.431304][ T5757] udevd[5757]: symlink '../../loop4' '/dev/disk/by-diskseq/397.tmp-b7:4' failed: Read-only file system [ 202.470873][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/399.tmp-b7:3' failed: Read-only file system [ 202.491314][ T8793] netlink: 4 bytes leftover after parsing attributes in process `syz.4.847'. [ 202.567273][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/399.tmp-b7:3' failed: Read-only file system [ 202.632242][ T5757] udevd[5757]: symlink '../../loop3' '/dev/disk/by-diskseq/399.tmp-b7:3' failed: Read-only file system [ 202.643477][ T5085] Bluetooth: hci4: command 0x1003 tx timeout [ 202.650874][ T5777] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 202.700815][ T8799] loop3: detected capacity change from 0 to 64 [ 203.591181][ T1136] kworker/u4:6: attempt to access beyond end of device [ 203.591181][ T1136] loop3: rw=1, sector=513, nr_sectors = 1 limit=64 [ 203.604747][ T1136] buffer_io_error: 14 callbacks suppressed [ 203.604756][ T1136] Buffer I/O error on dev loop3, logical block 513, lost async page write [ 203.619449][ T1136] kworker/u4:6: attempt to access beyond end of device [ 203.619449][ T1136] loop3: rw=1, sector=514, nr_sectors = 1 limit=64 [ 203.632727][ T1136] Buffer I/O error on dev loop3, logical block 514, lost async page write [ 203.641293][ T1136] kworker/u4:6: attempt to access beyond end of device [ 203.641293][ T1136] loop3: rw=1, sector=519, nr_sectors = 1 limit=64 [ 203.659114][ T1136] Buffer I/O error on dev loop3, logical block 519, lost async page write [ 203.668644][ T1136] kworker/u4:6: attempt to access beyond end of device [ 203.668644][ T1136] loop3: rw=1, sector=520, nr_sectors = 1 limit=64 [ 203.685626][ T1136] Buffer I/O error on dev loop3, logical block 520, lost async page write [ 203.694271][ T1136] kworker/u4:6: attempt to access beyond end of device [ 203.694271][ T1136] loop3: rw=1, sector=521, nr_sectors = 1 limit=64 [ 203.713863][ T1136] Buffer I/O error on dev loop3, logical block 521, lost async page write [ 203.751117][ T1136] kworker/u4:6: attempt to access beyond end of device [ 203.751117][ T1136] loop3: rw=1, sector=522, nr_sectors = 1 limit=64 [ 203.801446][ T1136] Buffer I/O error on dev loop3, logical block 522, lost async page write [ 203.813790][ T8814] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 203.814994][ T1136] Buffer I/O error on dev loop3, logical block 523, lost async page write [ 203.837692][ T1136] Buffer I/O error on dev loop3, logical block 524, lost async page write [ 203.856379][ T8818] loop0: detected capacity change from 0 to 16 [ 203.861408][ T1136] Buffer I/O error on dev loop3, logical block 4165, lost async page write [ 203.871415][ T1136] Buffer I/O error on dev loop3, logical block 4166, lost async page write [ 203.874011][ T8818] erofs: (device loop0): mounted with root inode @ nid 36. [ 203.918477][ T8818] overlayfs: upper fs does not support file handles, falling back to index=off. [ 203.942837][ T8818] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 204.132642][ T8825] loop2: detected capacity change from 0 to 512 [ 204.187480][ T8825] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.255844][ T8825] ext4 filesystem being mounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 204.327623][ T8825] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #2: comm syz.2.861: corrupted inode contents [ 204.373822][ T8825] EXT4-fs error (device loop2): ext4_dirty_inode:6100: inode #2: comm syz.2.861: mark_inode_dirty error [ 204.397682][ T8825] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #2: comm syz.2.861: corrupted inode contents [ 204.431217][ T8825] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.861: mark_inode_dirty error [ 204.540554][ T8217] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.712436][ T8839] loop0: detected capacity change from 0 to 128 [ 204.751427][ T28] audit: type=1800 audit(1750349400.446:60): pid=8839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.867" name="file1" dev="loop0" ino=1048612 res=0 errno=0 [ 204.803763][ T8839] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8) [ 204.843458][ T8839] FAT-fs (loop0): Filesystem has been set read-only [ 204.861382][ T8839] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522) [ 204.966680][ T8844] @: renamed from vlan0 (while UP) [ 205.298059][ T8853] loop3: detected capacity change from 0 to 512 [ 205.336595][ T8853] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.857: corrupted in-inode xattr: invalid ea_ino [ 205.438609][ T8853] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.857: couldn't read orphan inode 15 (err -117) [ 205.491286][ T8853] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.781448][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.937476][ T8850] loop4: detected capacity change from 0 to 32768 [ 205.970113][ T8850] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.871 (8850) [ 206.001369][ T8850] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 206.018087][ T8850] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 206.056719][ T8850] BTRFS info (device loop4): force clearing of disk cache [ 206.074147][ T8850] BTRFS info (device loop4): force zlib compression, level 3 [ 206.082509][ T8850] BTRFS info (device loop4): enabling ssd optimizations [ 206.095729][ T8850] BTRFS info (device loop4): enabling auto defrag [ 206.106412][ T8850] BTRFS info (device loop4): max_inline at 0 [ 206.112441][ T8850] BTRFS info (device loop4): enabling disk space caching [ 206.142958][ T8850] BTRFS info (device loop4): disk space caching is enabled [ 206.150758][ T8872] loop2: detected capacity change from 0 to 1024 [ 206.205871][ T966] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 206.335686][ T8850] BTRFS info (device loop4): auto enabling async discard [ 206.359629][ T8850] BTRFS info (device loop4): rebuilding free space tree [ 206.417600][ T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.435893][ T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.456516][ T966] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 206.457007][ T8850] BTRFS info (device loop4): disabling free space tree [ 206.502410][ T8850] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 206.509241][ T966] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 206.538796][ T8850] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 206.545720][ T966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.590106][ T966] usb 4-1: config 0 descriptor?? [ 206.738608][ T8870] loop0: detected capacity change from 0 to 32768 [ 206.826933][ T11] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 206.898611][ T7477] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 206.919856][ T28] audit: type=1804 audit(1750349402.616:61): pid=8896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.877" name="/newroot/240/file0/file1" dev="loop0" ino=4 res=1 errno=0 [ 207.034264][ T966] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 207.075059][ T966] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 207.131405][ T112] ------------[ cut here ]------------ [ 207.132727][ T966] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 207.137565][ T112] WARNING: CPU: 1 PID: 112 at fs/jfs/jfs_dmap.c:2882 dbAdjTree+0x448/0x4d0 [ 207.158659][ T112] Modules linked in: [ 207.162589][ T112] CPU: 1 PID: 112 Comm: jfsCommit Not tainted 6.6.94-syzkaller #0 [ 207.170544][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 207.180673][ T112] RIP: 0010:dbAdjTree+0x448/0x4d0 [ 207.185836][ T112] Code: e8 dd 2f e0 fe e9 5a ff ff ff e8 13 89 87 fe eb 05 e8 0c 89 87 fe 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f8 88 87 fe <0f> 0b eb e8 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ee fb ff ff 4c [ 207.206079][ T112] RSP: 0018:ffffc90002d77ac8 EFLAGS: 00010293 [ 207.212431][ T112] RAX: ffffffff82fe0cd8 RBX: ffff88805e55e010 RCX: ffff88801930bc00 [ 207.220502][ T112] RDX: 0000000000000000 RSI: 0000000000000155 RDI: 0000000000020056 [ 207.229317][ T112] RBP: 0000000000020056 R08: ffffea0001795787 R09: 1ffffd40002f2af0 [ 207.237844][ T112] R10: dffffc0000000000 R11: fffff940002f2af1 R12: ffff88805e55e018 [ 207.245900][ T112] R13: dffffc0000000000 R14: 0000000000000004 R15: 0000000000000155 [ 207.253891][ T112] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 207.262871][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 207.269565][ T112] CR2: 00007f3fc37b7bac CR3: 000000007b26e000 CR4: 00000000003506e0 [ 207.277625][ T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 207.285666][ T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 207.293649][ T112] Call Trace: [ 207.297376][ T112] [ 207.300328][ T112] ? lock_page+0x2a0/0x2a0 [ 207.304767][ T112] dbJoin+0x238/0x300 [ 207.309071][ T112] dbFreeBits+0x4e2/0xdb0 [ 207.313431][ T112] dbFree+0x332/0x650 [ 207.317478][ T112] txFreeMap+0x7ff/0xde0 [ 207.320627][ T966] usb 4-1: USB disconnect, device number 12 [ 207.321732][ T112] txUpdateMap+0x306/0x890 [ 207.332943][ T112] jfs_lazycommit+0x42b/0xa60 [ 207.337908][ T112] ? txFreelock+0x5a0/0x5a0 [ 207.342430][ T112] ? do_task_dead+0xd0/0xd0 [ 207.347011][ T112] ? __kthread_parkme+0x7a/0x1c0 [ 207.351981][ T112] kthread+0x2fa/0x390 [ 207.356285][ T112] ? txFreelock+0x5a0/0x5a0 [ 207.360809][ T112] ? kthread_blkcg+0xd0/0xd0 [ 207.365411][ T112] ret_from_fork+0x48/0x80 [ 207.369877][ T112] ? kthread_blkcg+0xd0/0xd0 [ 207.374483][ T112] ret_from_fork_asm+0x11/0x20 [ 207.379307][ T112] [ 207.382340][ T112] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 207.389616][ T112] CPU: 1 PID: 112 Comm: jfsCommit Not tainted 6.6.94-syzkaller #0 [ 207.397404][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 207.407442][ T112] Call Trace: [ 207.410708][ T112] [ 207.413624][ T112] dump_stack_lvl+0x16c/0x230 [ 207.418298][ T112] ? show_regs_print_info+0x20/0x20 [ 207.423488][ T112] ? load_image+0x3b0/0x3b0 [ 207.427987][ T112] panic+0x2c0/0x710 [ 207.431871][ T112] ? bpf_jit_dump+0xd0/0xd0 [ 207.436368][ T112] ? ret_from_fork_asm+0x11/0x20 [ 207.441299][ T112] __warn+0x2e0/0x470 [ 207.445268][ T112] ? dbAdjTree+0x448/0x4d0 [ 207.449671][ T112] ? dbAdjTree+0x448/0x4d0 [ 207.454072][ T112] report_bug+0x2be/0x4f0 [ 207.458393][ T112] ? dbAdjTree+0x448/0x4d0 [ 207.462793][ T112] ? dbAdjTree+0x448/0x4d0 [ 207.467191][ T112] ? dbAdjTree+0x44a/0x4d0 [ 207.471590][ T112] handle_bug+0xcf/0x120 [ 207.475822][ T112] exc_invalid_op+0x1a/0x50 [ 207.480314][ T112] asm_exc_invalid_op+0x1a/0x20 [ 207.485156][ T112] RIP: 0010:dbAdjTree+0x448/0x4d0 [ 207.490165][ T112] Code: e8 dd 2f e0 fe e9 5a ff ff ff e8 13 89 87 fe eb 05 e8 0c 89 87 fe 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f8 88 87 fe <0f> 0b eb e8 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ee fb ff ff 4c [ 207.509758][ T112] RSP: 0018:ffffc90002d77ac8 EFLAGS: 00010293 [ 207.515810][ T112] RAX: ffffffff82fe0cd8 RBX: ffff88805e55e010 RCX: ffff88801930bc00 [ 207.523764][ T112] RDX: 0000000000000000 RSI: 0000000000000155 RDI: 0000000000020056 [ 207.531719][ T112] RBP: 0000000000020056 R08: ffffea0001795787 R09: 1ffffd40002f2af0 [ 207.539675][ T112] R10: dffffc0000000000 R11: fffff940002f2af1 R12: ffff88805e55e018 [ 207.547638][ T112] R13: dffffc0000000000 R14: 0000000000000004 R15: 0000000000000155 [ 207.555605][ T112] ? dbAdjTree+0x448/0x4d0 [ 207.560023][ T112] ? dbAdjTree+0x448/0x4d0 [ 207.564426][ T112] ? lock_page+0x2a0/0x2a0 [ 207.568829][ T112] dbJoin+0x238/0x300 [ 207.572800][ T112] dbFreeBits+0x4e2/0xdb0 [ 207.577121][ T112] dbFree+0x332/0x650 [ 207.581092][ T112] txFreeMap+0x7ff/0xde0 [ 207.585328][ T112] txUpdateMap+0x306/0x890 [ 207.589740][ T112] jfs_lazycommit+0x42b/0xa60 [ 207.594407][ T112] ? txFreelock+0x5a0/0x5a0 [ 207.598897][ T112] ? do_task_dead+0xd0/0xd0 [ 207.603387][ T112] ? __kthread_parkme+0x7a/0x1c0 [ 207.608317][ T112] kthread+0x2fa/0x390 [ 207.612368][ T112] ? txFreelock+0x5a0/0x5a0 [ 207.616859][ T112] ? kthread_blkcg+0xd0/0xd0 [ 207.621430][ T112] ret_from_fork+0x48/0x80 [ 207.625836][ T112] ? kthread_blkcg+0xd0/0xd0 [ 207.630408][ T112] ret_from_fork_asm+0x11/0x20 [ 207.635166][ T112] [ 207.638391][ T112] Kernel Offset: disabled [ 207.642787][ T112] Rebooting in 86400 seconds..