last executing test programs: 1m16.382771292s ago: executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001900010000000000000000001c14"], 0x1c}}, 0x0) 1m16.304377427s ago: executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x21, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}, 0x90) 1m16.135944854s ago: executing program 0: syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xa8, 0x41, 0x22, 0x10, 0x104f, 0x4, 0x8faf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x55, 0x97, 0xdc, 0x0, [], [{{0x9, 0x5, 0x8, 0x3a}}, {{0x9, 0x5, 0x0, 0x2}}]}}]}}]}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000540)=ANY=[], 0x22) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETAF(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "c5003f00"}) socket$netlink(0x10, 0x3, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000080)={0x8, r0, 0x1}) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000180)={0xfff9, 0x800}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008000, &(0x7f0000000240)={[{@debug}, {@orlov}, {@nomblk_io_submit}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@init_itable_val}, {@usrquota}, {@usrquota}]}, 0x1, 0x5d4, &(0x7f0000001600)="$eJzs3c9vFFUcAPDv221LoUgLMSoepIkxkCgtLWCI8QB30uCPePFipYUgBRpao0UTS4IXE+PFGBNPHsT/QonEGyc9efDiyZAQNRxNXDO7O6Utu2233Xaa7ueTbDvz3g7vO12++2bfvrcbQMcazH6UIg5GxHSK6E/zC3VdUa8crN3v4T8fn89uKSqVN/5Kkepl+f1T/Xdf/eDeiPjlpxQHyo+3OzN34/L41NTk9fr+8OyV6eGZuRtHL10Zvzh5cfLq6Mujp06eOHlq5FjbzvXsrfc+6P9s7O3vvvk3jXz/+1iK07G3Xrf4PNplMAZrf5NdS8uzv+updjdWkHL9fBY/xKmrwIBoSf74dUfE09Ef5Xj04PXHp68VGhywqSopotKi7Dmj8nOrRwHbT2o5/4GdIb8OyF/bL38dXCrkqgTYCg/O1AYAHs//rtrYYPRWxwb2PEyxeFgnRUQ7RuayNu7dHbt14e7YrdikcTigsfmbEfFMo/xP1dwcqI7iZ/lfWpL/2XXBufrvrPz1dbY/uGxf/sPWqeV/77ry/51F+f/uOtuX/wAAAAAAANA+d85ExEuN3v8vLcz/iQbzf/oi4nQb2l/9/b/S/TY0AzTw4EzEqw3n/5by2b8D5frWE9X5AN3pwqWpyWMRsS8ijkT3rmx/ZIU2jn5+4Otmdfn8v/yWtX+vPhewHsf9rmXrZyfGZ8c3et5AxIObEc82nP+bFvr/1KD/z54PptfYxoEXbp9rVtc0/3s3dFrAGlS+jTjcsP9PC/dJK38+x3D1emA4vyp43HMfffFDs/ZX7/+BzZL1/3tWzv+BtPjzemZab+P4XFelWd16r/970pvVj5zpqZd9OD47e30koiedLWelS8pHW48ZdqI8H/J8yfL/yPMrj/81uv7fHRHzy/7t9PfSNcW5p/7r+6NZPPp/KE6W/xMt9f+tb4zeHvixWftr6/9PVPv6I/US439Q81Wepj1LyxukY1ejqq2OFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2glJE7I1UGlrYLpWGhiL6IuLJ2FOaujYz++KFa+9fncjqqt//X8q/6be/tp/y7/8fWLQ/umz/eETsj4gvy7ur+0Pnr01NFH3yAAAAAAAAAAAAAAAAAAAAsE30NVn/n/mzXHR0wKbrKjoAoDAN8v/XIuIAtp7+HzqX/IfOJf+hc8l/6FzyHzqX/IfOJf+hc8l/AAAAAADYUfYfuvNbioj5V3ZXb5meel13oZEBm61UdABAYcoR+4qOASiGqT/QubzGB1L1Z0/T+t6mB6UNtDp9fgMHAwAAAAAAAAAAAEDHOXzQ+n/oVNb/Q+cqFx0AUJh8/f+hguMAtp7X+ECsspK/4fr/VY8CAAAAAAAAAAAAANppZu7G5fGpqcnrNt7aHmG0YaN7rXeuVCqfZP8LtkHMO2Ejnwq/XeLZ0Eaxz0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj/wcAAP//XN8iGw==") open(&(0x7f0000000100)='.\x00', 0x591002, 0x0) syz_emit_vhci(0x0, 0x0) syz_emit_vhci(0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x9, 0x0, 0x405}}}, 0x7) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0xd) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000200)=ANY=[@ANYBLOB='\''], 0xd) 1m13.008016762s ago: executing program 0: mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x2, [@func_proto={0x0, 0x2, 0x0, 0xd, 0xa, [{0x1}, {}]}]}}, &(0x7f0000000f40)=""/4089, 0x36, 0xff9, 0x2}, 0x20) 1m12.729738636s ago: executing program 0: syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x2, &(0x7f0000000100)={[{@quota}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@noquota}, {@errors_continue}, {@discard_size={'discard', 0x3d, 0x4}}, {@errors_continue}, {@quota}, {@discard}, {@grpquota}]}, 0x1, 0x60b9, &(0x7f0000013cc0)="$eJzs3UuPHFfZB/Cn+jaXvEmsLKK8FkKTxFxCiK/BGALEWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo8zma6eOb+fNK56+lRNn/K/qy9TVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgf/uDH56qIuPqrdMOJiP+LfkQvYqWp1yJiZe1EXn4QES/EdnM8HxHDpYhm/e1/no14PSI+eibiwcO7683N5/fZj+//+R9/+MlTP/r7n4Zn/vuX2/03pi13585v//PXewfbZgAAAChNXdd1lT7mn0yf73tddwoAmIv8+l8n+Xb1wtWbC9YftVqtVh/Buq2e7F67iIjN9jrNewaH4wHgiNmMj7vuAh2Sf9EGEfFU150AFlrVdQc4FA8e3l2vUr5V+/Vgbac9nwuyJ//Navf6jmnTWcbPMZnX42sr+vHclP6szKkPiyTn3xvP/+pO+ygtd9j5z8u0/Ec7lz4VJ+ffH89/zPHJvzcx/1Ll/AdPlH9f/gAAAAAAsMDy3/9PdHz8d+ngm7Ivjzv+uzanPgAAAAAAAADA5+2g4//tMv4fAAAALKzms3rjd888um3ad7E1t1+pIp4eWx4oTLpYZrXrfgAAAAAAAAAAAABASQY75/BeqSKGEfH06mpd181P23j9pA66/lFX+vZDybp+kgcAgB0fPTN2LX8VsRwRV9J3/Q1XV1frenlltV6tV5by+9nR0nK90vpcm6fNbUujfbwhHozq5pctt9Zrm/V5eVb7+O9r7mtU9/fRsfnoMHAAiIidV6MHXpGOmbp+Nrp+l8PRYP8/fuz/7EfXj1MAAADg8NV1XVfp67xPpmP+va47BQDMRX79Hz8uoFar1Wq1+vjVbfVk99pFRGy212neMxiOHwCOmM34uOsu0CH5F20QES903QlgoVVdd4BD8eDh3fUq5Vu1Xw/S+O75XJA9+W9W2+vl9SdNZxk/x2Rej6+t6MdzU/rz/Jz6sEhy/r3x/K/utI/Scoed/7xMy7/ZzhMd9KdrOf/+eP5jjk/+vYn5lyrnP3ii/PvyBwAAAACABZb//n9ioY7/jj7r5sz0uOO/a4d2rwAAAAAAAABwuB48vLuer3vNx/+/MGE5138eTzn/Sv5Fyvn3xvL/6thy/db8/bce5f/vh3fX/3j7X/+fp/vNfynPVOmRVaVHRJXuqRqk6UG27tO2hv1Rc0/DqtcfpHN+6uE7cT1uxEac3bNsL/1/PGo/t6e96elwu73u77Sf39M+2G3P61/Y0z5MZzrVK7n9dKzHz+NGvL3d3rQtzdj+5Rnt9Yz2nH/f/l+knP+g9dPkv5raq7Fp4/6HvU/t9+3ppPu5fP2Lvzl7+Jsz01b0d7etrdm+lzroz/b/yVOj+OWtjZun71y7ffvmuUiTPbeejzT5nOX8h+ln9/n/5Z32/Lzf3l/vfzh64vwXxVYMpub/cmu+2d5X5ty3LuT8R+kn5/92ap+8/x/l/Kfv/6920B8AAAAAAAAAAAAAAAB4nLquty8RvRwRF9P1P11dmwkAzNfl9JUbdZJvn1fdn/P9qdVHvK4WrD9zrT+pF6s/avVRrNvqyd5sFxHxt/Y6FyPi15N+GQCwyD6JiH923Qk6I/+C5e/7a6anuu4MMFe33v/gp9du3Ni4eavrngAAAAAAAAAAn1Ue/3OtNf7zqbqu740tt2f817di7aDjfw7yzO4Ao1MGqu4/+TY9zlZv1O+1hht/MaaN/z3cnXvc+N+DGfc3nNE+mtG+NKN9eUb7xAs9WnL+L7bGOz8VESfHhl8vYfzX8THvS5Dzf6n1eG7y/8rYcu38698f5fx7e/I/c/u9X5y59f4Hr11/79q7G+9u/OzCuXNnL1y8eOnSpTPvXL+xcXbn3w57fLhy/nnsa+eBliXnnzOXf1ly/l9KtfzLkvP/cqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP/XUi3/suT8X021/MuS8/96quVflpz/a6mWf1ly/qdTLf+y5PzPpHqf+a8cdr+Yj5x/PsJl/y9Lzj+f2SD/suT8z6da/mXJ+V9ItfzLkvN/PdXyL0vO/xupln9Zcv4XUy3/suT8v5lq+Zcl538p1fIvS87/W6mWf1ly/t9OtfzLkvN/I9XyL0vO/zupln9Zcv7fTbX8y5Lz/16q5V+WnP+bqZZ/WR59/78ZM2bM5Jmun5kAAAAAAAAAAAAAgHHzOJ24620EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt69xsh11vcDP3v12rkZCPk7+RtYO8YYZ5NdX+ILrYsJ14Zbya2kl9iud+0s+BavXZI0kh0FSiSMiirahhdtAUVt3lRYVV7QKqC8QK0qVSLtC/oGUaHyIqoCCkiV2ipkqznzPM/OzJ6d2bUn9sw5n48U/7wzZ+acOXPm7H7X+c4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA02vD+mS8OZFlW+y//Y22WXVv7++rxtfll77naWwgAAABcrl/mf756Q7pg/zJu1LDMP779+8/Pz8/PZ58e+pORr87PpyvGs2xkVZbl10UXf/zgQOMywVPZ2MBgw9eDHVY/1OH64Q7Xj3S4frTD9as6XD/W4fpFO2CR1fXfx+R3tin/69r6Ls1uzEby6zYV3OqpgVWDg/F3ObmB/DbzI0ey2exYNpNNNS1fX3YgX/6FDbV1fSSL6xpsWNf62hHy8ycOx20YCPt4U9O6Fu4z+un7svFf/PyJw3915pWbi2bH3dB0f/Xt3LKxtp2fD5fUt3UgW5X2SdzOwYbtXF/wnAw1bedAfrva31u389VlbufQwmZeUa3P+Vg2mP/9pXw/DTf+Wi/tp/Xhsv++Ncuy8wub3brMonVlg9mapksGF56fsfoRWbuP2qH05mx4RcfphmUcp7U5van5OG19TcTnf0O43fAS29D4NP30ydGG5/21+Us5TqPao17qtdJ6DHb7tdIrx2A8Ll7KH/TThcfgpvD4n9i89DFYeOwUHIPpcTccgxs7HYODo0P5NqcnYSC/zcIxuK1p+aF8TQP5fHlz+2Nw8szxU5Nzjz1+++zxQ0dnjs6c2LFt29SOXbv27NkzeWT22MxU/c9L3Nu9b002mF4DG8O+i6+Bd7Us23iozn9jdNH591Jfh2NtXodrW5bt9utwuPXBDVyZF+TiY7r+2rivttPHLgxmS7zG8udn6+W/DtPjbngdDje8Dgu/pxS8DoeX8TqsLXNq6/J+Zhlu+K9oG5b+XnB5x+DahmOw9eeR1mOw2z+P9MoxOBaOix9uXfp7wfqwvU9PrPTnkaFFx2B6uOHcU7sk/bw/ticfRcflLbUrrhnNzs7NnL7j0UNnzpzeloVxRbyl4VhpPV7XNDymbNHxOrji43X/7NufvqXg8rVhX43dXvtjbMnnqrbMzjvaP1f5d7fi/dl06fYsjC670vuz6Lt5bX+OZtnXvvfkPd954mvvX3J/1vLm5ycv/2fxlEsbzr8jS5x/Y+5/vb6+dFdPDY0M11+/Q2nvjDSdj5ufquH83DWQr/vVyeWdj0fCf1f6fHxjm/PxupZlu30+Hml9cPF8PNDptx2Xp/X5HAvHybGp9ufj2jLrtq/0mBxuez6+NcyBsP/fHZJCykUNx85Sx21a1/DwSHhcw3ENzcfpjqblR0I2q63rue2XdpxuubV+X0Pp0S24UsfpeMuy3T5O0+++ljpOBzr99u3StD6fY+G4uHFH++O0tsyLOy//3Lk6/rXh3Dna6RgcGRqtbfNIOgjz8302vzoeg3dkh7OT2bFsOr92ND+eBvJ1Tdy5vGNwNPx3pc+V69ocg1talu32MZi+jy117A0ML37wXdD6fI6F4+KZO9sfg7VlPrC7uz+7bgmXpGUafnZt/f3aUr/zuqVlN71Rx8pw2M7v7W7/u9naMsf2rDRntt9Pt4VLrinYT62v36VeU9PZldlP68J2vrJn6f1U257aMl/du8zjaX+WZeceuSv/fW/495W/PfuD55v+3aXo33TOPXLXz6478g8r2X4A+t/r9bGm/r2u4V+mlvPv/wAAAEBfiLl/MMxE/gcAAIDSiLk//l/hifwPAAAApRFz/3CYSUXy/7oPvDL7+rksNfPng3h92g1315eLHdep8PX4/ILa5Xc9O/Nff39ueesezLLstbv/oHD5dXfH7aobD9t58YPNly/y/O3LWvfB+8+l9Tb2178e7j8+nuUeBkUV3Kksy1644cv5esYfvJDPF+8+mM97zj/9VG2ZV/fWv463f/kt9eX/PJR/9x851HT7l8N++EmYUx8t3h/xdt+68O71ux9YWF+83cDG6/OH/cxD9fuN75Pzlafqy8f9vNT2f+dLz32rtvyj7yze/nODxdv/XLjfZ8P8n7fVl298Dmpfx9t9IWx/XF+83R3f/G7h9l/8Yn35Ux+qL3cwzLj+LeHrTR96ZbZxfz06cKjpcWUfri8X1z/1gz/Kr4/3F++/dfvHDlxo2h+tx8eL/1q/n8mW5ePlcT3R37Wsv3Y/jcdnXP9zf3iwaT93Wv/Fe15+W+1+W9d/W8typx7Zmq9/4f6a37HpL77w5cL1xe3Z/zenmh7P/k+F13FY/zMPheMxXP+/F+v31/ruCgc/1Xz+ict/fe25pscTfeQX9fVffO/RfK4aW73mmmuvu/78O2r7LsteWlW/v07rP/qXJ5u2/xs31fdHvD529FvXv5S4/tOfmzhxcu7s7HTaq0/ckL93zsfq2xO394Zwbm39+sDJMw/PnB6fGp/KsvHyvoXeJftmmD+rj/Ptl55fdAbden94Pm/5sxfWbP6XL8XL/+2++uUXPlr/vvWusNxXwuVrw/O3svUv9syGm/LX98CLYQvnF79f8OVYv+k/9yxrwfD4W38uiMf7qbc+nO+H2nX59434ur7M7f/RdP1+vh3263x4Z+aNNy2sr3H5+N4IF+6tv94ve/+F01x8Xv86PN8f/0n9/uN2xcf7o/BzzHfXNZ/v4vHx7XODrfefv4vH+XA+yc7Xr49Lxf194dWbCjcvvg9Jdv7m/Os/Tvdz84oe5lLmHpubPDZ74uyjk2dm5s5Mzj32+IHjJ8+eOHMgfy/PA5/pdPuF89Oa/Pw0PbNrZ5afrU7Wxxvsam//qfsPT++e2jw9c+TQ2SNn7j81c/ro4bm5wzPTc5sPHTky87lOt5+d3rdt+94du7dPHJ2d3rdn794deydmT5ysbUZ9ozrYNfXZiROnD+Q3mdu3c++2O+/cOTVx/OT0zL7dU1MTZzvdPv/eNFG79e9PnJ45dujM7PGZibnZx2f2bdu7a9f2ju8GePzUkbnxydNnT0yenZs5PVl/LONn8otr3/s63Z5ymvv3+s+zrQbqb8SXffK2Xen9WWuefXLJu6ov0vIGoq+E96L5pzed2rOcr2PuHwkzqUj+BwAAgCqIuX80zET+BwAAgNKIuX9VmIn8DwAAAKURc/9YmElF8n/p+v/rzi1r/fr/+v+N+0v/v2L9/3t7rf9fP1/o/3fH5fbv9f8D/X/9f/1//X/9f7qg1/r/MfevzrJK5n8AAACogpj714SZyP8AAABQGjH3XxNmIv8DAABAacTcf22YSUXyv/6//r/+v/6//n/x+vX/+5P+f3v6/x3o/09m1er/n+/m9uv/6/+zWK/1/2Puvy7MpCL5HwAAAKog5v7rw0zkfwAAACiNmPtvCDOR/wEAAKA0Yu5fG2ZSkfyv/6//r/+v/6//X7x+/f/+pP/fnv5/B/r/Pv9f/1//n67qtf5/zP1vCjOpSP4HAACAKoi5/81hJvI/AAAA9J7hS7tZzP1vCTNZlP8vcQUAAADAVRdz/41ZSxG8Iv/+r/+v/6//r/+v/1+8/uX3/4cy/f/eof/fnv5/B/r/+v/6//r/dFWv9f/z3J+NZW8NM6lI/gcAAIAqiLn/pjAT+R8AAABKI+b+/xdmIv8DAABAacTcvy7MpCL5X/9f/1//X/9f/794/T7/vz/p/7en/9+B/r/+v/6//j9d1Wv9/5j7bw4zqUj+BwAAgCqIuf+WMBP5HwAAAEoj5v7/H2Yi/wMAAEBpxNy/PsykIvlf/7/H+/+xOar/r/+v/6//r/+/LPr/7en/d6D/r/+v/6//T1f1Wv8/5v63hZlUJP8DAABAFcTc//YwE/kfAAAASiPm/neEmcj/AAAAUBox94+HmVQk/+v/93j/3+f/6//r/+v/6/+viP5/e/r/Hej/6//r/+v/01W91v+PuX9DmElF8j8AAABUQcz9G8NM5H8AAAAojZj7bw0zkf8BAACgNGLu3xRmUpH8r/+v/6//r/+v/1+8fv3//qT/357+fwf6//r/+v/6/3RVr/X/Y+5/Z5hJRfI/AAAAVEHM/ZvDTOR/AAAAKI2Y+98VZiL/AwAAQGnE3L8lzKQi+V//X/9f/1//X/+/eP36//1J/789/f8O9P/1//X/9f/pql7r/8fc/+4wk4rkfwAAAKiCmPu3hpnI/wAAAFAaMfffFmYi/wMAAEBpxNw/EWZSkfyv/6//r/+v/6//X7x+/f/+pP/fnv5/B/r/+v/6//r/dFWv9f9j7r89zKQi+R8AAACqIOb+O8JM5H8AAAAojZj7J8NM5H8AAAAojZj7p8JMKpL/9f/1//X/9f9X1P9/x8L96v/X6f/3Fv3/9vT/O9D/1/+/6v3/Ef1/SqXX+v8x928LM6lI/gcAAIAqiLl/e5iJ/A8AAAClEXP/jjAT+R8AAABKI+b+nWEmFcn/+v/6//r/+v8+/794/fr//Un/v73u9//jQ9T/1//X//f5//r/LNZr/f+Y++8MM6lI/gcAAIAqiLl/V5iJ/A8AAAClEXP/7jAT+R8AAABKI+b+PWEmFcn/+v/6//r/+v/6/8Xr1//vT/r/7fn8/w70//X/9f/1/+mqXuv/x9y/N8ykIvkfAAAAqiDm/veEmcj/AAAAUBox9/9KmIn8DwAAAKURc/+vhplUJP/r/+v/6//r/+v/F69f/78/6f+3p//fgf6//r/+v/4/XdVr/f+Y+/eFmVQk/wMAAEAVxNz/a2Em8j8AAACURsz97w0zkf8BAACgNGLu3x9mUpH8r/+v/6//r/+v/1+8fv3//qT/357+fwf6//r/+v/6/3RVr/X/Y+5/X5hJRfI/AAAAVEHM/XeFmcj/AAAAUBox978/zET+BwAAgNKIuf8DYSYVyf/6//r/+v/6//r/xevX/+9P+v/t6f93oP+v/6//r/9PV/Va/z/m/g+GmVQk/wMAAEAVxNz/oTAT+R8AAABKI+b+D4eZyP8AAABQGjH3fyTMpCL5X/9f/1//X/9f/794/fr//Un/vz39/w70/0vW/x+/Tv9f/583SlECWuzS+v/XvrbkCi+z/x9z/6+HmVQk/wMAAEAVxNx/d5iJ/A8AAAClEXP/R8NM5H8AAAAojZj7PxZmUpH8r/+v/6//r/+v/1+8fv3//qT/316f9f9/eX24XP+/Tv+/t7e/J/v/P16q/z+/qvX2+v+8ES6t/1+oK/3/mPs/HmZSkfwPAAAAVRBz/yfCTOR/AAAAKI2Y+z8ZZiL/AwAAQGnE3P8bYSYVyf/6/7XtWGgv6//r/+cX6P/r/+v/9y39//b6rP/v8/9b6P/39vb3ZP/f5/9zlfVa/z/m/k+FmVQk/wMAAEAVxNx/T5iJ/A8AAAClEXP/vWEm8j8AAACURsz994WZVCT/6//7/H/9f/1//f/i9ev/9yf9//b0/zvQ/9f/77X+/3/o/9Pfeq3/H3P//WEmFcn/AAAAUAUx9z8QZiL/AwAAQGnE3P+bYSbyPwAAAJRGzP2fDjOpSP7X/++X/v+4/r/+v/5/y+PR/9f/L6L/357+fwf6//r/vdb/9/n/9Lle6//H3P9gmMny8//YspcEAAAAroqY+38rzKQi//4PAAAAVRBz/2+Hmcj/AAAAUBox9/9OmElF8r/+f7/0/33+f6b/r//f8nj0//X/i1y5/n888+j/6//r/0f6//r/+v+06rX+f8z9vxtmUpH8DwAAAFUQc/9DYSbyPwAAAPSFov8nu1XM/QfCTOR/AAAAKI2Y+w+GmVQk/+v/6//r//do//9PN/7zD7//iYPb9P/1//X/V+SKfv5/7cXv8//1//X/E/1//X/9f1r1Wv8/5v5DYSYVyf8AAABQBTH3/16YifwPAAAApRFz/+EwE/kfAAAASiPm/ukwk4rkf/1//X/9/x7t//fx5//H/aH/36xr/f940tX/L3RF+/8PLPTE9f9X2v8fLbxU/1//v5+3X/9f/5/Feq3/H3P/TJhJRfI/AAAAVEHI/YNH6nPhCvkfAAAASiPm/qNhJvI/AAAAlEbM/Q+HmVQk/+v/6//r/+v/+/z/4vX3bP/f5/+3pf/fXu/0/4vp/+v/9/P26//r/7NYr/X/Y+6fDTOpSP4HAACAKoi5/zNhJvI/AAAAlEbM/Z8NM5H/AQAAoDRi7j8WZlKR/K//r/+v/6//r/9fvH79//6k/9+e/n8H+v/6//r/+v90Va/1/2PuPx5mUpH8DwAAAFUQc/+JMBP5HwAAAEoj5v6TYSbyPwAAAJRGzP2nwkz+j737aN6rLv84fuf/D2MyPAAXbtj7EFjoWh+ACzcudMZxoaPYG8FesfeCvWMBRWzYG9hQ7GLvigU76sRxcl1X8kvO79xJvJOc871er82lwXiiw4Af4T3fJvtf/6//H7b/v5v+f7/v6//1/yPT/8/T/2+h/9f/6//1/+zU0vr/3P0Pjlua7H8AAADoIHf/Q+IW+x8AAACGkbv/srjF/gcAAIBh5O5/aNzSZP+f1P8f2PTs/zPj1f+P1P97/3/f7+v/9f8jO7/9/xX//SOf/l//r/8P+n/9v/6fky2t/8/d/7C4pcn+BwAAgA5y9z88brH/AQAAYBi5+x8Rt9j/AAAAMIzc/Y+MW5rsf+//e/9f/6//1/9Pf1//v07e/5/Xqf+/7JaLH3j7dXe5/ky+r//X/+v/9f/s1tL6/9z9j4pbmux/AAAA6CB3/6PjFvsfAAAAhpG7/zFxi/0PAAAAw8jd/9i4pcn+1//r//X/+n/9//T39f/rpP+f16n/P5vv6//1//p//T+7tbT+P3f/4+KWJvsfAAAAOsjd//i4xf4HAACAYeTuvzxusf8BAABgGLn7j8QtTfa//v/c9///1v/r/+Pq//X/+v9zT/8/T/+/hf5f/6//1/+zU0vr/3P3XxG3NNn/AAAA0EHu/ifELfY/AAAADCN3/xPjFvsfAAAAhpG7/0lxS5P9r//3/r/+X/+v/5/+vv5/nfT/885//z/1Z8j96f9X3/9fpP/X/+v/OdEZ9v93zPxheyf9f+7+J8ctTfY/AAAAdJC7/ylxi/0PAAAAw8jd/9S4xf4HAACAYeTuf1rc0mT/6//1//p//b/+f/r7+v910v/PW8z7/wcOTv6w/n/1/b/3//X/+n/2WNr7/7n7nx63NNn/AAAA0EHu/mfELfY/AAAADCN3/zPjFvsfAAAAhpG7/1lxS5P9r//X/+v/9f/6/+nvz/X/15/w69P/L4v+f95i+v996P/1/2v+9ev/9f+camn9f+7+Z8ctTfY/AAAAdJC7/8q4xf4HAACAYeTuf07cYv8DAADAMHL3PzduabL/p/v/479d/3969P97f/36/+nfP3bV/+e/o/5/tv+/u/f/e9L/z9P/b6H/1//r//fr/w9v+/n6f6Ysrf/P3f+8uKXJ/gcAAIAOcvc/P26x/wEAAGAYuftfELfY/wAAADCM3P0vjFua7H/v/+v/9f/r6/+9/3/MhXz/f3Pe+/+D+v/TpP+fp//fQv+v/9f/e/+fnVpa/5+7/0VxS5P9DwAAAB3k7n9x3GL/AwAAwDqc+PcOnPw3lIbc/S+JW+x/AAAAGEbu/pfGLU32v/5f/6//1//37v8PraT/9/7/6dL/z9P/b3Fh+/8Dg/b/Bwfr/6/a7+cvof+/XP/Pwuzp/284/uMXqv/P3f+yuKXJ/gcAAIAOcve/PG6x/wEAAGAYuftfEbfY/wAAADCM3P2vjFua7P9z3v8f3v/b+n/9v/5f/3/h+/+1vP+v/z9d+v95+v8tvP/v/X/v/+v/2ak9/f8JLlT/n7v/VXFLk/0PAAAAHeTuf3XcYv8DAADAMHL3XxW32P8AAAAwjNz9r4lbmux/7//r//X/+n/9//T39f/rpP+fp//fQv+v/9f/6//ZqaX1/7n7Xxu3NNn/AAAA0EHu/tfFLfY/AAAADCN3/+vjFvsfAAAAhpG7/w1xS5P9r/8/t/1//rj+X/+/0f/r//X/50Xb/v/A1J+JTrVP/3/T/Y/cc++P6P/1//p//b/+nx1YRP9/9Pj/uszd/8a4pcn+BwAAgA5y978pbrH/AQAAYBi5+98ct9j/AAAAMIzc/W+JWwbZ/4e2/Hb9v/f/9f/6f/3/9Pf1/+vUtv8/Td7/30L/r//X/+v/2alF9P8n/PPc/W+NWwbZ/wAAAMCmdv/b4hb7HwAAAIaRu//tcYv9DwAAAMPI3f+OuKXJ/tf/6//1//p//f/09/X/66T/n6f/30L/r//X/+v/2aml9f+5+6+OW5rsfwAAAOggd/874xb7HwAAAIaRu/9dcYv9DwAAAMPI3f/uuKXJ/tf/6//1//p//f/09/X/66T/n6f/32w218z8Aqb6/6N30v/r//X/+n/O0tL6/9z974lbmux/AAAA6CB3/zVxi/0PAAAAw8jdf23cYv8DAADAMHL3vzduabL/9f/6f/2//l//P/19/f866f/n6f+38P6//l//r/9np5bW/+fuf1/c0mT/AwAAQAe5+6+LW+x/AAAAGEbu/vfHLfY/AAAADCN3//VxS5P9r//X/+v/9f/6/+nv6//X6dz1/xv9v/5f/7+F/l//r//nZEvr/3P3fyBuabL/AQAAoIPc/R+MW+x/AAAAGEbu/g/FLfY/AAAADCN3/4fjlib7X/+v/9f/6//1/9Pf1/+vk/f/5+n/t9D/6//1//p/dmpp/X/u/o/ELU32PwAAAHSQu/+GuMX+BwAAgGHk7v9o3GL/AwAAwDBy938sbmmy//X/+v+9/f9mo//X/+v/jzkP/f+hjf5/5/T/8/T/W+j/x+z//28zUP9/eN+fr/9niZbW/+fu/3jc0mT/AwAAQAe5+z8Rt9j/AAAAMIzc/Z+MW+x/AAAAGEbu/k/FLU32v/5f/+/9f/2//n/6+97/Xyf9/zz9/xb6/zH7f+//6/+5YJbW/+fu/3Tc0mT/AwAAQAe5+z8Tt9j/AAAAMIzc/Z+NW+x/AAAAGEbu/s/FLU32v/5f/6//1//r/6e/r/9fJ/3/PP3/Fvp//b/+X//PTi2t/8/d//m4pcn+BwAAgA5y998Yt9j/AAAAMIzc/TfFLfY/AAAADCN3/xfilib7X/+v/9f/r7P/P6T/1//r/yctpf+/9NJ73Kz/1//r//X/+n/9f3dL6/9z938xbmmy/wEAAKCD3P1filvsfwAAABhG7v4vxy32PwAAAAwjd/9X4pYm+//U/v+izbFC9Zip/j8aNf3/CfT/e3/9+v/p3z+8/6//1/+fe0vp/73/f3a/fv2//n/Nv/4z6v8vOfXn6/8Z0dL6/9z9N8ctTfY/AAAAdJC7/6txi/0PAAAAw8jd/7W4xf4HAACAYeTuvyVuabL/vf+v/9f/6//1/9Pf1/+vk/5/nv5/C/2//t/7/w+67//r/9mdpfX/ufu/Hrc02f8AAADQQe7+b8Qt9j8AAAAMI3f/N+MW+x8AAACGkbv/W3FLk/2v/9f/6//1//r/6e/r/9dJ/z9P/7+F/l//r//3/j87tbT+P3f/t+OWJvsfAAAAOsjd/524xf4HAACAYeTu/27cYv8DAADAMHL3fy9uabL/d9//X6L/D/r/pfT/99H/n/R9/b/+f2T6//wz+jT9/xb6f/2//l//z04trf/P3X9r3NJk/wMAAEAHufu/H7fY/wAAADCM3P0/iFvsfwAAABhG7v4fxi1N9r/3/3v1/wc2Hft/7//r//X/nej/5+n/t9D/6//1//p/dmpp/X/u/h/FLU32PwAAAKzVve76gFtP91+bu//HcYv9DwAAAMPI3f+TuMX+BwAAgGHk7v9p3NJk/+v/e/X/Pd//1//r//X/nej/5+n/t9D/6//1//p/dmpp/X/u/p/FLScMv4Nn/J8SAAAAWJLc/T+PW5r89X8AAADoIHf/L+KWU/b/0dP8u9oBAACApcnd/8u4pclf/9f/L7z/34zf/9+20f/r/4/R/+v/d0H/P+9/7P+PHtD/6/9n6P/1//p/Tra0/j93/6/ilib7HwAAAAa15/9RyN3/67jF/gcAAIBh5O7/Tdxi/wMAAMAwcvf/Nm5psv/1/wvv/8/q/f/D9Y/W0P97//8c9v9XHpr8vv5f/z8y/f887/9vof/X/+v/9f/s1NL6/9z9t8UtTfY/AAAAdJC7/3dxi/0PAAAAw8jd//u4xf4HAACAYeTu/0Pc0mT/6/9H7P/X9f6//t/7/2ff/9/54iM33vt+116t/+e489n/5+8L+n/9v/7/GP2//l//z8mW1v/n7v9j3NJk/wMAAEAHuftvj1vsfwAAABhG7v4/xS32PwAAAAwjd/+f45Ym+1//r/9fSv+f/11fgP7/yPr6/2yKu/f/3v/X/5/K+//z9P9b6P/1//p//T87tbT+P3f/X+KWJvsfAAAAOsjd/9e4xf4HAACAYeTu/1vcYv8DAADAMHL3/z1uabL/9f/6/6X0/8n7/8d/nvf/j9H/6//PhP5/nv5/C/2//l//r/9np5bW/+fu/0fc0mT/AwAAQAe5+++IW+x/AAAAGEbu/n/GLfY/AAAADCN3/7/ilib7X/+v/9f/6//1/9Pf1/+vk/5/nv5/C/2//l//r/9np5bW/+fu/08AAAD//6cRdCE=") rename(&(0x7f0000001c80)='./file0\x00', &(0x7f0000001d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000980)=ANY=[@ANYRES16, @ANYRES8, @ANYRESOCT, @ANYBLOB="f1bcca05ed588d63a576cc3afd51baf29cde0400000092f4e66ff7ef22aa9af727ceae8a8ec95fc1b73083de2de825a0cb2b0be774fdb33650d7dace27c16bc23b2f7c7fb72585548939698f280d138aa9255a8a924008f8477e82ba11cdb11efd5ca2f1ab049ce2cc7815d2daf8daea25533a558d561654faf5e0924f1376174f374d664fad4a6ab24ec000ccace822e7f9426e8e5de1fe58085a0ae86fd02a118b9365961834d46208b9fb4c91a1fa962a8b00a9717fcbb46c2400dc2e319379ea1e5a07aeb3f9cd4e648df445a1b4213e732300000000000010000758027a472e7d263ef567a84166f26ee56e701c63a8863787889bf1c90fccf31954a940c8b584ca89a512f28edec08eb1c0823c028840eeaf3f5d8769023c01ac63f7f959571e8e899b43c293bc21a2b833e5c9c703c4cfa063dd050045706bde3d7ac373ab04b62b4111b59eabd436dd97e788a36ef25bad99beec474e667589d37100ec36292c15c6", @ANYRESHEX, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRES64, @ANYRES8=0x0], 0x1, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) 1m11.682738601s ago: executing program 0: sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f70002800500010000000000300003801700018014"], 0x58}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000006"], 0x24d8}], 0x1}, 0x0) 10.803985298s ago: executing program 2: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) setpgid(0x0, r1) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file3\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file7\x00', 0x0) 9.808595697s ago: executing program 2: syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000, &(0x7f0000000080)=ANY=[@ANYRES16, @ANYRESHEX, @ANYRES16, @ANYRES8], 0x8, 0xa3, &(0x7f00000003c0)="$eJzs17FNw0AABdBvWxjReAEKNmAHRkEuoaMCIXkiVmEEb5AibZqLLlGslCkSJYreK+7+v+q397/5e86QlCkppZQ+yVP2+ev75+P9s55ddh5y8BjuQptmyS9D7cnqrbZ+eZ/Xv+PcZKz3dVYCAADn0Ob1qJXT/nVTku5ikwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuyjYAAP//GDMaXg==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 9.704330376s ago: executing program 2: syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000001980)=ANY=[@ANYBLOB="696f636861727365743d6d61636963656c616e642c646973636172642c696f636861727365743d69736f383835392d342c646d61736b3d30303030303030303030303030303030303030303031312c646973636172642c6572726f72733d72656d6f756e742d726f2c6572726f72733d72656d6f756e742d726f2c646d61736b3d30303030303030303030303030303030303030303030352c696f636861727365743d63703836302c6572726f72733d636f6e74696e75652c00401b3ed5707e114e487d8a07ac5bf76c35e1ec263fd239572442aeebf5f0885cac9e374bd219562c4cdeda0e24ce11eca191559cabf479c5ab2264639e972d6ac2080a7132a1c1dc10a33c900944ad0198fe12202479fe30823ef0664ce2"], 0x5, 0x1516, &(0x7f0000002280)="$eJzs3AuYTlX7MPD7XmvtMSQ9TXIY1lr35kkOyyRJDknlkCRJkuSUmKRJXklIDDklDUlIDkNyGEJymJg0zufzMUmSJklCckrWd03xeXur7/2//7fv9b/+c/+ua1/Pup+177XXfu7nsPZ2+LbL0FpNat/ViIjg34K/PiQDQCwADASAawAgAIAKcRXisvtzS0z+9w7C/loPp13pGbArieufs3H9czauf87G9c/ZuP45G9c/Z+P652xcf8Zyss3TC1/LW87d+P5/Tsa///+LZJUd++Xastd3/RdSuP45G9f/f63gv7IT1z9n4/rnbFz/nI3rnxPk+tMern/OxvVnLCe70vef/2GLgSs/hxy1Xen3H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxnOGMv0wBwKX2lZ4XY4wxxhhjjDHG/jo+15WeAWOMMcYYY4wxxv7/QxAgQUEAMZALYiE35AEBAFdDPrgGInAtxMF1kB+uhwJQEApBYYiHIlAUNBiwQBBCMSgOUbgBSsCNUBJKQWkoAw7KQgLcBOXgZigPt0AFuBUqwm1QCSpDFagKt0M1uAOqw51wF9wNNaAm1ILacA/UgXuhLtwH9eB+qA8PQAN4EBrCQ9AIHobG8Ag0gUehKTwGzaA5tICW0Oq/lf8i9ICXoCf0gmToDX3gZegL/aA/DICB8AoMgldhMLwGKTAEhsLrMAzegOHwJoyAkTAK3oLR8DaMgbEwDsZDKkyAifAOTIJ3YTJMgakwDdJgOsyA92AmzILZ8D7MgQ9gLsyD+bAA0uFDWAiLIAM+gsXwMWTCElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDvsgJ2wC3bDJ7AHPoW98Bnsg8//xfzT/5DfFQEBBQpUqDAGYzAWYzEP5sG8mBfzYT6MYATjMA7zY34sgAWwEBbCeIzHolgUDRokJCyGxTCKUSyBJbAklsTSWBodOkzABCyHN2N5LI8VsAJWxIpYCStjZayKVbEaVsPqWB3vwruwBtbAWlgL78F7sDfWxbpYD+thfax/6fYUNsJG2BgbYxNsgk2xKTbDZtgCW2ArbIWtsTW2wTaYiInYDtthe2yPSZiEHbADdsSO2Ak7YWfsjF2wC3bFbtgNX8wF+BK+hL2whuiNfbAP9sWUXP1xAA7AV3AQvoqv4muYgkNwKL6Or+MbOBxP4QgciaNwFFYTb+MYHIskxmMqpuJEnIiTcBJOxik4BadhGk7HGTgDZ+IsnIXv4xz8AD/AeTgPF2A6puNCXIQZmIGL8TRm4hJcistwOa7A5bgKV+MqXIvrcC1uwA24CTfhFtyC23Ab7sAduAsVAH6Cn+KnmIL7cB/ux/14AA/gQTyIWZiFh/AQHsbDeASP4FE8isfwOJ7A43gST+IpPI1n8Ayew3N4Hp+P/7rxrlJrUkBkU0KJGBEjYkWsyCPyiLwir8gn8omIiIg4ESfyi/yigCggColCIl7Ei6KiqDDCCBJhDACIqIiKEqKEKClKitKitHDCiQSRIMqJcqK8KC8qiFtFRXGbqCQqi7auqqgqqolEV13cKe4Sd4kaoqaoJWqL2qKOqCPqirqinqgn6ov6ooF4UDQUvbE/PiyyK9NEDMGmYig2E82FvPgN1loMxzairUgUT4qROALbi9YuSTwjOogx2FH8TYzF50RnMR67iBdEV9FNdBcvih6ijespeonJ2Fv0EdOwr+gn+osBYibWFO/jnNy1xGsiRQwRQ8XrYgG+IYaLN8UIMVKMEm+J0eJtMUaMFePEeJEqJoiJ4h0xSbwrJospYqqYJtLEdDFDvCdmillitnhfzBEfiLlinpgvFoh08aFYKBaJDPGRWCw+FpliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2id3iE7FHfCr2is/EPvG52C++EAfEl+Kg+Epkia/FIfGNOCy+FUfEd+Ko+F4cE8fFCfGDOCl+FKfEaXFGnBXnxE/ivPhZXBBegEQppJRKBjJG5pKxMrfMI6+SeWVw8dW9VsbJ62R+eb0sIAvKQrKwjJdFZFGppZFWkgxlMVlcRuUNsoS8UZaUpWRpWUY6WVYmyJtkOXmzLC9vkRXkrbKivE1WkpVlFVlV3i6ryTskRH49Rg1ZU9aSteU9so68V9aV98l68n5ZXz4gG8gHZUP5kGwkH5aN5SOyiXxUNpWPyWayuWwhW8pW8nHZWj4h28i2MlE+KdvJp2R7+bRMks/IDtJffIs8JzvL52UX+YLsKrvJ7vJneUF62VP2kgC9ZR/5suwr+8n+coAcKF+Rg+SrcrB8TabIIXKofF0Ok2/I4fJNOUKOlKPkW3K0fFuOkWPlODlepsoJcqJ8R06S78rJcoqcKqfJNDld9r840mwp/2n+O3+QP/iXo2+Sm+UWuVVuk9vlDrlT7pK75W65R+6Re+VeuU/uk/vlfnlAHpAH5UGZJbPkIXlIHpaH5RF5RB6VR+UxeVyelT/Ik/JHeUqelqflWXlOnpPnL74GoFAJJZVSgYpRuVSsyq3yqKtUXnW1yqeuURF1rYpT16n86npVQBVUhVRhFa+KqKJKK6OsIhWqYqq4iqob8OIbRpVWZZRTZVWCuulfyVcl1I2qpCr1m/xL80v+k/m1Uq1Ua9VatVFtVKJKVO1UO9VetVdJKkl1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VbJKVn3Uy6qv6qf6qwFqoHpFDVKD1GA1WKWoFDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVqlLVRDVRTVKT1GQ1WU1VU1WaSlMz1Aw1U81Us9VsNUfNUXPVXDVfzVfpKl0tVAtVhspQi9VilamWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qU21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVZbKUofUIXVYHVZH1BF1VB1Vx9QxdUKdUCfVSXVKnVJn1Bl1Tp1T59V5dUFdyF72BSIQgQpUEBPEBLFBbJAnyBPkDfIG+YJ8QSSIBHFBXJA/uD4oEBQMCgWFg/igSFA00IEJbCAuFj0a3BCUCG4MSgalgtJBmcAFZYOE4KagXHBzUD64JagQ3BpUDG4LKgWVgypB1eD2oFpwR1A9uDO4K7g7qBHUDGoFtYN7gjrBvUHd4L6gXnB/UD94IGgQPBg0DB4KGgUPB42DR4ImwaNB0+CxoFnQPGgRtAxa/aXje3+q4BOup+6lk3Vv3Ue/rPvqfrq/HqAH6lf0IP2qHqxf0yl6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XqXqCnqjf0ZP0u3qynqKn6mk6TU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtcf6oV6kc7QH+nF+mOdqZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdJb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QP+iT+kd9Sp/WZ/RZfU7/pM/rn/UF7bMX99k/70YZZWJMjIk1sSaPyWPymrwmn8lnIiZi4kycyW/ymwKmgClkCpl4E2+KmqImGxkyxUwxEzVRU8KUMCVNSVPalDbOOJNgEkw5U86UN+VNBVPBVDQVTSVTyVQxVczt5nZzh7nD3GnuNHebu01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU0z08y0MC1MK9PKtDatTRvTxiSaRNPOtDPtTXuTZJJMB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySbZNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNiUsxQM9QMM8PMcDPcjDAjzajshap524wxY804M96kmlQz0Uw0k8wkM9lMNlPNVJNm0swMM8PMNDPNbDPbzDFzzFwz18w38026STcLzUKTYTLMYrPYZJpMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTJZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5qQ5aU6ZU+aMOWPOmYIXfy+9ibW5bR57lc1rr7b57DX2H+NCtrCNt0VsUattAVvwN7Gx1pa0pWxpW8Y6W9Ym2Jt+F1eylW0VW9XebqvZO2z138V17L22rr3P1rP329r2nt/E9e0DtoF91DZEBLDNbWPb0jaxj9qm9jHbzDa3LWxL284+Zdvbp22SfcZ2sM/+Ll5oF9nVdo1da9fZPfZTe8aetYftt/ac/cn2tL3sQPuKHWRftYPtazbFDvldPMq+ZUfbt+0YO9aOs+N/F0+102yanW5n2PfsTDvrd3G6/dDOsRl2rp1n59sFv8TZc8qwH9nF9mObaZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+4ndarfZ7XaH3Wl3/RJnn8de+5ndZz+3h+w39oD90h60R2yW/fqXOPv8jtjv7FH7vT1mj9sT9gd70v5oT9nTv5x/9rn/YH+2F6y3QEhAkhQFFEO5KJZyUx66ivLS1ZSPrqEIXUtxdB3lp+upABWkQlSY4qkIFSVNhiwRhVSMilOUbqBL6/TSVIYclaUEuonK0c1Unm6hCnQrVaTbqBJVpipUlW6nanQHVac76S66m2pQTapFtekeqkP3Ul26j+rR/VSfHqAG9CA1pIeoET1MjekRakKPUlN6jJpRc2pBLakVPU6t6QlqQ20pkZ6kdvQUtaenKYmeoQ70LHWkv1Eneo460/PUhV6grtSNutOL1INeop7Ui5KpN/Whl6kv9aP+NIAG0is0iF6lwfQapdAQGkqv0zB6g4bTmzSCRtIoeotG09s0hsbSOBpPqTSBJtI7NInepck0habSNEqj6TSD3qOZNItm0/s0hz6guTSP5tMCSqcPaSEtogz6iBbTx5RJS2gpLaPltIJW0ipaTWtoLa2j9bSBNtIm2kxbaCtto+20g3bSLtpNn9Ae+pT20me0jz6n/fQFHaAv6SB9RVn0NR2ib+gwfUtH6Dvfi76nY3ScTtAPdJJ+pFN0ms7QWTpHP9F5+pkukCcIMRShDFUYhDFhrjA2zB3mCa8K84ZXh/nCa8JIeG0YF14X5g+vDwuEBcNCYeEwPiwSFg11aEIbUhiGxcLiYTS8ISwR3hiWDEuFpcMyoQvLhgnhTWG58OawfHhLWCG8NawY3hZWCiuHj95fNbw9rBbeEVYP7wwTw7vDGmHNsFZYO7wnrBPeG9YN7wvrhfeH5cMHwgbhg2HD8KGwUfhw2Dh8JGwSPho2DR8Lm4XNwxZhy7BV+HjYOnwibBO2DRPDJ8N24VNh+/DpMCl8JuwQPvtL/wOL/rw/Oewd9glfDl8Ovb9Pzo8uiKZHP4wujC6KZkQ/ii6OfhzNjC6JLo0uiy6ProiujK6Kro6uia6Nrouuj26IboxuinpfOxc4dMJJp1zgYlwuF+tyuzzuKpfXXe3yuWtcxF3r4tx1Lr+73hVwBV0hV9jFuyKuqNPOOOvIha6YK+6i7gZXwt3oSrpSrrQr45wr6xJcS9fKtXKt3ROujWvrEt2T7kn3lHvKPe2eds+4Du5Z19H9zXVyz7nO7nn3vHvBdXXdXHf3ouvhJuT79TOZ7Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7FJcihvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLdaluopvoJrlJbrKb7Ka6qS7NpbkZboab6Wa6arN+PcpcN9fNd/Ndukt3C132mjHDLXaLXabLdEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8Nb8O6va5/W6/O+AOuIPuK5flvnaH3DfusPvWHXHfuaPue3fMHXcn3A/upPvRnXKn3Rl31p1zP7nz7md3wXmXGpkQmRh5JzIp8m5kcmRKZGpkWiQtMj0yI/JeZGZkVmR25P3InMgHkbmReZH5kQWR9MiHkYWRRZGMyEeRxZGPI5mRJZGlkWWR5ZEVEe+LbA19MV/cR/0NvoS/0Zf0pXxpX8Y7X9Yn+Jt8OX+zL+9v8RX8rb6iv81X8pV9Ff+Yb+ab+xa+pW/lH/et/RO+jW/rE/2Tvp1/yrf3T/sk/4zv4J/1Hf3ffCf/nO/sn/dd/Au+q+/mu/sXfQ//ku/pe/lk39v38S/7vr6f7+8H+IH+FT/Iv+oH+9d8ih/ih/rX/TD/hh/u3/Qj/Eg/KuYtP/rSJTKM96l+gp/o3/GT/Lt+sp/ip/ppPs1P9zP8e36mn+Vn+/f9HP+Bn+vn+fl+gU/3H/qFfpHP8B/5xf5jn+mXXLqp7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//E7/Gf+r3+M7/Pf+73+y/8Af+lP+i/8ln+a3/If+MP+2/9Ef+dP+q/98f8cX/C/+BP+h/9KX/an/Fn/Tn/kz/vf/YX+N+sMcYYY4z9l0y43BR/1N/7D54Tf7dzHwC4elvhrL/vz15Rri/wa7ufiG8XAYBnenV5+NJWo0ZycvLFfTMlBMXnAVz6k6BsMXA5XgKJ8BQkQVso94fz7ye6naN/Mn70VoA8f5cTC5fjy+N/8SfjP/7kqIUVwzNx/4/x5wGULH45JzdcjpdAosp+bAvl/2T8gq3/yfxzf5kK0ObvcvLC5fjy/BPgCXgWkn6zJ2OMMcYYY4wx9qt+okqnS9efl/7G5x9dn8eryzm54HL8z67PGWOMMcYYY4wxduU91637048nJbXt9K83qv+3srjxP7XhPcClZxQA/JsDAvzHz2LLf+RYKRc/Ov/YtfysD+B/Rin/isYV/mJijDHGGGOM/eUuL/p/+7y6UhNijDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZyoP/Efyd2pc+RMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu9L+TwAAAP//8SoNew==") mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r3, 0x2000009) sendfile(r2, r3, 0x0, 0x7ffff000) splice(r1, 0x0, r0, 0x0, 0xdf, 0x0) 9.454482774s ago: executing program 2: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90724fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) 9.13931976s ago: executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f00000003c0)={0x0, 0x0, r2}) 8.841376458s ago: executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap$IORING_OFF_CQ_RING(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xb8031, 0xffffffffffffffff, 0x8000000) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000040), 0x4) 8.745596567s ago: executing program 4: prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x21, &(0x7f0000000200)="24fc911e918c74ad7a0e599e17a90ecabe833ca12054887f4142a64471dbe048", 0x20) getsockopt$inet_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000080)) 8.640884856s ago: executing program 4: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) setpgid(0x0, r1) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file3\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file7\x00', 0x0) 7.731824195s ago: executing program 4: syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000001980)=ANY=[@ANYBLOB="696f636861727365743d6d61636963656c616e642c646973636172642c696f636861727365743d69736f383835392d342c646d61736b3d30303030303030303030303030303030303030303031312c646973636172642c6572726f72733d72656d6f756e742d726f2c6572726f72733d72656d6f756e742d726f2c646d61736b3d30303030303030303030303030303030303030303030352c696f636861727365743d63703836302c6572726f72733d636f6e74696e75652c00401b3ed5707e114e487d8a07ac5bf76c35e1ec263fd239572442aeebf5f0885cac9e374bd219562c4cdeda0e24ce11eca191559cabf479c5ab2264639e972d6ac2080a7132a1c1dc10a33c900944ad0198fe12202479fe30823ef0664ce2"], 0x5, 0x1516, &(0x7f0000002280)="$eJzs3AuYTlX7MPD7XmvtMSQ9TXIY1lr35kkOyyRJDknlkCRJkuSUmKRJXklIDDklDUlIDkNyGEJymJg0zufzMUmSJklCckrWd03xeXur7/2//7fv9b/+c/+ua1/Pup+177XXfu7nsPZ2+LbL0FpNat/ViIjg34K/PiQDQCwADASAawAgAIAKcRXisvtzS0z+9w7C/loPp13pGbArieufs3H9czauf87G9c/ZuP45G9c/Z+P652xcf8Zyss3TC1/LW87d+P5/Tsa///+LZJUd++Xastd3/RdSuP45G9f/f63gv7IT1z9n4/rnbFz/nI3rnxPk+tMern/OxvVnLCe70vef/2GLgSs/hxy1Xen3H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxnOGMv0wBwKX2lZ4XY4wxxhhjjDHG/jo+15WeAWOMMcYYY4wxxv7/QxAgQUEAMZALYiE35AEBAFdDPrgGInAtxMF1kB+uhwJQEApBYYiHIlAUNBiwQBBCMSgOUbgBSsCNUBJKQWkoAw7KQgLcBOXgZigPt0AFuBUqwm1QCSpDFagKt0M1uAOqw51wF9wNNaAm1ILacA/UgXuhLtwH9eB+qA8PQAN4EBrCQ9AIHobG8Ag0gUehKTwGzaA5tICW0Oq/lf8i9ICXoCf0gmToDX3gZegL/aA/DICB8AoMgldhMLwGKTAEhsLrMAzegOHwJoyAkTAK3oLR8DaMgbEwDsZDKkyAifAOTIJ3YTJMgakwDdJgOsyA92AmzILZ8D7MgQ9gLsyD+bAA0uFDWAiLIAM+gsXwMWTCElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDvsgJ2wC3bDJ7AHPoW98Bnsg8//xfzT/5DfFQEBBQpUqDAGYzAWYzEP5sG8mBfzYT6MYATjMA7zY34sgAWwEBbCeIzHolgUDRokJCyGxTCKUSyBJbAklsTSWBodOkzABCyHN2N5LI8VsAJWxIpYCStjZayKVbEaVsPqWB3vwruwBtbAWlgL78F7sDfWxbpYD+thfax/6fYUNsJG2BgbYxNsgk2xKTbDZtgCW2ArbIWtsTW2wTaYiInYDtthe2yPSZiEHbADdsSO2Ak7YWfsjF2wC3bFbtgNX8wF+BK+hL2whuiNfbAP9sWUXP1xAA7AV3AQvoqv4muYgkNwKL6Or+MbOBxP4QgciaNwFFYTb+MYHIskxmMqpuJEnIiTcBJOxik4BadhGk7HGTgDZ+IsnIXv4xz8AD/AeTgPF2A6puNCXIQZmIGL8TRm4hJcistwOa7A5bgKV+MqXIvrcC1uwA24CTfhFtyC23Ab7sAduAsVAH6Cn+KnmIL7cB/ux/14AA/gQTyIWZiFh/AQHsbDeASP4FE8isfwOJ7A43gST+IpPI1n8Ayew3N4Hp+P/7rxrlJrUkBkU0KJGBEjYkWsyCPyiLwir8gn8omIiIg4ESfyi/yigCggColCIl7Ei6KiqDDCCBJhDACIqIiKEqKEKClKitKitHDCiQSRIMqJcqK8KC8qiFtFRXGbqCQqi7auqqgqqolEV13cKe4Sd4kaoqaoJWqL2qKOqCPqirqinqgn6ov6ooF4UDQUvbE/PiyyK9NEDMGmYig2E82FvPgN1loMxzairUgUT4qROALbi9YuSTwjOogx2FH8TYzF50RnMR67iBdEV9FNdBcvih6ijespeonJ2Fv0EdOwr+gn+osBYibWFO/jnNy1xGsiRQwRQ8XrYgG+IYaLN8UIMVKMEm+J0eJtMUaMFePEeJEqJoiJ4h0xSbwrJospYqqYJtLEdDFDvCdmillitnhfzBEfiLlinpgvFoh08aFYKBaJDPGRWCw+FpliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2id3iE7FHfCr2is/EPvG52C++EAfEl+Kg+Epkia/FIfGNOCy+FUfEd+Ko+F4cE8fFCfGDOCl+FKfEaXFGnBXnxE/ivPhZXBBegEQppJRKBjJG5pKxMrfMI6+SeWVw8dW9VsbJ62R+eb0sIAvKQrKwjJdFZFGppZFWkgxlMVlcRuUNsoS8UZaUpWRpWUY6WVYmyJtkOXmzLC9vkRXkrbKivE1WkpVlFVlV3i6ryTskRH49Rg1ZU9aSteU9so68V9aV98l68n5ZXz4gG8gHZUP5kGwkH5aN5SOyiXxUNpWPyWayuWwhW8pW8nHZWj4h28i2MlE+KdvJp2R7+bRMks/IDtJffIs8JzvL52UX+YLsKrvJ7vJneUF62VP2kgC9ZR/5suwr+8n+coAcKF+Rg+SrcrB8TabIIXKofF0Ok2/I4fJNOUKOlKPkW3K0fFuOkWPlODlepsoJcqJ8R06S78rJcoqcKqfJNDld9r840mwp/2n+O3+QP/iXo2+Sm+UWuVVuk9vlDrlT7pK75W65R+6Re+VeuU/uk/vlfnlAHpAH5UGZJbPkIXlIHpaH5RF5RB6VR+UxeVyelT/Ik/JHeUqelqflWXlOnpPnL74GoFAJJZVSgYpRuVSsyq3yqKtUXnW1yqeuURF1rYpT16n86npVQBVUhVRhFa+KqKJKK6OsIhWqYqq4iqob8OIbRpVWZZRTZVWCuulfyVcl1I2qpCr1m/xL80v+k/m1Uq1Ua9VatVFtVKJKVO1UO9VetVdJKkl1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VbJKVn3Uy6qv6qf6qwFqoHpFDVKD1GA1WKWoFDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVqlLVRDVRTVKT1GQ1WU1VU1WaSlMz1Aw1U81Us9VsNUfNUXPVXDVfzVfpKl0tVAtVhspQi9VilamWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qU21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVZbKUofUIXVYHVZH1BF1VB1Vx9QxdUKdUCfVSXVKnVJn1Bl1Tp1T59V5dUFdyF72BSIQgQpUEBPEBLFBbJAnyBPkDfIG+YJ8QSSIBHFBXJA/uD4oEBQMCgWFg/igSFA00IEJbCAuFj0a3BCUCG4MSgalgtJBmcAFZYOE4KagXHBzUD64JagQ3BpUDG4LKgWVgypB1eD2oFpwR1A9uDO4K7g7qBHUDGoFtYN7gjrBvUHd4L6gXnB/UD94IGgQPBg0DB4KGgUPB42DR4ImwaNB0+CxoFnQPGgRtAxa/aXje3+q4BOup+6lk3Vv3Ue/rPvqfrq/HqAH6lf0IP2qHqxf0yl6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XqXqCnqjf0ZP0u3qynqKn6mk6TU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtcf6oV6kc7QH+nF+mOdqZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdJb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QP+iT+kd9Sp/WZ/RZfU7/pM/rn/UF7bMX99k/70YZZWJMjIk1sSaPyWPymrwmn8lnIiZi4kycyW/ymwKmgClkCpl4E2+KmqImGxkyxUwxEzVRU8KUMCVNSVPalDbOOJNgEkw5U86UN+VNBVPBVDQVTSVTyVQxVczt5nZzh7nD3GnuNHebu01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU0z08y0MC1MK9PKtDatTRvTxiSaRNPOtDPtTXuTZJJMB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySbZNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNiUsxQM9QMM8PMcDPcjDAjzajshap524wxY804M96kmlQz0Uw0k8wkM9lMNlPNVJNm0swMM8PMNDPNbDPbzDFzzFwz18w38026STcLzUKTYTLMYrPYZJpMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTJZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5qQ5aU6ZU+aMOWPOmYIXfy+9ibW5bR57lc1rr7b57DX2H+NCtrCNt0VsUattAVvwN7Gx1pa0pWxpW8Y6W9Ym2Jt+F1eylW0VW9XebqvZO2z138V17L22rr3P1rP329r2nt/E9e0DtoF91DZEBLDNbWPb0jaxj9qm9jHbzDa3LWxL284+Zdvbp22SfcZ2sM/+Ll5oF9nVdo1da9fZPfZTe8aetYftt/ac/cn2tL3sQPuKHWRftYPtazbFDvldPMq+ZUfbt+0YO9aOs+N/F0+102yanW5n2PfsTDvrd3G6/dDOsRl2rp1n59sFv8TZc8qwH9nF9mObaZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+4ndarfZ7XaH3Wl3/RJnn8de+5ndZz+3h+w39oD90h60R2yW/fqXOPv8jtjv7FH7vT1mj9sT9gd70v5oT9nTv5x/9rn/YH+2F6y3QEhAkhQFFEO5KJZyUx66ivLS1ZSPrqEIXUtxdB3lp+upABWkQlSY4qkIFSVNhiwRhVSMilOUbqBL6/TSVIYclaUEuonK0c1Unm6hCnQrVaTbqBJVpipUlW6nanQHVac76S66m2pQTapFtekeqkP3Ul26j+rR/VSfHqAG9CA1pIeoET1MjekRakKPUlN6jJpRc2pBLakVPU6t6QlqQ20pkZ6kdvQUtaenKYmeoQ70LHWkv1Eneo460/PUhV6grtSNutOL1INeop7Ui5KpN/Whl6kv9aP+NIAG0is0iF6lwfQapdAQGkqv0zB6g4bTmzSCRtIoeotG09s0hsbSOBpPqTSBJtI7NInepck0habSNEqj6TSD3qOZNItm0/s0hz6guTSP5tMCSqcPaSEtogz6iBbTx5RJS2gpLaPltIJW0ipaTWtoLa2j9bSBNtIm2kxbaCtto+20g3bSLtpNn9Ae+pT20me0jz6n/fQFHaAv6SB9RVn0NR2ib+gwfUtH6Dvfi76nY3ScTtAPdJJ+pFN0ms7QWTpHP9F5+pkukCcIMRShDFUYhDFhrjA2zB3mCa8K84ZXh/nCa8JIeG0YF14X5g+vDwuEBcNCYeEwPiwSFg11aEIbUhiGxcLiYTS8ISwR3hiWDEuFpcMyoQvLhgnhTWG58OawfHhLWCG8NawY3hZWCiuHj95fNbw9rBbeEVYP7wwTw7vDGmHNsFZYO7wnrBPeG9YN7wvrhfeH5cMHwgbhg2HD8KGwUfhw2Dh8JGwSPho2DR8Lm4XNwxZhy7BV+HjYOnwibBO2DRPDJ8N24VNh+/DpMCl8JuwQPvtL/wOL/rw/Oewd9glfDl8Ovb9Pzo8uiKZHP4wujC6KZkQ/ii6OfhzNjC6JLo0uiy6ProiujK6Kro6uia6Nrouuj26IboxuinpfOxc4dMJJp1zgYlwuF+tyuzzuKpfXXe3yuWtcxF3r4tx1Lr+73hVwBV0hV9jFuyKuqNPOOOvIha6YK+6i7gZXwt3oSrpSrrQr45wr6xJcS9fKtXKt3ROujWvrEt2T7kn3lHvKPe2eds+4Du5Z19H9zXVyz7nO7nn3vHvBdXXdXHf3ouvhJuT79TOZ7Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7FJcihvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLdaluopvoJrlJbrKb7Ka6qS7NpbkZboab6Wa6arN+PcpcN9fNd/Ndukt3C132mjHDLXaLXabLdEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8Nb8O6va5/W6/O+AOuIPuK5flvnaH3DfusPvWHXHfuaPue3fMHXcn3A/upPvRnXKn3Rl31p1zP7nz7md3wXmXGpkQmRh5JzIp8m5kcmRKZGpkWiQtMj0yI/JeZGZkVmR25P3InMgHkbmReZH5kQWR9MiHkYWRRZGMyEeRxZGPI5mRJZGlkWWR5ZEVEe+LbA19MV/cR/0NvoS/0Zf0pXxpX8Y7X9Yn+Jt8OX+zL+9v8RX8rb6iv81X8pV9Ff+Yb+ab+xa+pW/lH/et/RO+jW/rE/2Tvp1/yrf3T/sk/4zv4J/1Hf3ffCf/nO/sn/dd/Au+q+/mu/sXfQ//ku/pe/lk39v38S/7vr6f7+8H+IH+FT/Iv+oH+9d8ih/ih/rX/TD/hh/u3/Qj/Eg/KuYtP/rSJTKM96l+gp/o3/GT/Lt+sp/ip/ppPs1P9zP8e36mn+Vn+/f9HP+Bn+vn+fl+gU/3H/qFfpHP8B/5xf5jn+mXXLqp7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//E7/Gf+r3+M7/Pf+73+y/8Af+lP+i/8ln+a3/If+MP+2/9Ef+dP+q/98f8cX/C/+BP+h/9KX/an/Fn/Tn/kz/vf/YX+N+sMcYYY4z9l0y43BR/1N/7D54Tf7dzHwC4elvhrL/vz15Rri/wa7ufiG8XAYBnenV5+NJWo0ZycvLFfTMlBMXnAVz6k6BsMXA5XgKJ8BQkQVso94fz7ye6naN/Mn70VoA8f5cTC5fjy+N/8SfjP/7kqIUVwzNx/4/x5wGULH45JzdcjpdAosp+bAvl/2T8gq3/yfxzf5kK0ObvcvLC5fjy/BPgCXgWkn6zJ2OMMcYYY4wx9qt+okqnS9efl/7G5x9dn8eryzm54HL8z67PGWOMMcYYY4wxduU91637048nJbXt9K83qv+3srjxP7XhPcClZxQA/JsDAvzHz2LLf+RYKRc/Ov/YtfysD+B/Rin/isYV/mJijDHGGGOM/eUuL/p/+7y6UhNijDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZyoP/Efyd2pc+RMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu9L+TwAAAP//8SoNew==") mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r3, 0x2000009) sendfile(r2, r3, 0x0, 0x7ffff000) splice(r1, 0x0, r0, 0x0, 0xdf, 0x0) 6.512976641s ago: executing program 4: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4) bind$unix(r0, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e) 6.116969317s ago: executing program 4: r0 = syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000000)='./file2\x00', 0x4001, &(0x7f00000003c0)={[{@nouser_xattr}, {@jqfmt_vfsv0}, {@four_active_logs}, {@data_flush}, {@heap}, {@nouser_xattr}, {@quota}, {@resuid={'resuid', 0x3d, 0xee01}}, {@usrjquota={'usrjquota', 0x3d, 'noflush_merge'}}, {@noflush_merge}, {@noinline_data}, {@grpjquota={'grpjquota', 0x3d, '+~N~^\x05[\x1b=^\x00\x1e\xe1\x06\x86\xa2\xec\xc19lh\xa6\xb1\x84\xe2\x7f\xe0\x13\xa1HTx\x8ey\xd55:\x90\xe5 \x9b\xbc\xbe\x9d/\xacPN\xbed\xb0\x84\xd7\xfd\xff\x92*Q\xe8&\xd8\x1d\x8c5\r\x96I\xc9\x0eq\x01\xd1;t$\xe0XVU\x1c\xbf\x84L\xd3\xf3\xf43\xd1\xb7\"\nn\f\xeby\x9d\xdf\xcb\\\xcc\xe6Zk\xe6\xf6]\xd9/\xe3\xc5k\x17\x04\xee'}}]}, 0x0, 0x5516, &(0x7f0000000a40)="$eJzs3E1rY+UXAPCTtJ33//yLuHA3FwahhUlo+jLoruoMvmCHMurClaZJGjKT5JYmTWtXLlyKC7+JKLhy6Wdw4dqduFDcCUruvdWpLyA0bez094Obc58nT849TxgGzr0lAVxY88nPP5biZlyNiJmIuBGRnZeKI7Oeh+ci4lZElJ84SsX87xOXIuJaRNwcJ89zloq3Pr0zur32wxs/ffXN5dnrn3357fR2DUzb8xHR28nP93t5TNt5fFTM10edLPZWR0XM3+g9LsZpHvdbW1mG/frRunoWV9r5+nRnbzCO2916Yxzbne1sfqefX3Awah/lyT7wqL6bjZutrSx2BmkW24d5XQeH+f9th4NhnqdZ5PsgSx/D4VHM51sHrXw/O4+z2OgPi/k8b9psHYzjqIjF5aKRdptZHVsn+ab/297s9PcOklFrd9BJ+8latfZCtXa3UttNm61ha7VS7zXvriYL7e54WWXYqvfW22na7raqjbS3mCy0G41KrZYs3Gttder9pFarrlSXKmuLxdmd5NUH7yTdZrIwji93+nvDTneQbKe7Sf6JxWS5uvLiYnK7lry1sZlsPrx/f2Pz7ffuvfvgpY3XXykW/aWsZGF5aXm5UluqLNcWL9D+PyqKnuD+4URK0y4A4PzR/wPTcHr9/+7DiNPv/0P/PxHnqv+94P1/+RT2Dyei/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLC+m/v8texkPh9fL+b/V0w9U4xLEVGOiF//xkxcOpZzpsgz9w/r5/5Uw9elyDKMr3G5OK5FxHpx/PL/0/4WAAAA4On1xYe3Psm79fxlftoFcZbymzblG+9PKF8pIubmv59QtvL45dkJJcv+fc/GwYSyZTewrkwoWX7LbXZS2f6VmWPhyhOhlIfymZYDAACcieOdwNl2IQAAAJylj6ddANNRiqNHmUfPgrO/vP/jgeDVYyMAAADgHCpNuwAAAADg1GX9v9//AwAAgKdb/vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MbO3eSkDgRwAB8KffC+8siLe6/iDo7hEVy6NBzAS3AEvIIX4Ay44wgGDJ2JsfIRpS0V8/slZehA/8wQWMxHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KSnfDZ+uLu8r5qzWldTT28AAACAXRb5bFw8Gcbz36n+b6r6n847IYQshLBr7N4NP0qZ3ZST73l//q4NjyEUCZvP6KfjVwjhKh3P/5r+FgAAAOD7mk+mozhajw/DthvEKcVJm+zP9dYrnaPyNlflw2XldkXZJu+iprDi990LtzWlFRNYg5rC4pRbr1TVqyt7j+Lv/jprN3hTdGKRHb6+tr4DAAAn1C0VTY87AAAAaM9N2w2gHcUqb9qLn5YC+7FIy3s/S2cAAADAF7U+sJX7uF3eAAAAwDkpxv/u/wcAAADn6aML+/H+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADRpkc/G88l09Lmr+ls1q3U1YVlfnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBf25x0FQiAMwmDv+s5k7n9YadDM3KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADe/e4v/yemxplk7rWx9DySrJ0aW6fG3rlx9Ifx9WsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNifoxQGYSCKoq9t2uqfZOGuWR7oGkQ4BwKXGeYjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRK/z5X3Fp7ElGZ02vh3PJL+uGv+uGksPGmsPZrKPu38EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLBz/y5yVHEAwN/M7Gy8qLiessWJKFhoYzabmJhOLJTDwj9BOC6beGbjj+QKE4JwjZ1cnUa0FBGUs8v/kDqBNLFLsUUEa+XNztxNkgVXQ2Y2t58PvHnfHYZ53/cOjvvOm1sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGjy/kGcxUNvGqfluVv3r23G/vZDfXRj985abDFOmkz66fBq/UPSby8RAAAAlkdW1fchhLv53nrs015R/+fVNbHm/+H5aVzV8w/X/VVf1f6x/f7bvZf3B+pNx4k3Pbc1Hh1/NJXOk5vlYnvhX6/oFCtfPHvJih9I+tHOS5O8WM/ku5s3P+gW4ZEmsgUA/o9jVV8G1d9DsR+2mRgAS6NTK7yr+j/rtZsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBMmO+HZKk5CCGudgzi6ff/a5qz+xu6dtaqdvn59t37PeIs8hHBuazw63uBcFt3lK1cvbIzHo0vNB6+FENoa/b1y+hc+mePiEB5v0JVysJbWeemDtFz/Rcnn6Qha+oUEAMChlZct1vV38731eC5ZDeHvHx+s/9+sxWHO+v/ep6dv1ceq1//Dxma4+AbbF78cXL5y9e2tixvnR+dHn79zYvju8OSZU6fODIpnJQNPTAAAAHg83bLV6/909dH9/6O1OMxZ/3/1/fCb+liZ+n+mg02/tjMBAABYbi++/tefyYzzSbcbvt7Y3r40nB73P5+YHltI9T87UrZ6/Z+ttp0VAAAA0ITJTvLA/v/ZWhzm3P9/7qdXfqnfMwshrJT7/8c2vxifbW46C62BfycOs55fAQAAsDxWylbf/8+L9//T/ZIxDSG89cY0Lr8GcK76P/vw25/rY9Xf/z/Z3BQXUtqfrkfR90Po9NvOCAAAgMPsmbLFYv+PfG/9s1+Pftz1/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA0/4JAAD//7U3PNU=") ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0xf505, 0x0) 5.856302267s ago: executing program 4: r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a6, &(0x7f0000000640)={{@host}, @hyper, 0xb, 0x0, 0x400000}) 3.038542535s ago: executing program 1: syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000001980)=ANY=[@ANYBLOB="696f636861727365743d6d61636963656c616e642c646973636172642c696f636861727365743d69736f383835392d342c646d61736b3d30303030303030303030303030303030303030303031312c646973636172642c6572726f72733d72656d6f756e742d726f2c6572726f72733d72656d6f756e742d726f2c646d61736b3d30303030303030303030303030303030303030303030352c696f636861727365743d63703836302c6572726f72733d636f6e74696e75652c00401b3ed5707e114e487d8a07ac5bf76c35e1ec263fd239572442aeebf5f0885cac9e374bd219562c4cdeda0e24ce11eca191559cabf479c5ab2264639e972d6ac2080a7132a1c1dc10a33c900944ad0198fe12202479fe30823ef0664ce2"], 0x5, 0x1516, &(0x7f0000002280)="$eJzs3AuYTlX7MPD7XmvtMSQ9TXIY1lr35kkOyyRJDknlkCRJkuSUmKRJXklIDDklDUlIDkNyGEJymJg0zufzMUmSJklCckrWd03xeXur7/2//7fv9b/+c/+ua1/Pup+177XXfu7nsPZ2+LbL0FpNat/ViIjg34K/PiQDQCwADASAawAgAIAKcRXisvtzS0z+9w7C/loPp13pGbArieufs3H9czauf87G9c/ZuP45G9c/Z+P652xcf8Zyss3TC1/LW87d+P5/Tsa///+LZJUd++Xastd3/RdSuP45G9f/f63gv7IT1z9n4/rnbFz/nI3rnxPk+tMern/OxvVnLCe70vef/2GLgSs/hxy1Xen3H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxnOGMv0wBwKX2lZ4XY4wxxhhjjDHG/jo+15WeAWOMMcYYY4wxxv7/QxAgQUEAMZALYiE35AEBAFdDPrgGInAtxMF1kB+uhwJQEApBYYiHIlAUNBiwQBBCMSgOUbgBSsCNUBJKQWkoAw7KQgLcBOXgZigPt0AFuBUqwm1QCSpDFagKt0M1uAOqw51wF9wNNaAm1ILacA/UgXuhLtwH9eB+qA8PQAN4EBrCQ9AIHobG8Ag0gUehKTwGzaA5tICW0Oq/lf8i9ICXoCf0gmToDX3gZegL/aA/DICB8AoMgldhMLwGKTAEhsLrMAzegOHwJoyAkTAK3oLR8DaMgbEwDsZDKkyAifAOTIJ3YTJMgakwDdJgOsyA92AmzILZ8D7MgQ9gLsyD+bAA0uFDWAiLIAM+gsXwMWTCElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDvsgJ2wC3bDJ7AHPoW98Bnsg8//xfzT/5DfFQEBBQpUqDAGYzAWYzEP5sG8mBfzYT6MYATjMA7zY34sgAWwEBbCeIzHolgUDRokJCyGxTCKUSyBJbAklsTSWBodOkzABCyHN2N5LI8VsAJWxIpYCStjZayKVbEaVsPqWB3vwruwBtbAWlgL78F7sDfWxbpYD+thfax/6fYUNsJG2BgbYxNsgk2xKTbDZtgCW2ArbIWtsTW2wTaYiInYDtthe2yPSZiEHbADdsSO2Ak7YWfsjF2wC3bFbtgNX8wF+BK+hL2whuiNfbAP9sWUXP1xAA7AV3AQvoqv4muYgkNwKL6Or+MbOBxP4QgciaNwFFYTb+MYHIskxmMqpuJEnIiTcBJOxik4BadhGk7HGTgDZ+IsnIXv4xz8AD/AeTgPF2A6puNCXIQZmIGL8TRm4hJcistwOa7A5bgKV+MqXIvrcC1uwA24CTfhFtyC23Ab7sAduAsVAH6Cn+KnmIL7cB/ux/14AA/gQTyIWZiFh/AQHsbDeASP4FE8isfwOJ7A43gST+IpPI1n8Ayew3N4Hp+P/7rxrlJrUkBkU0KJGBEjYkWsyCPyiLwir8gn8omIiIg4ESfyi/yigCggColCIl7Ei6KiqDDCCBJhDACIqIiKEqKEKClKitKitHDCiQSRIMqJcqK8KC8qiFtFRXGbqCQqi7auqqgqqolEV13cKe4Sd4kaoqaoJWqL2qKOqCPqirqinqgn6ov6ooF4UDQUvbE/PiyyK9NEDMGmYig2E82FvPgN1loMxzairUgUT4qROALbi9YuSTwjOogx2FH8TYzF50RnMR67iBdEV9FNdBcvih6ijespeonJ2Fv0EdOwr+gn+osBYibWFO/jnNy1xGsiRQwRQ8XrYgG+IYaLN8UIMVKMEm+J0eJtMUaMFePEeJEqJoiJ4h0xSbwrJospYqqYJtLEdDFDvCdmillitnhfzBEfiLlinpgvFoh08aFYKBaJDPGRWCw+FpliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2id3iE7FHfCr2is/EPvG52C++EAfEl+Kg+Epkia/FIfGNOCy+FUfEd+Ko+F4cE8fFCfGDOCl+FKfEaXFGnBXnxE/ivPhZXBBegEQppJRKBjJG5pKxMrfMI6+SeWVw8dW9VsbJ62R+eb0sIAvKQrKwjJdFZFGppZFWkgxlMVlcRuUNsoS8UZaUpWRpWUY6WVYmyJtkOXmzLC9vkRXkrbKivE1WkpVlFVlV3i6ryTskRH49Rg1ZU9aSteU9so68V9aV98l68n5ZXz4gG8gHZUP5kGwkH5aN5SOyiXxUNpWPyWayuWwhW8pW8nHZWj4h28i2MlE+KdvJp2R7+bRMks/IDtJffIs8JzvL52UX+YLsKrvJ7vJneUF62VP2kgC9ZR/5suwr+8n+coAcKF+Rg+SrcrB8TabIIXKofF0Ok2/I4fJNOUKOlKPkW3K0fFuOkWPlODlepsoJcqJ8R06S78rJcoqcKqfJNDld9r840mwp/2n+O3+QP/iXo2+Sm+UWuVVuk9vlDrlT7pK75W65R+6Re+VeuU/uk/vlfnlAHpAH5UGZJbPkIXlIHpaH5RF5RB6VR+UxeVyelT/Ik/JHeUqelqflWXlOnpPnL74GoFAJJZVSgYpRuVSsyq3yqKtUXnW1yqeuURF1rYpT16n86npVQBVUhVRhFa+KqKJKK6OsIhWqYqq4iqob8OIbRpVWZZRTZVWCuulfyVcl1I2qpCr1m/xL80v+k/m1Uq1Ua9VatVFtVKJKVO1UO9VetVdJKkl1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VbJKVn3Uy6qv6qf6qwFqoHpFDVKD1GA1WKWoFDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVqlLVRDVRTVKT1GQ1WU1VU1WaSlMz1Aw1U81Us9VsNUfNUXPVXDVfzVfpKl0tVAtVhspQi9VilamWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qU21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVZbKUofUIXVYHVZH1BF1VB1Vx9QxdUKdUCfVSXVKnVJn1Bl1Tp1T59V5dUFdyF72BSIQgQpUEBPEBLFBbJAnyBPkDfIG+YJ8QSSIBHFBXJA/uD4oEBQMCgWFg/igSFA00IEJbCAuFj0a3BCUCG4MSgalgtJBmcAFZYOE4KagXHBzUD64JagQ3BpUDG4LKgWVgypB1eD2oFpwR1A9uDO4K7g7qBHUDGoFtYN7gjrBvUHd4L6gXnB/UD94IGgQPBg0DB4KGgUPB42DR4ImwaNB0+CxoFnQPGgRtAxa/aXje3+q4BOup+6lk3Vv3Ue/rPvqfrq/HqAH6lf0IP2qHqxf0yl6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XqXqCnqjf0ZP0u3qynqKn6mk6TU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtcf6oV6kc7QH+nF+mOdqZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdJb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QP+iT+kd9Sp/WZ/RZfU7/pM/rn/UF7bMX99k/70YZZWJMjIk1sSaPyWPymrwmn8lnIiZi4kycyW/ymwKmgClkCpl4E2+KmqImGxkyxUwxEzVRU8KUMCVNSVPalDbOOJNgEkw5U86UN+VNBVPBVDQVTSVTyVQxVczt5nZzh7nD3GnuNHebu01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU0z08y0MC1MK9PKtDatTRvTxiSaRNPOtDPtTXuTZJJMB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySbZNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNiUsxQM9QMM8PMcDPcjDAjzajshap524wxY804M96kmlQz0Uw0k8wkM9lMNlPNVJNm0swMM8PMNDPNbDPbzDFzzFwz18w38026STcLzUKTYTLMYrPYZJpMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTJZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5qQ5aU6ZU+aMOWPOmYIXfy+9ibW5bR57lc1rr7b57DX2H+NCtrCNt0VsUattAVvwN7Gx1pa0pWxpW8Y6W9Ym2Jt+F1eylW0VW9XebqvZO2z138V17L22rr3P1rP329r2nt/E9e0DtoF91DZEBLDNbWPb0jaxj9qm9jHbzDa3LWxL284+Zdvbp22SfcZ2sM/+Ll5oF9nVdo1da9fZPfZTe8aetYftt/ac/cn2tL3sQPuKHWRftYPtazbFDvldPMq+ZUfbt+0YO9aOs+N/F0+102yanW5n2PfsTDvrd3G6/dDOsRl2rp1n59sFv8TZc8qwH9nF9mObaZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+4ndarfZ7XaH3Wl3/RJnn8de+5ndZz+3h+w39oD90h60R2yW/fqXOPv8jtjv7FH7vT1mj9sT9gd70v5oT9nTv5x/9rn/YH+2F6y3QEhAkhQFFEO5KJZyUx66ivLS1ZSPrqEIXUtxdB3lp+upABWkQlSY4qkIFSVNhiwRhVSMilOUbqBL6/TSVIYclaUEuonK0c1Unm6hCnQrVaTbqBJVpipUlW6nanQHVac76S66m2pQTapFtekeqkP3Ul26j+rR/VSfHqAG9CA1pIeoET1MjekRakKPUlN6jJpRc2pBLakVPU6t6QlqQ20pkZ6kdvQUtaenKYmeoQ70LHWkv1Eneo460/PUhV6grtSNutOL1INeop7Ui5KpN/Whl6kv9aP+NIAG0is0iF6lwfQapdAQGkqv0zB6g4bTmzSCRtIoeotG09s0hsbSOBpPqTSBJtI7NInepck0habSNEqj6TSD3qOZNItm0/s0hz6guTSP5tMCSqcPaSEtogz6iBbTx5RJS2gpLaPltIJW0ipaTWtoLa2j9bSBNtIm2kxbaCtto+20g3bSLtpNn9Ae+pT20me0jz6n/fQFHaAv6SB9RVn0NR2ib+gwfUtH6Dvfi76nY3ScTtAPdJJ+pFN0ms7QWTpHP9F5+pkukCcIMRShDFUYhDFhrjA2zB3mCa8K84ZXh/nCa8JIeG0YF14X5g+vDwuEBcNCYeEwPiwSFg11aEIbUhiGxcLiYTS8ISwR3hiWDEuFpcMyoQvLhgnhTWG58OawfHhLWCG8NawY3hZWCiuHj95fNbw9rBbeEVYP7wwTw7vDGmHNsFZYO7wnrBPeG9YN7wvrhfeH5cMHwgbhg2HD8KGwUfhw2Dh8JGwSPho2DR8Lm4XNwxZhy7BV+HjYOnwibBO2DRPDJ8N24VNh+/DpMCl8JuwQPvtL/wOL/rw/Oewd9glfDl8Ovb9Pzo8uiKZHP4wujC6KZkQ/ii6OfhzNjC6JLo0uiy6ProiujK6Kro6uia6Nrouuj26IboxuinpfOxc4dMJJp1zgYlwuF+tyuzzuKpfXXe3yuWtcxF3r4tx1Lr+73hVwBV0hV9jFuyKuqNPOOOvIha6YK+6i7gZXwt3oSrpSrrQr45wr6xJcS9fKtXKt3ROujWvrEt2T7kn3lHvKPe2eds+4Du5Z19H9zXVyz7nO7nn3vHvBdXXdXHf3ouvhJuT79TOZ7Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7FJcihvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLdaluopvoJrlJbrKb7Ka6qS7NpbkZboab6Wa6arN+PcpcN9fNd/Ndukt3C132mjHDLXaLXabLdEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8Nb8O6va5/W6/O+AOuIPuK5flvnaH3DfusPvWHXHfuaPue3fMHXcn3A/upPvRnXKn3Rl31p1zP7nz7md3wXmXGpkQmRh5JzIp8m5kcmRKZGpkWiQtMj0yI/JeZGZkVmR25P3InMgHkbmReZH5kQWR9MiHkYWRRZGMyEeRxZGPI5mRJZGlkWWR5ZEVEe+LbA19MV/cR/0NvoS/0Zf0pXxpX8Y7X9Yn+Jt8OX+zL+9v8RX8rb6iv81X8pV9Ff+Yb+ab+xa+pW/lH/et/RO+jW/rE/2Tvp1/yrf3T/sk/4zv4J/1Hf3ffCf/nO/sn/dd/Au+q+/mu/sXfQ//ku/pe/lk39v38S/7vr6f7+8H+IH+FT/Iv+oH+9d8ih/ih/rX/TD/hh/u3/Qj/Eg/KuYtP/rSJTKM96l+gp/o3/GT/Lt+sp/ip/ppPs1P9zP8e36mn+Vn+/f9HP+Bn+vn+fl+gU/3H/qFfpHP8B/5xf5jn+mXXLqp7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//E7/Gf+r3+M7/Pf+73+y/8Af+lP+i/8ln+a3/If+MP+2/9Ef+dP+q/98f8cX/C/+BP+h/9KX/an/Fn/Tn/kz/vf/YX+N+sMcYYY4z9l0y43BR/1N/7D54Tf7dzHwC4elvhrL/vz15Rri/wa7ufiG8XAYBnenV5+NJWo0ZycvLFfTMlBMXnAVz6k6BsMXA5XgKJ8BQkQVso94fz7ye6naN/Mn70VoA8f5cTC5fjy+N/8SfjP/7kqIUVwzNx/4/x5wGULH45JzdcjpdAosp+bAvl/2T8gq3/yfxzf5kK0ObvcvLC5fjy/BPgCXgWkn6zJ2OMMcYYY4wx9qt+okqnS9efl/7G5x9dn8eryzm54HL8z67PGWOMMcYYY4wxduU91637048nJbXt9K83qv+3srjxP7XhPcClZxQA/JsDAvzHz2LLf+RYKRc/Ov/YtfysD+B/Rin/isYV/mJijDHGGGOM/eUuL/p/+7y6UhNijDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZyoP/Efyd2pc+RMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu9L+TwAAAP//8SoNew==") mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r3, 0x2000009) sendfile(r2, r3, 0x0, 0x7ffff000) splice(r1, 0x0, r0, 0x0, 0xdf, 0x0) 2.935700479s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x3, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_SYN_SENT={0x8}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8}, @CTA_TIMEOUT_TCP_UNACK={0x8}, @CTA_TIMEOUT_TCP_FIN_WAIT={0x8}, @CTA_TIMEOUT_TCP_ESTABLISHED={0x8}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x50}}, 0x0) 2.862032682s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x24, 0x0, 0x0, 0x0, 0x0, 0x66, 0x10}, [@call={0x16}]}, &(0x7f0000000140)='GPL\x00', 0x2, 0x2, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff4e}, 0x23) 2.840631961s ago: executing program 1: r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) r2 = socket(0x1d, 0x2, 0x6) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x3}, 0x18) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x14}}, 0x0) r3 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240), &(0x7f0000000380)=0x0) syz_io_uring_setup(0x7283, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r3, 0xa3d, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={0x0, 0x28}}, 0x0) 2.777025218s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@loopback, 0x80000003}, 0x20) 2.659141096s ago: executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x300, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x25c, 0x23}}}}, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8a240000}]}, 0x38}, 0x1, 0x0, 0x0, 0x90}, 0xffe1883828a17c64) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x4, 0x101001) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x80000000, 0x4, 0x8, 0x8, "6a643f107d9ce4f52c3aa55538ffc960d6dc69a2821127d402189945e0af7c6559fe2ea04245f6e77b90eb67d0c8d419132b0b46fa357bf22ba5be852a80233e", "47d20f5237c64dc5e950e46024a9b15e89271c9ee326c34987efecbf702c1e7f", [0x1000, 0x100]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x5, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x0, 0xb}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x3, 0x21c529b3, 0x400, 0xe07efbb2, 0x840, r2, 0x95f3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x3}, 0x48) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300), 0x4) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000340)={0x488, 0x0}, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup, 0x37, 0x1, 0x9, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f00000003c0)=[0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)={@map=r3, r4, 0x27, 0x3030, 0x0, @link_id=r5, r6}, 0x20) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x6, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x5}, [@cb_func={0x18, 0x4, 0x4, 0x0, 0x2}, @jmp={0x5, 0x1, 0x9, 0x0, 0x2, 0x6, 0xffffffffffffffff}]}, &(0x7f0000000540)='syzkaller\x00', 0x40, 0x41, &(0x7f0000000580)=""/65, 0x41100, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000640)=[r3, r3, r3, r3], &(0x7f0000000680)=[{0x5, 0x5, 0x9, 0x2}, {0x0, 0x6, 0xe, 0xa}, {0x3, 0x3, 0xb, 0x7}, {0x1, 0x3, 0x6, 0x2}], 0x10, 0x6}, 0x90) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={0x0, r0, 0x0, 0xb, &(0x7f0000000780)='/dev/loop#\x00', 0x0}, 0x30) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000800)={@map=r3, r7, 0x2c, 0x2000, r4, @prog_id=r8, r6}, 0x20) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) r10 = io_uring_setup(0x7ea7, &(0x7f0000000840)={0x0, 0x9337, 0x400, 0x1, 0x2be}) r11 = io_uring_setup(0x1c71, &(0x7f00000008c0)={0x0, 0x250c, 0x8, 0x2, 0x1eb, 0x0, r10}) bind$inet6(r9, &(0x7f0000000940)={0xa, 0x4e22, 0x40, @mcast1}, 0x1c) r12 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000980)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x2, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x2d, 0x2, 0x3, 0x1, 0x1, 0xcd, {0x9, 0x21, 0x2, 0x5, 0x1, {0x22, 0x68e}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3, 0x4e, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x0, 0x20, 0xd2}}]}}}]}}]}}, &(0x7f0000000d80)={0xa, &(0x7f00000009c0)={0xa, 0x6, 0x300, 0x7, 0x1, 0x4, 0x40, 0x20}, 0x10, &(0x7f0000000a00)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x4, 0x80, 0x3f, 0x0, 0x8c}]}, 0x8, [{0x4, &(0x7f0000000a40)=@lang_id={0x4, 0x3, 0x2401}}, {0x4, &(0x7f0000000a80)=@string={0x4, 0x3, "8036"}}, {0x60, &(0x7f0000000ac0)=@string={0x60, 0x3, "9580281c2b04ad478f9c591ac1ead282a1c67d39a414c5b864a695fffa475a6f02bc07c93154534d14ad0b7a88ac2ed557ef3956eed9187ee3d8dd882e0c709341609b27879254ddba2523ff3c8381b5c2c2d0d61923bff79bffc700ffe6"}}, {0x70, &(0x7f0000000b40)=@string={0x70, 0x3, "fa345dec7900f7f15c79f1162ca6eac2f9e270a7e5c69959c8c9c63a50f5461c8bd64a2153a64bce31effa8a3a304ca311f202fad7a74f4624609d309aa56360ae1ba0d3c461186879730fa2cc68c1f3a8f8e02e769a80cbb01ca981d6899290d49e39ca2b91e6690f5e2d29cc77"}}, {0x7, &(0x7f0000000bc0)=@string={0x7, 0x3, "97f9ea401d"}}, {0x4, &(0x7f0000000c00)=@lang_id={0x4, 0x3, 0x1007}}, {0x78, &(0x7f0000000c40)=@string={0x78, 0x3, "2385f0798b9fb5cf3f2e9fb795eace8999a8100e33cb3b564d3750adeb645ede03ffa8dc2f43bcaa7ba6a8800557678cc044dbe5ec7f0c1c13eced95b4174f4fb6f70e033000c265e1e272271ccd25b60845800baaddb011d517f3915bd9024b6e23c8b249277dd06f23677394b5da08bdcd701a78bd"}}, {0xa1, &(0x7f0000000cc0)=@string={0xa1, 0x3, "8f59bb39934bd83d36982f91fec6688bd75c08745d9b156f34285580c421537de2146655675644444e37a76a5650ca2473d36a04a2312b41a5806ea54c20708c2865ec8f9177bf47550ea01ce28831c831f4e123048dd52cc7f788a83c1ca84edf528ebed83b6867e72b356285382f52c899e228f79da88579fd31f64c5933ebedcfa9b2981f91b299f2086fea6199cc0ac58b12ea2ce32f2480c7892a306b"}}]}) syz_usb_control_io$hid(r12, &(0x7f0000000f80)={0x24, &(0x7f0000000e00)={0x20, 0x8, 0xa2, {0xa2, 0x9, "d7465af3c65abf0982f13e95b0fff2e08c5d550f642ff440b135fc21f1072edacc872473495ad7ecf99b925c3971635dc06cb6c51465265d04ba67c0150ac7a2e2b33733e3561373d125f2b4fd07c3ac517329360225e8d11e6108592adf252c62dc5cff10857c52fc50933894c663d232cc0a31656446c38876692ecf9cdc2a10eabe45a0ad321d67b68b4233d8f830e467ac653e59b2d4fa5d28ca7020ad0f"}}, &(0x7f0000000ec0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xc01}}, &(0x7f0000000f00)={0x0, 0x22, 0xc, {[@main=@item_012={0x0, 0x0, 0x8}, @global=@item_012={0x0, 0x1, 0x3}, @main=@item_4={0x3, 0x0, 0x8, "81d11dd9"}, @local=@item_4={0x3, 0x2, 0xa, "198e2944"}]}}, &(0x7f0000000f40)={0x0, 0x21, 0x9, {0x9, 0x21, 0xa4, 0x9, 0x1, {0x22, 0x683}}}}, &(0x7f0000001240)={0x2c, &(0x7f0000000fc0)={0x0, 0xa, 0xfc, "488303e9e2dff1a3a47ab464c74263b5f0010f132d54b5b0b7eddd7e61d9ebc86593893414d8a8a40f2d1bad032bd544b5c6ed2bf253fbe3bb3b3e0817bae197ce4b50779951629c67101af2ab3a3f5ebc763590d0f5be0d4d5b758e47121536e3fff0a215e19d30a4af43b2a8dbb6f74700cebe9d6e246c16cdbbe1792bacb608948082fd13f91977388aef00f1c039abe5526e65267b03e78f6d85eaec0ab3c475e4668e335cb2573f6cc49a41b4230bcacd4cb72fed2eb3b006cbe3aefa2a9f857199a605028435608eb613550b626ef55b6ec0bba1ed1678aecb6260cfc5166c11b637481f867276c9f71d305a6fc318731572f09d360a729262"}, &(0x7f0000001100)={0x0, 0xa, 0x1, 0x8e}, &(0x7f0000001140)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000001180)={0x20, 0x1, 0x7a, "7b47c50f7a8b911efc99f283cd43229f7dcb1cd82c4576b28ce4028086c0a65876934dde91bb2b6132db90fcfcc45f9c4a66f74fb8f69adcb594b0c501c91a01e7c5c7f2cc1801c482cdafff709b62b831603f5a0a087ad08f0269f532bbe83ad870f6ec82e1e1ab919d22843ca107b73fe5eb87b204bbbf602b"}, &(0x7f0000001200)={0x20, 0x3, 0x1, 0x7}}) mkdirat(r10, &(0x7f0000001280)='./file0\x00', 0xc) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), r0) r14 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r14, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000001300)={0x2, 0x10, 0x5, 0x0, 0xa, 0x0, 0x70bd2d, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x4, 0x0, 0x0, 0x6e6bbb, 0x5, {0x6, 0x32, 0x0, 0x2, 0x0, 0x9, 0x0, @in=@multicast2, @in=@private=0xa010101}}]}, 0x50}}, 0x20000040) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x3f, 0xfffffffffffffff8, 0x0, 0x18, 0x1c, 0x8, "dcfcf4abd9b2a458b6a21b67d9f8b0fde7844252de6c276d76f6b47b97c7a430e523c39c9599bb01943389e13f18b933d254b361b8d95debf672d613b9b538bb", "dada9b859d787d6f9a0fc18b0ed49ac71427747fd526f8110071f7924b817f6656fb9fe3f852f272cd36c67386945bc5f2dd9a61fb9e2cd237ec68f57258a57a", "ca002c6b136deae5ff5b0c3492425ff523ae8a2d5cc9a83ca7795a77dc33d64d", [0x1, 0x100000001]}) ioctl$FIBMAP(r11, 0x1, &(0x7f0000001500)=0x101) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000001580)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000001680)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001640)={&(0x7f00000015c0)={0x4c, r13, 0x4, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r15}, @val={0xc, 0x99, {0x2, 0x70}}}}, [@NL80211_ATTR_FRAME_MATCH={0x21, 0x5b, "a79d138b91979d7e13fb00f40c424a9fe39abb087c94955b4f5bbcf0fa"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4001000) inotify_init() finit_module(r2, &(0x7f00000016c0)='syzkaller\x00', 0x1) 2.010997189s ago: executing program 3: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x54f6, &(0x7f0000005800)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Bb1V18wS7Fl4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJlnKltfQGm2sdvPB6bfmSeT3/yeUFqeSUgAp9Zi9stPlbgSFyJiPiIuRxT7lXIrrKZ4LiKuRsTcI1ulHP9j4GxEXIyIK5PiqWalfOiz6+Nrt3984+evvz135tLnX303u1kDs/Z8RPS30v5uP2XeSfmgHG+Mu0X2b43LTA/0H5bHecrd9kZRYbdxcF6jyJuddH6+tTOc5Gav0Zxkp7tZjG8N0gWH485BneIJDxrbxXGrvVFkd5gX2dlPfe3tp79t+8NRqtMq631YlI/R6CDTeHuvneaz9bDI5mBUjqe6eau9N8lxmeXlopn3WkUfG0d5pf/f3uwOdvaycXt72M0H2e1a/YVa/U61vp232qP2rWqj37pzK1vq9CanVUftRn+1k+edXrvWzPvL2VKn2azW69nS3fZGtzHI6vXazdqN6u3lcu969ur9d7NeK1ua5Mvdwc6o2xtmm/l2lp6xnK3Ubr64nF2rZ2+vrWfrb927t7b+zvt337v/0trrr5Qn/aWtbGnlxspKtX6julJfPrnzn/yv/0/z/7hseorzhyOpzLoBgJPH+h+YhZO+/g/r/6mw/j/d84cjsf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi1vl/44rViZzEdXyrHnyqHnimPKxExFxG//Y35OHuo5nxZZ+Efzl/4Uw/fVKKoMLnGuXK7GBGr5fbr04/7VQAAAIAn15cfXf00rdbTj8VZN8RxSjdt5i5/MKV6lYhYWPxhClWivNkUzx69q2Ty+30m9qZUrbiBdX5KxdIttzPTqvavzB+K849EJcXcsbYDAAAci8MrgeNdhQAAAHCcPpl1A8xG8U5r+Vn88gP851KUbwheOHQEAAAAnECVWTcAAAAAPHbF+t/3/wEAAMCTLX3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxPTupQFAfg00Lf4/0xEuPcrTiDZbgEhw4NC3ATLAG34AZYA85cggFDW6I1mJj0to3k+5L2chvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpediNX+8v3pom7PdtZPmbgAAAIBjNsVqXr6YVvN/9fWz+tJFPc8iIo+IY737KH41Mkd1TvHF+4tPNTxFlAn7z/hdH38j4ro+Xs+7/hYAAADgdK0Xy1nVrVen6dAF0adq0Sb/f5MoL4uIYvqSKC3fny4ThZW/73HcJUorF7AmicKqJbdxqrRvGTWGyYchq4a813IAAIBeNDuBfrsQAAAA+nQ7dAEMI4vDVuZhL7j85/37huCfxgwAAAD4gbKhCwAAAAA6V/b/nv8HAAAAp616/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2hSr+XqxnLXN2e7aSXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAn+3zlRYQR0A3BCGQGGCh12tp6coAihj4E5Ci9FoCV360GWhVIWVhQ5m7IBgRQgKFrf9D51bqUrYONxSJiQFkn528HpE4iGJfks9Hen5fW5bf9zlRlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa5J3dOCs2vWmcVsfuPb61VvT3Z/rCna0Hy0Ur4qTJpA+Hl+OdpN9eIgAAABwfWV3fhxAe5tsrRZ/2yvo/r88pav7vnp3GdT0/W/fXfV37F+3XXx69uDNQbzpOcdHL6+PRmX+m0jm4WS625/71jE5558tnL1n5A0nf33xhkpf3M/nm7t13u2V4oolsAYD/43TdV0H9/1DRD9tMDIBjoxMV3nX9n/XazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCd3N8HQdJyGE5c5uXLj/+NZa2c/s39l6sFy3C7dvb8XXLC6RhxAur49HZ5qayCFw/cbNT1bH49G15oNXQgjtjV4FH85xTghtZijYb5BWv+uLks/hCFr+wwQAwJGTV62o6x/m2yvFsWQphL++f7L+fz2KQ1z/z/Rx/f/oowv34rHi+n/Y2AwX32Dj6ueD6zduvrl+dfXK6Mro07fODt8enrt4/vzFQfmsZOCJCQAAAPvTrVpc/6dLIUxm1v9PRXGYs/7/4tvhV/FYmfp/T7uLfm1nAgAAcLw9/+ofvyd7HE+63fDl6sbGteF0u7N/drptIdX/7ETV4vo/W2o7KwAAAKAJk83kifX/S1Ec5lz/f+aHl36Kr5mFEE5W6/+n1z4bX2puOi35c66zmvg48YFPFQAAgIV2smrx+n9evv+f7rzykIYQ3nhtGldfAzhX/Z+99/WP8Vjx+//nmpviQkr70/tR9v0QOv22MwIAAOAoe6pqRbH/W7698vHPpz7oev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGl/BwAA//+S5D5T") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x7a00, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x548, &(0x7f0000000b40)="$eJzs3U1oHGUYAOB3ZrPWttG0oKDSQ1GhQukm6Y9WT+lVLBR6ELzUZbMNIZtsyG5qE3JI70UsKCq91JsePCoePIgXj169KJ4F0aDQ9CCRye6mbf5ca5OtmeeB2f1+lrzfl5l3st8wQwLIraPZSxrxbERcSCIG7unri3bn0dbnlpcWKneWFipJrKxc/C2JJCJuLy1UOp9P2u8HI2IxIp6JiG+LEcfTjXEbc/MT5VqtOtOuDzYnpwcbc/MnxifLY9Wx6tSpV149c/b0meGTww9trtd/uvHu9e9fv3Xjs8+PLFY+KCcxEv3tvnvn8TC1fifFGFnXfnongvVQ0usB8EAK7TwvRsTTMRCFdtYDe9/KvogVIKcS+Q851fkekK1/O9tufv/49VxrAZLFXW5vrZ6+1rWJeHx1bXLgj+S+lUm23jy0mwNlT1q8FhFDfX0bj/+kffw9uKGHMUB21DfnWjtq4/5P184/scn5p79z7fQ/6pz/ljec/+7GL2xx/rvQZYy/3vr54y3jX4t4btP4yVr8ZJP4aUS83WX8m29+dXarvpVPIo7F5vE7ku2vDw9eHq9Vh1qvm8b4+tiR17ab/4Et4o9sM/+sbbrL+X/53RfPL24T/6UXtt//m8XfHxHvdRn/8O1P39iqL4s/usX8t4uftd3qMv7LI0d/7PKjAAAAAAAAAADAv5Cu3suWpKW1cpqWSq1neJ+KA2mt3mgev1yfnRpt3fN2KIpp506rgVY9yerD7ftxO/WT6+qnIuJwRLxf2L9aL1XqtdFeTx4AAAAAAAAAAAAAAAAAAAAeEQfXPf//Z6H1/D+QE/7lN+SX/If8uj//k56NA9h9/v5Dfsl/yC/5D/kl/yG/5D/kl/yH/JL/kF/yHwAAAAAAAAAAAAAAAAAAAAAAAAAAdsSF8+ezbeXO0kIlq49emZudqF85MVptTJQmZyulSn1mujRWr4/VqqVKffKffl6tXp8eiqnZq4PNaqM52JibvzRZn51qXhqfLI9VL1WLuzIrAAAAAAAAAAAAAAAAAAAA+H/pX92StBQR6Wo5TUuliCci4lAUk8vjtepQRDwZET8Uivuy+nCvBw0AAAAAAAAAAAAAAAAAAAB7TGNufqJcq1VnFDYWImLxERiGgkJPDn4AAAAAAAAAAAAAAAAAAGBX3X3ot9cjAQAAAAAAAAAAAAAAAAAAgDxLf0kiItuODbzYv773sWS5sPoeEe/cvPjh1XKzOTOctf++1t78qN1+shfjB7rVydNOHgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3NebmJ8q1WnVmBwu9niMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAg/g7AAD//4zf2Wg=") 1.180114965s ago: executing program 1: r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x20000042}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x120042}, 0x10) close(r0) 410.957722ms ago: executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$vga_arbiter(r0, &(0x7f0000000740)=ANY=[@ANYBLOB='trylock io'], 0xf) 256.486466ms ago: executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r2}, 0x10) write$cgroup_type(r0, &(0x7f0000000140), 0x9) 253.198481ms ago: executing program 3: r0 = socket(0x1e, 0x1, 0x0) sendmmsg$sock(r0, &(0x7f0000000180)=[{{&(0x7f0000000000)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x1}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1000000}}, {{&(0x7f0000000400)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x0, 0xfffffffc}}, 0x80, 0x0}}], 0x2, 0x40) 0s ago: executing program 1: unshare(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) r0 = socket(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) kernel console output (not intermixed with test programs): t active [ 163.365458][ T2898] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.415532][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88802f272c00: rx timeout, send abort [ 163.512861][ T2898] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.517541][ T7618] binder: 7617:7618 ioctl c018620c 20000080 returned -22 [ 163.545909][ T7531] hsr_slave_0: entered promiscuous mode [ 163.560369][ T7531] hsr_slave_1: entered promiscuous mode [ 163.610545][ T7559] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.617768][ T7559] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.631645][ T7559] bridge_slave_0: entered allmulticast mode [ 163.649329][ T7559] bridge_slave_0: entered promiscuous mode [ 163.681993][ T2898] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.742986][ T7559] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.750479][ T7559] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.757773][ T7559] bridge_slave_1: entered allmulticast mode [ 163.765336][ T7559] bridge_slave_1: entered promiscuous mode [ 163.863504][ T7559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.876860][ T7559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.888691][ T7627] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 163.890530][ T5111] Bluetooth: hci0: command tx timeout [ 163.926011][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88802f272c00: abort rx timeout. Force session deactivation [ 164.011142][ T7559] team0: Port device team_slave_0 added [ 164.040454][ T5111] Bluetooth: hci1: command tx timeout [ 164.049613][ T7559] team0: Port device team_slave_1 added [ 164.152612][ T7631] syz_tun: entered promiscuous mode [ 164.167613][ T7631] macvlan2: entered allmulticast mode [ 164.175068][ T7631] syz_tun: entered allmulticast mode [ 164.190788][ T7631] syz_tun: left allmulticast mode [ 164.198302][ T7631] syz_tun: left promiscuous mode [ 165.126656][ T7559] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.149087][ T7559] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.178763][ T7559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.189768][ T5111] Bluetooth: hci2: command tx timeout [ 165.203943][ T7559] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.211026][ T7559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.237214][ T7559] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.289107][ T7644] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 165.357577][ T7642] loop2: detected capacity change from 0 to 4096 [ 165.394369][ T2898] bridge_slave_1: left allmulticast mode [ 165.400334][ T2898] bridge_slave_1: left promiscuous mode [ 165.406146][ T2898] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.445121][ T7642] ntfs3: loop2: Failed to load $Extend (-22). [ 165.461037][ T2898] bridge_slave_0: left allmulticast mode [ 165.466800][ T2898] bridge_slave_0: left promiscuous mode [ 165.479855][ T7642] ntfs3: loop2: Failed to initialize $Extend. [ 165.486330][ T2898] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.080488][ T7660] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 166.134325][ T5111] Bluetooth: hci1: command tx timeout [ 166.229374][ T7664] loop2: detected capacity change from 0 to 512 [ 166.276966][ T7664] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 166.298095][ T7664] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 166.308383][ T7664] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 166.337187][ T7664] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 166.345916][ T2898] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.348646][ T7664] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.2: corrupted in-inode xattr: invalid ea_ino [ 166.372780][ T2898] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.380660][ T7664] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 166.395549][ T7664] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.409946][ T2898] bond0 (unregistering): Released all slaves [ 166.437278][ T7664] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 166.455631][ T7664] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 166.471236][ T7559] hsr_slave_0: entered promiscuous mode [ 166.478831][ T7559] hsr_slave_1: entered promiscuous mode [ 166.494080][ T7559] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 166.504817][ T7664] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 166.520712][ T7559] Cannot create hsr debugfs directory [ 166.544259][ T7664] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 166.556347][ T7664] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 166.577764][ T7664] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 166.595185][ T7664] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 166.607841][ T7664] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 166.618674][ T7664] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 166.643243][ T7664] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 166.660378][ T7664] EXT4-fs error (device loop2): ext4_find_dest_de:2111: inode #2: block 3: comm syz-executor.2: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 166.708912][ T7608] chnl_net:caif_netlink_parms(): no params data found [ 166.733404][ T5113] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.934979][ T2898] hsr_slave_0: left promiscuous mode [ 166.941452][ T2898] hsr_slave_1: left promiscuous mode [ 166.948524][ T2898] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.956428][ T2898] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.977910][ T2898] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.989290][ T2898] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.012416][ T2898] veth1_macvtap: left promiscuous mode [ 167.017973][ T2898] veth0_macvtap: left promiscuous mode [ 167.023704][ T2898] veth1_vlan: left promiscuous mode [ 167.028975][ T2898] veth0_vlan: left promiscuous mode [ 167.254828][ T5111] Bluetooth: hci2: command tx timeout [ 167.268955][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888066206400: rx timeout, send abort [ 167.547871][ T2898] team0 (unregistering): Port device team_slave_1 removed [ 167.589672][ T2898] team0 (unregistering): Port device team_slave_0 removed [ 167.777350][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888066206400: abort rx timeout. Force session deactivation [ 168.083485][ T7676] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 168.294026][ T7608] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.312657][ T7608] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.319916][ T7608] bridge_slave_0: entered allmulticast mode [ 168.341834][ T7608] bridge_slave_0: entered promiscuous mode [ 168.361762][ T7608] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.368992][ T7608] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.380416][ T7608] bridge_slave_1: entered allmulticast mode [ 168.400364][ T7608] bridge_slave_1: entered promiscuous mode [ 168.572646][ T7608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.623859][ T7608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.813523][ T7531] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 168.842717][ T7608] team0: Port device team_slave_0 added [ 168.855120][ T7679] loop2: detected capacity change from 0 to 32768 [ 168.866705][ T7608] team0: Port device team_slave_1 added [ 168.874713][ T7531] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 168.951275][ T7531] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 168.995141][ T7608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.003840][ T7608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.041204][ T7608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.056770][ T7608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.064197][ T7608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.092395][ T7608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.113527][ T7531] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 169.239242][ T7608] hsr_slave_0: entered promiscuous mode [ 169.246353][ T7608] hsr_slave_1: entered promiscuous mode [ 169.253013][ T7608] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.262029][ T7608] Cannot create hsr debugfs directory [ 169.321509][ T5111] Bluetooth: hci2: command tx timeout [ 169.527328][ T7559] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 169.601097][ T29] audit: type=1800 audit(1851702108.416:88): pid=7700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1935 res=0 errno=0 [ 169.650527][ T7608] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.702538][ T7531] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.797916][ T7608] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.839463][ T7559] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 169.875092][ T7702] loop2: detected capacity change from 0 to 512 [ 169.876052][ T7559] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 169.906184][ T7702] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 169.947115][ T7702] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 169.968127][ T7702] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 169.983721][ T7702] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 169.991735][ T7608] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.010881][ T7702] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.2: corrupted in-inode xattr: invalid ea_ino [ 170.012708][ T7559] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 170.038217][ T7702] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 170.097641][ T7702] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.112663][ T7608] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.179467][ T7702] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 170.184909][ T7531] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.191300][ T7702] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 170.214282][ T7702] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 170.237694][ T7705] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 170.251085][ T7705] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 170.265928][ T7705] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 170.274538][ T5161] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.286318][ T5161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.337768][ T7702] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 170.351092][ T5161] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.358248][ T5161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.400383][ T7702] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 170.420411][ T7702] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 170.485512][ T7705] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 170.525929][ T7705] EXT4-fs error (device loop2): ext4_find_dest_de:2111: inode #2: block 3: comm syz-executor.2: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 170.580289][ T7707] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 170.619476][ T7559] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.664201][ T7608] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 170.696222][ T5113] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.709132][ T7608] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 170.734210][ T7608] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 170.760489][ T7559] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.779380][ T7608] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 170.788326][ T7711] loop3: detected capacity change from 0 to 2048 [ 170.812124][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.819255][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.827927][ T7711] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 170.847217][ T7711] UDF-fs: Scanning with blocksize 512 failed [ 170.886228][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.893439][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.896482][ T7711] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 171.034827][ T7531] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.097582][ T7717] loop2: detected capacity change from 0 to 4096 [ 171.099181][ T7559] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.118141][ T7717] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 171.154905][ T7717] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 171.266534][ T7608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.323173][ T7608] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.334484][ T7531] veth0_vlan: entered promiscuous mode [ 171.363046][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.370234][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.388206][ T7531] veth1_vlan: entered promiscuous mode [ 171.402870][ T5111] Bluetooth: hci2: command tx timeout [ 171.408664][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.415828][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.560341][ T7531] veth0_macvtap: entered promiscuous mode [ 171.629354][ T7531] veth1_macvtap: entered promiscuous mode [ 171.659013][ T7559] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.723206][ T7531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.744997][ T7531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.757727][ T7531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.778799][ T7738] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 171.790153][ T7531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.811281][ T7531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.826803][ T7531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.839029][ T7531] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.925631][ T7531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.948893][ T7531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.971346][ T7747] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 171.987366][ T7531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.998828][ T7531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.022073][ T7531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.033638][ T7531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.047019][ T7531] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.094404][ T7531] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.105396][ T7531] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.114609][ T7531] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.125703][ T7531] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.169143][ T7559] veth0_vlan: entered promiscuous mode [ 172.195390][ T7608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.265359][ T7559] veth1_vlan: entered promiscuous mode [ 172.424128][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.427802][ T7559] veth0_macvtap: entered promiscuous mode [ 172.457075][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.479924][ T7559] veth1_macvtap: entered promiscuous mode [ 172.573902][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.583631][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.595599][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.605879][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.617904][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.640223][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.657416][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.678565][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.693866][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.716872][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.729156][ T7559] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.788145][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.810985][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.838382][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.871706][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.888350][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.900293][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.919567][ T7559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.945657][ T7559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.987341][ T7559] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.021616][ T7559] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.031918][ T7559] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.042712][ T7559] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.051551][ T7559] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.160718][ T7755] loop3: detected capacity change from 0 to 32768 [ 174.202387][ T7608] veth0_vlan: entered promiscuous mode [ 174.237730][ T7608] veth1_vlan: entered promiscuous mode [ 174.339409][ T2898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.354262][ T2898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.442612][ T7782] loop1: detected capacity change from 0 to 64 [ 174.452434][ T7608] veth0_macvtap: entered promiscuous mode [ 174.473736][ T7608] veth1_macvtap: entered promiscuous mode [ 174.487584][ T2898] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.515982][ T2898] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.590863][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.618529][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.657482][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.671678][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.681718][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.693913][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.714481][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.726216][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.750786][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.768153][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.781597][ T7608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.806811][ T7790] loop3: detected capacity change from 0 to 256 [ 174.821615][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.828979][ T7790] FAT-fs (loop3): Unrecognized mount option "shor " or missing value [ 174.844267][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.857240][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.870839][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.880854][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.891627][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.902756][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.924184][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.942509][ T7608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.961443][ T7608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.976237][ T7608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.016654][ T7608] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.030496][ T7790] CUSE: unknown device info "e" [ 175.044554][ T7790] CUSE: unknown device info "./file0" [ 175.050748][ T7608] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.072070][ T7790] CUSE: DEVNAME unspecified [ 175.076272][ T7608] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.112852][ T7608] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.317006][ T2898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.353459][ T2898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.373896][ T7780] loop2: detected capacity change from 0 to 32768 [ 175.395710][ T7780] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7780) [ 175.426383][ T7780] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 175.442451][ T7780] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 175.462382][ T7780] BTRFS info (device loop2): using free-space-tree [ 175.475856][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.499636][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.518640][ T7811] pim6reg1: entered promiscuous mode [ 175.531772][ T7811] pim6reg1: entered allmulticast mode [ 175.621452][ T7780] BTRFS info (device loop2): checking UUID tree [ 175.841115][ T7838] loop1: detected capacity change from 0 to 2048 [ 175.899975][ T5113] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 176.150533][ T7848] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 176.177960][ T7850] netlink: 'syz-executor.4': attribute type 30 has an invalid length. [ 176.387164][ T7860] loop2: detected capacity change from 0 to 256 [ 176.451366][ T7860] FAT-fs (loop2): Unrecognized mount option "shor " or missing value [ 176.459308][ T7865] loop1: detected capacity change from 0 to 512 [ 176.496174][ T7869] mac80211_hwsim hwsim19 wlan1: entered allmulticast mode [ 176.537020][ T7860] CUSE: unknown device info "e" [ 176.546887][ T7860] CUSE: unknown device info "./file0" [ 176.568894][ T7860] CUSE: DEVNAME unspecified [ 176.761653][ T7873] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 176.769875][ T7873] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.4'. [ 176.771436][ T7883] loop2: detected capacity change from 0 to 512 [ 176.827504][ T7883] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.2: corrupted in-inode xattr: e_value size too large [ 176.914010][ T7883] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 176.928440][ T7883] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.072909][ T5113] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.284829][ T7904] tunl0: entered promiscuous mode [ 177.316267][ T7904] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 177.375588][ T7904] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.4'. [ 177.410444][ T7916] trusted_key: syz-executor.0 sent an empty control message without MSG_MORE. [ 177.535085][ T7923] netlink: 'syz-executor.1': attribute type 30 has an invalid length. [ 178.877422][ T7945] loop4: detected capacity change from 0 to 512 [ 178.933647][ T7945] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 179.009935][ T7945] EXT4-fs (loop4): 1 truncate cleaned up [ 179.025307][ T7945] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.188447][ T7955] tunl0: entered promiscuous mode [ 179.223108][ T7955] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 179.255041][ T7955] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'. [ 179.264373][ T7945] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: overlapping e_value [ 179.297539][ T7945] EXT4-fs (loop4): Remounting filesystem read-only [ 179.317971][ T7945] EXT4-fs warning (device loop4): ext4_xattr_set_entry:1766: inode #15: comm syz-executor.4: unable to update i_inline_off [ 179.398264][ T7945] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2856: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 179.503727][ T7608] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.540915][ T7937] loop1: detected capacity change from 0 to 40427 [ 179.586654][ T7920] loop2: detected capacity change from 0 to 32768 [ 179.666780][ T7920] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 179.815360][ T7920] XFS (loop2): Ending clean mount [ 180.000808][ T5113] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 180.412184][ T7988] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.2'. [ 180.429685][ T7988] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.2'. [ 180.747545][ T7995] loop2: detected capacity change from 0 to 4096 [ 180.892709][ T7995] ntfs3: loop2: failed to convert "0000" to iso8859-15 [ 181.448477][ T8019] loop3: detected capacity change from 0 to 512 [ 181.537006][ T8019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 181.761849][ T5116] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.787170][ T8026] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 181.843309][ T8026] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 181.950105][ C0] sched: RT throttling activated [ 182.997051][ T8057] x_tables: unsorted underflow at hook 2 [ 183.252222][ T8061] loop0: detected capacity change from 0 to 1024 [ 183.262143][ T8063] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 183.276079][ T8061] EXT4-fs: Ignoring removed nomblk_io_submit option [ 183.284210][ T8063] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 183.326715][ T8061] EXT4-fs (loop0): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.425114][ T8070] loop2: detected capacity change from 0 to 512 [ 183.449271][ T7559] EXT4-fs (loop0): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 183.458972][ T8072] binder: 8071:8072 ioctl c0306201 20000480 returned -22 [ 183.473729][ T8070] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 183.650373][ T8078] IPVS: Error connecting to the multicast addr [ 184.808106][ T8057] loop3: detected capacity change from 0 to 40427 [ 184.838186][ T8057] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 184.845401][ T8092] loop2: detected capacity change from 0 to 256 [ 184.860507][ T8057] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 184.911151][ T8057] F2FS-fs (loop3): Found nat_bits in checkpoint [ 184.950450][ T8092] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 185.027593][ T8096] loop1: detected capacity change from 0 to 4096 [ 185.076263][ T8106] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 185.100131][ T8106] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.4'. [ 185.126113][ T8057] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 185.133450][ T8057] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 185.249588][ T8057] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 185.292786][ T8057] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 185.319477][ T8111] binder: 8110:8111 ioctl c0306201 20000480 returned -22 [ 185.449886][ T8118] loop1: detected capacity change from 0 to 512 [ 186.826379][ T53] Bluetooth: hci4: command 0x0406 tx timeout [ 186.835618][ T5118] Bluetooth: hci3: command 0x0406 tx timeout [ 186.921042][ T8128] trusted_key: encrypted_key: insufficient parameters specified [ 187.371537][ T8116] loop4: detected capacity change from 0 to 40427 [ 187.403555][ T8116] F2FS-fs (loop4): invalid crc value [ 187.436693][ T8116] F2FS-fs (loop4): Found nat_bits in checkpoint [ 187.437985][ T8147] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 187.484629][ T8146] binder: 8143:8146 ioctl c0306201 20000480 returned -22 [ 187.586536][ T8116] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 187.712782][ T29] audit: type=1800 audit(1851702126.536:89): pid=8116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=10 res=0 errno=0 [ 187.825409][ T7608] syz-executor.4: attempt to access beyond end of device [ 187.825409][ T7608] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 187.886396][ T7608] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 187.904860][ T7608] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 188.217502][ T8170] loop2: detected capacity change from 0 to 256 [ 188.241232][ T8170] exfat: Deprecated parameter 'namecase' [ 188.246955][ T8170] exfat: Deprecated parameter 'namecase' [ 188.268763][ T8170] exfat: Deprecated parameter 'namecase' [ 188.307270][ T8170] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 188.365040][ T8175] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 188.797440][ T8188] fscrypt (sda1, inode 1965): Unsupported encryption flags (0x10) [ 189.117566][ T8200] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.391251][ T8212] loop2: detected capacity change from 0 to 8 [ 189.413848][ T8212] SQUASHFS error: lzo decompression failed, data probably corrupt [ 189.430701][ T8212] SQUASHFS error: Failed to read block 0x91: -5 [ 189.451222][ T8206] loop3: detected capacity change from 0 to 2048 [ 189.459601][ T8212] SQUASHFS error: Unable to read metadata cache entry [8f] [ 189.493587][ T8212] SQUASHFS error: Unable to read inode 0x11f [ 189.534441][ T8206] hpfs: filesystem error: invalid size in superblock: ffffffff; already mounted read-only [ 189.585401][ T8221] fscrypt (sda1, inode 1967): Unsupported encryption flags (0x10) [ 189.944652][ T8225] loop4: detected capacity change from 0 to 4096 [ 189.962022][ T8225] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 190.198036][ T8225] ntfs3: loop4: ino=1d, "file1" attr_set_size [ 190.263721][ T8238] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 190.400719][ T8235] loop1: detected capacity change from 0 to 4096 [ 190.407585][ T8235] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 190.427711][ T8240] loop2: detected capacity change from 0 to 512 [ 190.445650][ T8240] EXT4-fs: Ignoring removed mblk_io_submit option [ 190.467637][ T8240] EXT4-fs (loop2): Test dummy encryption mode enabled [ 190.502935][ T8240] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 190.524879][ T8240] System zones: 1-12 [ 190.537885][ T8240] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 190.563247][ T8240] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 190.603297][ T8240] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.778281][ T5113] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.877954][ T8254] loop1: detected capacity change from 0 to 256 [ 190.964133][ T8257] loop2: detected capacity change from 0 to 8 [ 190.978272][ T8257] SQUASHFS error: lzo decompression failed, data probably corrupt [ 190.986348][ T8257] SQUASHFS error: Failed to read block 0x91: -5 [ 190.992770][ T8257] SQUASHFS error: Unable to read metadata cache entry [8f] [ 191.000374][ T8257] SQUASHFS error: Unable to read inode 0x11f [ 191.014869][ T8258] netlink: 'syz-executor.1': attribute type 27 has an invalid length. [ 191.501791][ T8258] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.510943][ T8258] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.721260][ T5107] Bluetooth: hci4: unexpected event for opcode 0x080f [ 191.730808][ T5107] Bluetooth: hci4: unexpected event for opcode 0x2016 [ 191.960498][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88806624a800: rx timeout, send abort [ 192.043474][ T8258] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.078252][ T29] audit: type=1326 audit(1851702130.896:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8285 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8eef87cf69 code=0x0 [ 192.100475][ C1] vkms_vblank_simulate: vblank timer overrun [ 192.112200][ T8258] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.190941][ T8288] loop2: detected capacity change from 0 to 512 [ 192.211519][ T8288] EXT4-fs: Ignoring removed mblk_io_submit option [ 192.228766][ T8288] EXT4-fs (loop2): Test dummy encryption mode enabled [ 192.239811][ T8288] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 192.259484][ T8288] System zones: 1-12 [ 192.296467][ T8288] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 192.332059][ T8288] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 192.411167][ T8288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.446021][ T8258] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.460361][ T8258] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.468875][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88806624a800: abort rx timeout. Force session deactivation [ 192.479073][ T8258] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.509147][ T8258] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.562020][ T5113] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.840607][ T8305] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 193.178837][ T8311] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 193.188819][ T8311] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.2'. [ 193.358243][ T8330] loop0: detected capacity change from 0 to 256 [ 193.369046][ T8330] FAT-fs (loop0): Unrecognized mount option "À" or missing value [ 193.552882][ T8336] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 193.800424][ T5107] Bluetooth: hci4: command 0x0406 tx timeout [ 193.825306][ T8344] loop1: detected capacity change from 0 to 4096 [ 193.841102][ T8344] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 193.939960][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.948924][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.079354][ T8355] loop2: detected capacity change from 0 to 256 [ 194.104897][ T8355] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 194.381769][ C1] vxcan0: j1939_tp_rxtimer: 0xffff8880435dc400: rx timeout, send abort [ 194.554278][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 194.603844][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 194.686334][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.693025][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.890196][ C1] vxcan0: j1939_tp_rxtimer: 0xffff8880435dc400: abort rx timeout. Force session deactivation [ 194.972431][ T8336] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.003591][ T8336] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.011615][ T8356] loop1: detected capacity change from 0 to 32768 [ 195.019923][ T8336] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.030312][ T8336] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.262928][ T8379] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 195.280417][ T8379] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.4'. [ 195.306107][ T8381] macvtap0: entered promiscuous mode [ 195.327935][ T8381] macvtap0: left promiscuous mode [ 195.773286][ T8393] loop4: detected capacity change from 0 to 4096 [ 195.781267][ T8393] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 195.803768][ T5107] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 195.813503][ T5107] Bluetooth: hci4: Injecting HCI hardware error event [ 195.823627][ T5111] Bluetooth: hci4: hardware error 0x00 [ 195.874626][ T8395] loop1: detected capacity change from 0 to 4096 [ 196.023307][ T8408] loop3: detected capacity change from 0 to 256 [ 196.076085][ T8408] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 196.103063][ T8412] macvtap0: entered promiscuous mode [ 196.115206][ T8412] macvtap0: left promiscuous mode [ 196.155686][ T8418] loop1: detected capacity change from 0 to 1024 [ 196.446489][ T8428] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 196.727703][ T8439] loop3: detected capacity change from 0 to 512 [ 196.779012][ T8439] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz-executor.3: invalid indirect mapped block 256 (level 2) [ 196.836698][ T8439] EXT4-fs (loop3): Remounting filesystem read-only [ 196.862989][ T8439] EXT4-fs (loop3): 2 truncates cleaned up [ 196.893609][ T8439] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.965176][ T8448] loop4: detected capacity change from 0 to 1024 [ 197.032679][ T8448] hfsplus: bad catalog entry type [ 197.049873][ T5116] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.107341][ T950] hfsplus: b-tree write err: -5, ino 4 [ 197.238208][ T8453] loop1: detected capacity change from 0 to 1024 [ 197.302085][ T8449] loop2: detected capacity change from 0 to 2048 [ 197.331647][ T8457] loop3: detected capacity change from 0 to 256 [ 197.436797][ T8449] loop2: p1 p2 < > p3 p4 < p5 > [ 197.860930][ T8449] loop2: partition table partially beyond EOD, truncated [ 197.880413][ T5111] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 197.932852][ T8457] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 198.204928][ T8449] loop2: p1 start 2305 is beyond EOD, truncated [ 198.270494][ T8449] loop2: p2 start 4294902784 is beyond EOD, truncated [ 198.343040][ T8449] loop2: p3 start 4278191616 is beyond EOD, truncated [ 198.383296][ T8449] loop2: p5 start 2305 is beyond EOD, truncated [ 198.411489][ T8468] loop1: detected capacity change from 0 to 2048 [ 198.455379][ T29] audit: type=1326 audit(1851702137.276:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01e567cf69 code=0x7ffc0000 [ 198.519776][ T29] audit: type=1326 audit(1851702137.276:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01e567cf69 code=0x7ffc0000 [ 198.565336][ T29] audit: type=1326 audit(1851702137.306:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01e567cf69 code=0x7ffc0000 [ 198.657303][ T29] audit: type=1326 audit(1851702137.306:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01e567cf69 code=0x7ffc0000 [ 198.702672][ T8485] loop1: detected capacity change from 0 to 256 [ 198.711240][ T29] audit: type=1326 audit(1851702137.316:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01e567cf69 code=0x7ffc0000 [ 198.746960][ T29] audit: type=1326 audit(1851702137.316:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01e567cf69 code=0x7ffc0000 [ 198.784675][ T8488] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 198.784776][ T29] audit: type=1326 audit(1851702137.316:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01e567cf69 code=0x7ffc0000 [ 198.794437][ T29] audit: type=1326 audit(1851702137.316:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f01e567a6e7 code=0x7ffc0000 [ 198.816831][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.897214][ T29] audit: type=1326 audit(1851702137.316:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f01e56403c9 code=0x7ffc0000 [ 198.919857][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.942107][ T1805] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 199.081506][ T29] audit: type=1326 audit(1851702137.316:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f01e567a6e7 code=0x7ffc0000 [ 199.492397][ T1805] usb 1-1: Using ep0 maxpacket: 16 [ 199.569114][ T1805] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 199.733657][ T1805] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 199.980963][ T1805] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 199.997536][ T1805] usb 1-1: New USB device found, idVendor=104f, idProduct=0004, bcdDevice=8f.af [ 200.008683][ T1805] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.019487][ T1805] usb 1-1: Product: syz [ 200.024010][ T1805] usb 1-1: Manufacturer: syz [ 200.028792][ T1805] usb 1-1: SerialNumber: syz [ 200.036629][ T1805] usb 1-1: config 0 descriptor?? [ 200.044315][ T1805] iuu_phoenix 1-1:0.0: required endpoints missing [ 200.182480][ T8508] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 200.334824][ T8513] loop1: detected capacity change from 0 to 512 [ 200.393801][ T8481] loop0: detected capacity change from 0 to 1024 [ 200.402649][ T8516] delete_channel: no stack [ 200.414865][ T8481] EXT4-fs: Ignoring removed orlov option [ 200.430378][ T8514] delete_channel: no stack [ 200.440917][ T8481] EXT4-fs: Ignoring removed nomblk_io_submit option [ 200.493768][ T8481] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 200.578715][ T8481] System zones: 0-1, 3-36 [ 200.646952][ T8481] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.712257][ T8526] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 200.748738][ T8522] loop2: detected capacity change from 0 to 64 [ 200.765743][ T8481] EXT4-fs error (device loop0): ext4_acquire_dquot:6860: comm syz-executor.0: Failed to acquire dquot type 0 [ 200.909343][ T5161] usb 1-1: USB disconnect, device number 4 [ 201.595512][ T8521] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 418: padding at end of block bitmap is not set [ 201.704393][ T8532] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 201.736868][ T7559] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.150449][ T8555] loop2: detected capacity change from 0 to 1024 [ 202.177961][ T8557] loop4: detected capacity change from 0 to 64 [ 202.200753][ T8555] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.220604][ T8555] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.262104][ T8376] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 202.450145][ T8376] usb 2-1: Using ep0 maxpacket: 32 [ 202.457728][ T8376] usb 2-1: New USB device found, idVendor=13b1, idProduct=0026, bcdDevice=16.0c [ 202.488283][ T8376] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.525376][ T8376] usb 2-1: config 0 descriptor?? [ 202.585448][ T8376] usb 2-1: bad CDC descriptors [ 202.732399][ T8552] loop0: detected capacity change from 0 to 32768 [ 202.828997][ T45] usb 2-1: USB disconnect, device number 3 [ 202.863222][ T8552] read_mapping_page failed! [ 202.868108][ T8552] ERROR: (device loop0): txCommit: [ 202.868108][ T8552] [ 202.909172][ T8579] jfs: Unrecognized mount option "ÿÿÿ01777777777777777777777ñ¼ÊíXc¥vÌ:ýQºòœÞ" or missing value [ 203.412450][ T950] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.474012][ T8582] loop1: detected capacity change from 0 to 256 [ 203.603820][ T950] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.813599][ T950] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.816243][ T8574] loop2: detected capacity change from 0 to 32768 [ 203.904217][ T8574] gfs2: fsid=(œ[{{{+: Trying to join cluster "lock_nolock", "(œ[{{{+" [ 203.925493][ T8574] gfs2: fsid=(œ[{{{+: Now mounting FS (format 0)... [ 203.962753][ T950] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.964873][ T8574] gfs2: fsid=(œ[{{{+.0: journal 0 mapped with 22 extents in 1ms [ 204.016948][ T5161] gfs2: fsid=(œ[{{{+.0: jid=0, already locked for use [ 204.023969][ T5161] gfs2: fsid=(œ[{{{+.0: jid=0: Looking at journal... [ 204.067798][ T5107] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 204.087036][ T5107] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 204.095664][ T5107] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 204.109009][ T5107] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 204.120448][ T5107] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 204.128006][ T5107] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 204.168300][ T5161] gfs2: fsid=(œ[{{{+.0: jid=0: Journal head lookup took 144ms [ 204.230276][ T5161] gfs2: fsid=(œ[{{{+.0: jid=0: Done [ 204.240082][ T8574] gfs2: fsid=(œ[{{{+.0: first mount done, others may mount [ 204.283308][ T950] bridge_slave_1: left allmulticast mode [ 204.288976][ T950] bridge_slave_1: left promiscuous mode [ 204.296476][ T950] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.328757][ T950] bridge_slave_0: left allmulticast mode [ 204.334571][ T950] bridge_slave_0: left promiscuous mode [ 204.343806][ T950] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.923514][ T5107] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 204.933784][ T5107] Bluetooth: hci1: Injecting HCI hardware error event [ 204.947333][ T5118] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 204.957600][ T53] Bluetooth: hci1: hardware error 0x00 [ 204.976778][ T5118] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 204.990203][ T5118] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 205.005086][ T5118] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 205.013503][ T5118] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 205.030426][ T5118] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 205.079276][ T8611] Process accounting resumed [ 205.279929][ T8603] loop3: detected capacity change from 0 to 32768 [ 205.287917][ T8603] XFS: attr2 mount option is deprecated. [ 205.303863][ T8603] XFS: ikeep mount option is deprecated. [ 205.309618][ T8603] XFS: noikeep mount option is deprecated. [ 205.385970][ T8603] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 205.434968][ T950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 205.449067][ T950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 205.463796][ T950] bond0 (unregistering): Released all slaves [ 205.478786][ T8603] XFS (loop3): Ending clean mount [ 205.501847][ T8603] XFS (loop3): Quotacheck needed: Please wait. [ 205.515745][ T8613] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 205.671795][ T8603] XFS (loop3): Quotacheck: Done. [ 205.717690][ T950] mac80211_hwsim hwsim19 wlan1 (unregistering): left allmulticast mode [ 205.780484][ T5116] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 206.029314][ T8592] chnl_net:caif_netlink_parms(): no params data found [ 206.161360][ T950] hsr_slave_0: left promiscuous mode [ 206.179891][ T950] hsr_slave_1: left promiscuous mode [ 206.205414][ T5111] Bluetooth: hci2: command tx timeout [ 206.240536][ T950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 206.248026][ T950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.264355][ T950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 206.276271][ T950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.337320][ T950] veth1_macvtap: left promiscuous mode [ 206.353656][ T8634] loop3: detected capacity change from 0 to 128 [ 206.370655][ T950] veth0_macvtap: left promiscuous mode [ 206.376354][ T950] veth1_vlan: left promiscuous mode [ 206.390595][ T950] veth0_vlan: left promiscuous mode [ 206.395925][ T8634] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 206.580741][ T8638] loop2: detected capacity change from 0 to 256 [ 206.604828][ T8638] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 207.080364][ T5111] Bluetooth: hci0: command tx timeout [ 207.087374][ T53] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 207.198711][ T950] team0 (unregistering): Port device team_slave_1 removed [ 207.248925][ T950] team0 (unregistering): Port device team_slave_0 removed [ 207.408758][ T8640] loop2: detected capacity change from 0 to 32768 [ 207.441592][ T8640] gfs2: fsid=(œ[{{{+: Trying to join cluster "lock_nolock", "(œ[{{{+" [ 207.449784][ T8640] gfs2: fsid=(œ[{{{+: Now mounting FS (format 0)... [ 207.464323][ T8640] gfs2: fsid=(œ[{{{+.0: journal 0 mapped with 22 extents in 0ms [ 207.474719][ T8376] gfs2: fsid=(œ[{{{+.0: jid=0, already locked for use [ 207.482375][ T8376] gfs2: fsid=(œ[{{{+.0: jid=0: Looking at journal... [ 207.557914][ T8376] gfs2: fsid=(œ[{{{+.0: jid=0: Journal head lookup took 75ms [ 207.565860][ T8376] gfs2: fsid=(œ[{{{+.0: jid=0: Done [ 207.571296][ T8640] gfs2: fsid=(œ[{{{+.0: first mount done, others may mount [ 208.221579][ T8592] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.240164][ T8592] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.248199][ T8592] bridge_slave_0: entered allmulticast mode [ 208.255645][ T8592] bridge_slave_0: entered promiscuous mode [ 208.342827][ T8655] RDS: rds_bind could not find a transport for ff::, load rds_tcp or rds_rdma? [ 208.372378][ T53] Bluetooth: hci2: command tx timeout [ 208.693309][ T8592] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.800866][ T8592] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.861038][ T8592] bridge_slave_1: entered allmulticast mode [ 208.867824][ T8592] bridge_slave_1: entered promiscuous mode [ 208.888467][ T8654] loop2: detected capacity change from 0 to 4096 [ 208.918501][ T8654] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 209.025455][ T8654] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 209.065524][ T8592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.088866][ T8592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.111564][ T8608] chnl_net:caif_netlink_parms(): no params data found [ 209.162939][ T53] Bluetooth: hci0: command tx timeout [ 209.236801][ T8654] ntfs3: loop2: ino=21, "pids.current" mmap(write) compressed not supported [ 209.242955][ T8592] team0: Port device team_slave_0 added [ 209.287137][ T2898] ntfs3: loop2: ino=5, ntfs3_write_inode failed, -22. [ 209.334837][ T8592] team0: Port device team_slave_1 added [ 209.467105][ T8592] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.475248][ T8592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.502637][ T8592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.533116][ T8608] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.541004][ T8608] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.548564][ T8608] bridge_slave_0: entered allmulticast mode [ 209.556697][ T8608] bridge_slave_0: entered promiscuous mode [ 209.590774][ T8376] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 209.629836][ T8592] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.641528][ T8592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.700877][ T8592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.719704][ T8608] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.738305][ T8608] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.748175][ T8608] bridge_slave_1: entered allmulticast mode [ 209.774044][ T8608] bridge_slave_1: entered promiscuous mode [ 209.811240][ T8376] usb 4-1: Using ep0 maxpacket: 16 [ 209.818298][ T8376] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 209.838487][ T8376] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 209.871015][ T8376] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 209.900375][ T8376] usb 4-1: New USB device found, idVendor=104f, idProduct=0004, bcdDevice=8f.af [ 209.909430][ T8376] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.918586][ T8376] usb 4-1: Product: syz [ 209.924261][ T8376] usb 4-1: Manufacturer: syz [ 209.936342][ T8376] usb 4-1: SerialNumber: syz [ 209.949017][ T8376] usb 4-1: config 0 descriptor?? [ 209.957853][ T8608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.970599][ T8376] iuu_phoenix 4-1:0.0: required endpoints missing [ 209.983786][ T8608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.007647][ T8592] hsr_slave_0: entered promiscuous mode [ 210.030499][ T8592] hsr_slave_1: entered promiscuous mode [ 210.050412][ T8592] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 210.058045][ T8592] Cannot create hsr debugfs directory [ 210.139795][ T8608] team0: Port device team_slave_0 added [ 210.151177][ T8608] team0: Port device team_slave_1 added [ 210.250207][ T8664] loop3: detected capacity change from 0 to 1024 [ 210.262080][ T8664] EXT4-fs: Ignoring removed orlov option [ 210.267757][ T8664] EXT4-fs: Ignoring removed nomblk_io_submit option [ 210.330964][ T8608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.337935][ T8608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.341198][ T8674] loop2: detected capacity change from 0 to 256 [ 210.377535][ T8664] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 210.377575][ T8608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.386207][ T8664] System zones: 0-1, 3-36 [ 210.409693][ T8664] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.424350][ T8674] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 210.440629][ T53] Bluetooth: hci2: command tx timeout [ 210.459574][ T8608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.476008][ T8608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.510625][ T8664] __quota_error: 45 callbacks suppressed [ 210.510647][ T8664] Quota error (device loop3): do_check_range: Getting block 234881027 out of range 1-5 [ 210.532079][ T8664] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 210.541618][ T8608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.555720][ T8664] EXT4-fs error (device loop3): ext4_acquire_dquot:6860: comm syz-executor.3: Failed to acquire dquot type 0 [ 210.583742][ T5158] usb 4-1: USB disconnect, device number 5 [ 210.778506][ T950] bridge_slave_1: left allmulticast mode [ 210.784674][ T950] bridge_slave_1: left promiscuous mode [ 210.790546][ T950] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.810318][ T950] bridge_slave_0: left allmulticast mode [ 210.819456][ T8675] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 418: padding at end of block bitmap is not set [ 210.835974][ T950] bridge_slave_0: left promiscuous mode [ 212.247443][ T53] Bluetooth: hci0: command tx timeout [ 212.265303][ T950] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.530154][ T53] Bluetooth: hci2: command tx timeout [ 212.540248][ T5116] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.962941][ T950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.973905][ T950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.984104][ T950] bond0 (unregistering): Released all slaves [ 213.121192][ T8701] loop3: detected capacity change from 0 to 256 [ 213.176437][ T8608] hsr_slave_0: entered promiscuous mode [ 213.186015][ T8701] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 213.216032][ T8608] hsr_slave_1: entered promiscuous mode [ 213.223887][ T8608] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.232751][ T8608] Cannot create hsr debugfs directory [ 213.639751][ T950] hsr_slave_0: left promiscuous mode [ 213.666922][ T950] hsr_slave_1: left promiscuous mode [ 213.683443][ T950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.699220][ T950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.069391][ T8703] loop3: detected capacity change from 0 to 32768 [ 214.092754][ T8703] XFS: attr2 mount option is deprecated. [ 214.098441][ T8703] XFS: ikeep mount option is deprecated. [ 214.129000][ T8703] XFS: noikeep mount option is deprecated. [ 214.186266][ T8703] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 214.266010][ T8703] XFS (loop3): Ending clean mount [ 214.280516][ T53] Bluetooth: hci0: command tx timeout [ 214.301958][ T8703] XFS (loop3): Quotacheck needed: Please wait. [ 214.357516][ T8703] XFS (loop3): Quotacheck: Done. [ 214.443877][ T950] team0 (unregistering): Port device team_slave_1 removed [ 214.455018][ T5116] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 214.550447][ T950] team0 (unregistering): Port device team_slave_0 removed [ 214.676507][ T8727] loop2: detected capacity change from 0 to 256 [ 214.689074][ T8727] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 215.272962][ T5158] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 215.273658][ T8742] Illegal XDP return value 4294967274 on prog (id 216) dev N/A, expect packet loss! [ 215.460143][ T5158] usb 4-1: Using ep0 maxpacket: 8 [ 215.469970][ T5158] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 215.473251][ T8744] loop2: detected capacity change from 0 to 4096 [ 215.495857][ T5158] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 215.499062][ T8744] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 215.530119][ T5158] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.553429][ T8744] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 215.558687][ T5158] usb 4-1: config 0 descriptor?? [ 215.599287][ T5158] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 215.700712][ T8744] loop2: detected capacity change from 4096 to 0 [ 215.739674][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.739674][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.753993][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.760990][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.760990][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.782569][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.789519][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.789519][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.828991][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.836069][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.836069][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.856574][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.872880][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.872880][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.909002][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.920288][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.920288][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.934765][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.942797][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.942797][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.957187][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.967781][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.967781][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 215.981247][ T8744] ntfs3: loop2: failed to read volume at offset 0x3000 [ 215.988159][ T8744] syz-executor.2: attempt to access beyond end of device [ 215.988159][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 216.001725][ T8744] syz-executor.2: attempt to access beyond end of device [ 216.001725][ T8744] loop2: rw=0, sector=24, nr_sectors = 4 limit=0 [ 216.019618][ T5158] gspca_vc032x: reg_w err -71 [ 216.028955][ T5158] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 216.070390][ T5158] usb 4-1: USB disconnect, device number 6 [ 216.111820][ T5113] Buffer I/O error on dev loop2, logical block 511, lost sync page write [ 216.195164][ T8608] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 216.209969][ T8608] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 216.219328][ T8608] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 216.233521][ T8608] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 216.293244][ T8592] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 216.307404][ T8592] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 216.318636][ T8592] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 216.328111][ T8592] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 216.428862][ T8608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.452298][ T8608] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.536116][ T61] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.574063][ T8376] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.581269][ T8376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.652627][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.659780][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.752154][ T61] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.902587][ T61] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.946020][ T5111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 216.958059][ T5111] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 216.972578][ T5111] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 216.980851][ T5111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 216.991568][ T5111] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 216.998924][ T5111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 217.026542][ T8592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.085066][ T61] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.175321][ T8592] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.242060][ T5161] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.249204][ T5161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.271515][ T5161] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.278618][ T5161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.390566][ T29] audit: type=1800 audit(1851702156.206:144): pid=8761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=1944 res=0 errno=0 [ 217.410897][ T8608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.472791][ T61] bridge_slave_0: left allmulticast mode [ 217.478454][ T61] bridge_slave_0: left promiscuous mode [ 217.490452][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.885494][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 217.897884][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 217.908178][ T61] bond0 (unregistering): Released all slaves [ 218.045537][ T8592] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 218.062099][ T8768] loop3: detected capacity change from 0 to 2048 [ 218.079494][ T8768] hpfs: filesystem error: invalid number of hotfixes: 0, used: 1; already mounted read-only [ 218.092986][ T8768] hpfs: filesystem error: improperly stopped [ 218.099125][ T8768] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 218.107177][ T8768] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2 [ 218.189559][ T8608] veth0_vlan: entered promiscuous mode [ 218.269877][ T8608] veth1_vlan: entered promiscuous mode [ 218.437604][ T8752] chnl_net:caif_netlink_parms(): no params data found [ 218.506864][ T61] hsr_slave_0: left promiscuous mode [ 218.514529][ T61] hsr_slave_1: left promiscuous mode [ 218.521866][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.529349][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.552105][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.559541][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.622092][ T61] veth1_macvtap: left promiscuous mode [ 218.627671][ T61] veth0_macvtap: left promiscuous mode [ 218.633888][ T61] veth1_vlan: left promiscuous mode [ 218.639228][ T61] veth0_vlan: left promiscuous mode [ 218.841732][ T8775] loop3: detected capacity change from 0 to 32768 [ 219.083582][ T5111] Bluetooth: hci3: command tx timeout [ 219.403255][ T61] team0 (unregistering): Port device team_slave_1 removed [ 219.464671][ T61] team0 (unregistering): Port device team_slave_0 removed [ 220.017933][ T8780] loop3: detected capacity change from 0 to 32768 [ 220.029222][ T8780] btrfs: Deprecated parameter 'usebackuproot' [ 220.035399][ T8780] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 220.065390][ T8780] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (8780) [ 220.092222][ T8780] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 220.115121][ T8780] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 220.231238][ T8780] BTRFS info (device loop3): rebuilding free space tree [ 220.255978][ T8780] BTRFS info (device loop3): disabling free space tree [ 220.263328][ T8780] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 220.274443][ T8780] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 220.321379][ T8608] veth0_macvtap: entered promiscuous mode [ 220.348511][ T8592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.358038][ T8608] veth1_macvtap: entered promiscuous mode [ 220.432326][ T5116] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 220.508986][ T8752] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.539229][ T8752] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.576242][ T8752] bridge_slave_0: entered allmulticast mode [ 220.598136][ T8752] bridge_slave_0: entered promiscuous mode [ 220.656517][ T8752] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.670259][ T8752] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.677490][ T8752] bridge_slave_1: entered allmulticast mode [ 220.711002][ T8752] bridge_slave_1: entered promiscuous mode [ 220.827983][ T61] IPVS: stop unused estimator thread 0... [ 220.848528][ T8752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.864103][ T8608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.883551][ T8608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.897675][ T8608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.916491][ T8608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.933980][ T8812] input: syz0 as /devices/virtual/input/input7 [ 220.952310][ T8608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.973083][ T8752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.054586][ T8752] team0: Port device team_slave_0 added [ 221.077022][ T8608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.088002][ T8608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.098238][ T8608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.109182][ T8608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.120919][ T8608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.134919][ T8752] team0: Port device team_slave_1 added [ 221.160834][ T5111] Bluetooth: hci3: command tx timeout [ 221.194357][ T8608] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.204306][ T8608] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.213676][ T8608] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.229077][ T8608] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.234932][ T29] audit: type=1800 audit(1851702160.056:145): pid=8816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=1944 res=0 errno=0 [ 221.276517][ T8592] veth0_vlan: entered promiscuous mode [ 221.284255][ T8752] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.293388][ T8752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.329098][ T8752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.352599][ T8752] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.360447][ T8752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.386587][ T8752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.436516][ T8592] veth1_vlan: entered promiscuous mode [ 221.494767][ T8752] hsr_slave_0: entered promiscuous mode [ 221.513823][ T8752] hsr_slave_1: entered promiscuous mode [ 221.584423][ T8592] veth0_macvtap: entered promiscuous mode [ 221.612188][ T8592] veth1_macvtap: entered promiscuous mode [ 221.680130][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.688054][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.746286][ T8777] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.771079][ T8777] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.795683][ T8592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.819121][ T8592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.830274][ T8592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.846660][ T8592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.856533][ T8592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.867953][ T8592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.879083][ T8592] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.905843][ T8592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.916701][ T8592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.926982][ T8592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.946808][ T8592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.957369][ T8592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.968592][ T8592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.980724][ T8592] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.996117][ T8592] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.006052][ T8592] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.014840][ T8592] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.024645][ T8592] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.136124][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.144490][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.185361][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.195466][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.323720][ T8752] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 222.332923][ T8752] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 222.343323][ T8752] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 222.352455][ T8752] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 222.443874][ T8752] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.467825][ T8752] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.481835][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.488984][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.514580][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.521744][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.569352][ T8752] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 222.699158][ T8752] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.748532][ T8752] veth0_vlan: entered promiscuous mode [ 222.761580][ T8752] veth1_vlan: entered promiscuous mode [ 222.798199][ T8752] veth0_macvtap: entered promiscuous mode [ 222.812272][ T8752] veth1_macvtap: entered promiscuous mode [ 222.829983][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.842851][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.853731][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.864442][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.874377][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.884949][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.896584][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.907027][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.918384][ T8752] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.933187][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.943768][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.955262][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.965825][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.975740][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.988670][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.999318][ T8752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.009979][ T8752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.021402][ T8752] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.039903][ T8752] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.049318][ T8752] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.059130][ T8752] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.069256][ T8752] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.149020][ T1057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.157710][ T1057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.186466][ T950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.194543][ T950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.240442][ T5111] Bluetooth: hci3: command tx timeout [ 225.320216][ T5111] Bluetooth: hci3: command tx timeout [ 230.910266][ T8365] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 231.100182][ T8365] usb 4-1: Using ep0 maxpacket: 32 [ 231.119308][ T8365] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.131857][ T8873] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 231.151009][ T8365] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.193584][ T8365] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 231.222762][ T8365] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.241348][ T8365] usb 4-1: config 0 descriptor?? [ 231.263778][ T8365] hub 4-1:0.0: USB hub found [ 231.387057][ T8873] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.394924][ T8873] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.472485][ T8365] hub 4-1:0.0: 1 port detected [ 231.559356][ T8856] loop1: detected capacity change from 0 to 40427 [ 232.012529][ T8873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.039663][ T8873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.220393][ T5114] hub 4-1:0.0: activate --> -90 [ 232.286896][ T8873] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.296512][ T8873] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.306226][ T8873] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.317214][ T8873] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.541630][ T8886] loop1: detected capacity change from 0 to 1024 [ 232.565479][ T29] audit: type=1800 audit(1851702171.196:146): pid=8886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 233.220938][ T8893] ip6gretap1: entered promiscuous mode [ 233.231006][ T8269] usb 4-1: USB disconnect, device number 7 [ 233.239027][ T8] usb 4-1-port1: cannot reset (err = -71) [ 233.249551][ T8893] ip6gretap1: entered allmulticast mode [ 233.253363][ T8] usb 4-1-port1: attempt power cycle [ 233.483309][ T8907] dlm: non-version read from control device 0 [ 233.595054][ T8913] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 234.178732][ T8944] netlink: 11562 bytes leftover after parsing attributes in process `syz-executor.2'. [ 234.198866][ T8949] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 234.209007][ T8949] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 234.509982][ T29] audit: type=1326 audit(1851702173.326:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9b9e7cf69 code=0x0 [ 234.660383][ T8981] loop3: detected capacity change from 0 to 512 [ 234.669312][ T8981] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 234.707517][ T8981] EXT4-fs (loop3): 1 truncate cleaned up [ 234.714985][ T8981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.777154][ T5116] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.798430][ T29] audit: type=1326 audit(1851702174.616:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9030 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8eef87cf69 code=0x0 [ 236.293539][ T9023] loop4: detected capacity change from 0 to 32768 [ 236.323194][ T9023] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 236.371804][ T9029] loop2: detected capacity change from 0 to 40427 [ 236.402302][ T9029] F2FS-fs (loop2): Found nat_bits in checkpoint [ 236.467563][ T9023] XFS (loop4): Ending clean mount [ 236.496012][ T9029] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 236.504012][ T9023] XFS (loop4): Quotacheck needed: Please wait. [ 236.576858][ T8752] bio_check_eod: 13 callbacks suppressed [ 236.576871][ T8752] syz-executor.2: attempt to access beyond end of device [ 236.576871][ T8752] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 236.598528][ T8752] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 236.617042][ T9023] XFS (loop4): Quotacheck: Done. [ 236.678140][ T29] audit: type=1800 audit(1851702175.496:149): pid=9023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=9292 res=0 errno=0 [ 236.738128][ T29] audit: type=1804 audit(1851702175.556:150): pid=9023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1705993634/syzkaller.CvoIyT/22/file0/bus" dev="loop4" ino=9292 res=1 errno=0 [ 236.904864][ T29] audit: type=1804 audit(1851702175.726:151): pid=9023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir1705993634/syzkaller.CvoIyT/22/file0/bus" dev="loop4" ino=9292 res=1 errno=0 [ 236.979843][ T29] audit: type=1804 audit(1851702175.796:152): pid=9023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir1705993634/syzkaller.CvoIyT/22/file0/bus" dev="loop4" ino=9292 res=1 errno=0 [ 237.183138][ T8592] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 237.793076][ T9072] RDS: rds_bind could not find a transport for ff::, load rds_tcp or rds_rdma? [ 238.529660][ T9081] netlink: 11562 bytes leftover after parsing attributes in process `syz-executor.3'. [ 238.970576][ T29] audit: type=1326 audit(1851702177.786:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9102 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe23187cf69 code=0x0 [ 239.302299][ T9095] loop3: detected capacity change from 0 to 32768 [ 239.414039][ T9108] RDS: rds_bind could not find a transport for ff::, load rds_tcp or rds_rdma? [ 239.577627][ T9095] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (9095) [ 239.954360][ T9095] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 239.993387][ T9095] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 240.038869][ T9095] BTRFS info (device loop3): using free-space-tree [ 240.246417][ T9132] loop2: detected capacity change from 0 to 256 [ 240.300145][ T5116] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 240.610359][ T8375] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 240.827598][ T8375] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 240.856108][ T8375] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.889167][ T8375] usb 2-1: config 0 descriptor?? [ 241.458717][ T9165] netlink: 3084 bytes leftover after parsing attributes in process `syz-executor.3'. [ 241.478251][ T9165] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 241.486828][ T9165] netlink: 193500 bytes leftover after parsing attributes in process `syz-executor.3'. [ 241.615884][ T9171] loop4: detected capacity change from 0 to 1024 [ 241.636664][ T9171] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 241.658319][ T9171] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 241.674607][ T9175] loop3: detected capacity change from 0 to 256 [ 241.688455][ T9171] jbd2_journal_init_inode: Cannot locate journal superblock [ 241.696008][ T9171] EXT4-fs (loop4): Could not load journal inode [ 241.726939][ T8375] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 241.739967][ T8375] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 241.751429][ T8375] asix 2-1:0.0: probe with driver asix failed with error -71 [ 241.767991][ T8375] usb 2-1: USB disconnect, device number 4 [ 242.204431][ T9185] loop4: detected capacity change from 0 to 2048 [ 242.255560][ T9185] UDF-fs: warning (device loop4): udf_fill_super: No partition found (2) [ 242.365769][ T9182] fuse: Bad value for 'group_id' [ 243.182848][ T9226] program syz-executor.3 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 243.577942][ T9249] netlink: 'syz-executor.3': attribute type 15 has an invalid length. [ 244.054176][ T9273] loop4: detected capacity change from 0 to 1024 [ 244.078089][ T9273] hfsplus: failed to load extents file [ 245.171674][ T9289] loop1: detected capacity change from 0 to 32768 [ 246.239809][ T9325] loop2: detected capacity change from 0 to 1024 [ 246.251727][ T9325] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 246.265093][ T9325] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 246.308975][ T9325] jbd2_journal_init_inode: Cannot locate journal superblock [ 246.316886][ T9325] EXT4-fs (loop2): Could not load journal inode [ 246.350145][ T8375] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 246.401414][ T9310] loop4: detected capacity change from 0 to 40427 [ 246.423031][ T9310] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 246.433386][ T9310] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 246.445932][ T9310] F2FS-fs (loop4): invalid crc value [ 246.468663][ T9310] F2FS-fs (loop4): Found nat_bits in checkpoint [ 246.561683][ T8375] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 246.571193][ T9339] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 246.581112][ T8375] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.605102][ T8375] usb 4-1: config 0 descriptor?? [ 246.627544][ T9340] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 246.640672][ T9310] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 246.649603][ T9310] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 246.745596][ T8592] syz-executor.4: attempt to access beyond end of device [ 246.745596][ T8592] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 246.778623][ T8592] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 247.259098][ T9337] loop2: detected capacity change from 0 to 32768 [ 247.279483][ T9337] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (9337) [ 247.334123][ T9337] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 247.352464][ T9337] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 247.374641][ T9337] BTRFS info (device loop2): using free-space-tree [ 247.447143][ T8375] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 247.460576][ T8375] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 247.473468][ T8375] asix 4-1:0.0: probe with driver asix failed with error -71 [ 247.485567][ T8375] usb 4-1: USB disconnect, device number 12 [ 247.526601][ T9343] loop1: detected capacity change from 0 to 32768 [ 247.599726][ T8752] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 248.203711][ T9387] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 248.277168][ T9392] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 248.765384][ T9389] loop4: detected capacity change from 0 to 32768 [ 248.775362][ T9389] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (9389) [ 248.795956][ T9389] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 248.807198][ T9389] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 248.816062][ T9389] BTRFS info (device loop4): using free-space-tree [ 248.879414][ T8592] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 248.963863][ T8269] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 249.161493][ T8269] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 249.177453][ T8269] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.188571][ T8269] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.208940][ T8269] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 249.231206][ T8269] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 249.247872][ T8269] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 249.256396][ T8269] usb 3-1: Manufacturer: syz [ 249.271044][ T8269] usb 3-1: config 0 descriptor?? [ 249.338955][ T9433] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 249.423680][ T9435] Invalid ELF header len 1 [ 249.694028][ T8269] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 249.706079][ T8269] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 249.736267][ T8269] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 249.780255][ T9444] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 250.338476][ T9465] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 250.520509][ T5111] Bluetooth: hci0: command 0x0401 tx timeout [ 250.541221][ T9472] loop4: detected capacity change from 0 to 2048 [ 250.560924][ T9472] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 250.581679][ T8269] usb 3-1: USB disconnect, device number 3 [ 250.592622][ T9472] syz-executor.4: attempt to access beyond end of device [ 250.592622][ T9472] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 250.608474][ T9473] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 250.661650][ T9472] syz-executor.4: attempt to access beyond end of device [ 250.661650][ T9472] loop4: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 250.701231][ T9472] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=3) [ 250.709802][ T9472] NILFS (loop4): error -5 reading inode: ino=12 [ 250.748039][ T9477] loop3: detected capacity change from 0 to 4096 [ 250.771030][ T9477] NILFS (loop3): invalid segment: Checksum error in segment payload [ 250.779257][ T9477] NILFS (loop3): trying rollback from an earlier position [ 250.804264][ T9477] NILFS (loop3): recovery complete [ 250.814735][ T9479] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 250.828087][ T9472] syz-executor.4: attempt to access beyond end of device [ 250.828087][ T9472] loop4: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 250.848580][ T9472] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=3) [ 250.859343][ T9472] NILFS (loop4): error -5 reading inode: ino=15 [ 250.873067][ T9472] syz-executor.4: attempt to access beyond end of device [ 250.873067][ T9472] loop4: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 250.887661][ T9472] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=3) [ 250.897630][ T9472] NILFS (loop4): error -5 reading inode: ino=15 [ 251.272097][ T9485] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 251.528934][ T9505] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 251.988760][ T9515] loop1: detected capacity change from 0 to 2048 [ 252.362554][ T9502] loop2: detected capacity change from 0 to 32768 [ 252.385740][ T9523] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 252.412381][ T9502] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 252.509980][ T9502] XFS (loop2): Ending clean mount [ 252.538136][ T8752] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 252.711423][ T8269] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 252.760595][ T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 252.896702][ T8269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 252.908203][ T8269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 252.932314][ T8269] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 252.950611][ T8269] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 252.959661][ T8269] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.971588][ T8269] usb 2-1: config 0 descriptor?? [ 252.977250][ T8] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 252.980460][ T9533] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 252.986469][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.011506][ T8] usb 5-1: config 0 descriptor?? [ 253.115702][ T9542] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 253.350616][ T9551] netlink: 'syz-executor.2': attribute type 6 has an invalid length. [ 253.454620][ T8269] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 253.465287][ T8269] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 253.493749][ T8269] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 253.786522][ T8269] usb 2-1: USB disconnect, device number 5 [ 253.834117][ T8] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 253.844688][ T8] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 253.856524][ T8] asix 5-1:0.0: probe with driver asix failed with error -71 [ 253.869068][ T8] usb 5-1: USB disconnect, device number 3 [ 254.022258][ T9557] loop2: detected capacity change from 0 to 40427 [ 254.039087][ T9557] F2FS-fs (loop2): Found nat_bits in checkpoint [ 254.083530][ T9557] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 254.214233][ T5111] Bluetooth: hci0: command tx timeout [ 254.445918][ T9563] syz-executor.2: attempt to access beyond end of device [ 254.445918][ T9563] loop2: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 254.461588][ T9563] syz-executor.2: attempt to access beyond end of device [ 254.461588][ T9563] loop2: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 254.700764][ T29] audit: type=1800 audit(1851702193.246:154): pid=9563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=10 res=0 errno=0 [ 255.017674][ T9565] Invalid ELF header len 1 [ 255.121547][ T8752] syz-executor.2: attempt to access beyond end of device [ 255.121547][ T8752] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 255.138171][ T8752] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 255.196121][ T9567] loop4: detected capacity change from 0 to 2048 [ 255.250126][ T9567] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 255.278741][ T9572] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 255.289845][ T9567] syz-executor.4: attempt to access beyond end of device [ 255.289845][ T9567] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 255.347183][ T9567] syz-executor.4: attempt to access beyond end of device [ 255.347183][ T9567] loop4: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 255.397595][ T9567] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=3) [ 255.421588][ T9567] NILFS (loop4): error -5 reading inode: ino=12 [ 255.505287][ T9567] syz-executor.4: attempt to access beyond end of device [ 255.505287][ T9567] loop4: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 255.528009][ T9567] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=3) [ 255.537037][ T9567] NILFS (loop4): error -5 reading inode: ino=15 [ 255.556664][ T9567] syz-executor.4: attempt to access beyond end of device [ 255.556664][ T9567] loop4: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 255.581778][ T9567] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=3) [ 255.596175][ T9567] NILFS (loop4): error -5 reading inode: ino=15 [ 255.907686][ T9582] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 255.936605][ T9582] netlink: 128124 bytes leftover after parsing attributes in process `syz-executor.2'. [ 256.013162][ T9569] loop1: detected capacity change from 0 to 32768 [ 256.123216][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.129545][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.289296][ T9578] loop3: detected capacity change from 0 to 32768 [ 256.355376][ T45] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 256.572730][ T45] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 256.585143][ T45] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 256.610560][ T45] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 256.620856][ T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 256.639455][ T45] usb 3-1: SerialNumber: syz [ 256.670552][ T9588] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 256.671239][ T9596] loop1: detected capacity change from 0 to 1024 [ 257.322606][ T5157] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 257.544012][ T5157] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 257.589114][ T45] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 257.610562][ T5157] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 257.632035][ T45] usb 3-1: USB disconnect, device number 4 [ 257.645992][ T5157] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 257.685505][ T5157] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 257.737940][ T5157] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.756120][ T5157] usb 5-1: config 0 descriptor?? [ 257.767040][ T9602] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 257.898467][ T9609] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 257.961434][ T9610] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 258.022237][ T9607] loop3: detected capacity change from 0 to 40427 [ 258.042509][ T9607] F2FS-fs (loop3): Found nat_bits in checkpoint [ 258.150528][ T9607] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 258.244630][ T5157] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 258.257236][ T5157] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 258.270464][ T5157] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 258.417889][ T9622] Invalid ELF header len 1 [ 258.639378][ T9625] syz-executor.3: attempt to access beyond end of device [ 258.639378][ T9625] loop3: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 258.654303][ T9625] syz-executor.3: attempt to access beyond end of device [ 258.654303][ T9625] loop3: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 258.963042][ T29] audit: type=1800 audit(1851702197.426:155): pid=9625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 errno=0 [ 259.205350][ T5157] usb 5-1: USB disconnect, device number 4 [ 259.282528][ T5116] syz-executor.3: attempt to access beyond end of device [ 259.282528][ T5116] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 259.310295][ T5116] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 259.325714][ T9627] xt_connbytes: Forcing CT accounting to be enabled [ 259.347327][ T9627] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 259.490274][ T7559] jfs_flush_journal: synclist not empty [ 259.497095][ T7559] metapage: ffff88802e0859b0: 00001000 00000000 00003c24 00000000 [ 259.517624][ T7559] metapage: ffff88802e0859c0: 2fe45228 ffff8880 2fe45228 ffff8880 [ 259.559283][ T7559] metapage: ffff88802e0859d0: 00000004 00000000 00000000 00000000 [ 259.574903][ T7559] metapage: ffff88802e0859e0: 2917d000 ffff8880 0000002c 00000000 [ 259.590374][ T7559] metapage: ffff88802e0859f0: 00000000 dead4ead ffffffff 00000000 [ 259.604021][ T7559] metapage: ffff88802e085a00: ffffffff ffffffff 949030c0 ffffffff [ 259.633483][ T7559] metapage: ffff88802e085a10: 92d284a0 ffffffff 00000000 00000000 [ 259.650369][ T7559] metapage: ffff88802e085a20: 8c02ad40 ffffffff 00000200 00000000 [ 259.679926][ T7559] metapage: ffff88802e085a30: 2e085a30 ffff8880 2e085a30 ffff8880 [ 259.698331][ T7559] metapage: ffff88802e085a40: 00a45f40 ffffea00 7d0aa000 ffff8880 [ 259.714097][ T7559] metapage: ffff88802e085a50: 00001000 00003ea8 00000001 00000000 [ 259.731910][ T7559] metapage: ffff88802e085a60: 2fe45000 ffff8880 [ 259.738183][ T7559] page: ffffea0000a45f40: 00fff5000000422c ffffea0000895e88 [ 259.780159][ T7559] page: ffffea0000a45f50: ffffea00009b8e08 ffff8880609746d8 [ 259.787518][ T7559] page: ffffea0000a45f60: 000000000000002c ffff88802e0859b0 [ 259.821205][ T7559] page: ffffea0000a45f70: 00000003ffffffff ffff88807b8b2000 [ 259.999485][ T9643] loop4: detected capacity change from 0 to 64 [ 260.275553][ T9629] loop2: detected capacity change from 0 to 40427 [ 260.284131][ T9629] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 260.291918][ T9629] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 260.306848][ T9629] F2FS-fs (loop2): invalid crc value [ 260.318243][ T9629] F2FS-fs (loop2): Found nat_bits in checkpoint [ 260.428294][ T9629] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 260.437598][ T9629] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 260.464506][ T9662] xt_connbytes: Forcing CT accounting to be enabled [ 260.478636][ T9662] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 260.501482][ T45] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 260.596087][ T8752] syz-executor.2: attempt to access beyond end of device [ 260.596087][ T8752] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 260.619268][ T8752] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 261.266231][ T9680] loop4: detected capacity change from 0 to 64 [ 261.332443][ T45] usb 2-1: device descriptor read/all, error -71 [ 261.809335][ T9693] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 261.830127][ T9693] netlink: 128124 bytes leftover after parsing attributes in process `syz-executor.4'. [ 262.010224][ T9695] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 262.101038][ T5157] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 262.302016][ T5157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 262.334526][ T5157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 262.371928][ T5157] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 262.412808][ T5157] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 262.441915][ T5157] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.476980][ T5157] usb 3-1: config 0 descriptor?? [ 262.495350][ T9689] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 262.978093][ T5157] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd [ 263.002146][ T5157] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 263.041645][ T5157] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 263.137327][ T9701] loop1: detected capacity change from 0 to 40427 [ 263.152450][ T9701] F2FS-fs (loop1): heap/no_heap options were deprecated [ 263.167939][ T9697] loop4: detected capacity change from 0 to 40427 [ 263.176058][ T9701] F2FS-fs (loop1): invalid crc value [ 263.181779][ T9701] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 263.192334][ T9697] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 263.203001][ T9697] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 263.214373][ T9701] F2FS-fs (loop1): Found nat_bits in checkpoint [ 263.253710][ T9697] F2FS-fs (loop4): invalid crc value [ 263.269822][ T9697] F2FS-fs (loop4): Found nat_bits in checkpoint [ 263.295140][ T9701] F2FS-fs (loop1): write access unavailable, skipping recovery [ 263.311897][ T9701] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 263.329412][ T8] usb 3-1: USB disconnect, device number 5 [ 263.362580][ T9697] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 263.369654][ T9697] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 263.451934][ T8592] syz-executor.4: attempt to access beyond end of device [ 263.451934][ T8592] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 263.468051][ T8592] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 263.550152][ T5157] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 263.638704][ T9726] loop1: detected capacity change from 0 to 64 [ 263.771793][ T5157] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 263.798206][ T5157] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 263.814676][ T5157] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 263.824195][ T5157] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 263.832410][ T5157] usb 4-1: SerialNumber: syz [ 263.840965][ T9720] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 263.860863][ T9728] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 263.869001][ T9728] netlink: 128124 bytes leftover after parsing attributes in process `syz-executor.1'. [ 264.031587][ T9733] loop1: detected capacity change from 0 to 1024 [ 264.773200][ T5157] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 264.798994][ T5157] usb 4-1: USB disconnect, device number 13 [ 264.948573][ T9755] loop2: detected capacity change from 0 to 64 [ 265.101473][ T9758] loop2: detected capacity change from 0 to 256 [ 265.132112][ T9758] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 265.293746][ T9751] loop1: detected capacity change from 0 to 40427 [ 265.303109][ T9751] F2FS-fs (loop1): heap/no_heap options were deprecated [ 265.325320][ T9751] F2FS-fs (loop1): invalid crc value [ 265.336116][ T9751] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 265.353526][ T9751] F2FS-fs (loop1): Found nat_bits in checkpoint [ 265.494644][ T9751] F2FS-fs (loop1): write access unavailable, skipping recovery [ 265.510253][ T9751] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 266.047822][ T9771] loop1: detected capacity change from 0 to 1024 [ 266.340804][ T9764] loop3: detected capacity change from 0 to 40427 [ 266.366034][ T9764] F2FS-fs (loop3): Found nat_bits in checkpoint [ 266.416287][ T5111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 266.428025][ T5111] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 266.442242][ T5111] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 266.451414][ T5111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 266.459810][ T5111] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 266.469749][ T5111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 266.653884][ T9764] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 266.878905][ T9784] chnl_net:caif_netlink_parms(): no params data found [ 267.126626][ T9793] syz-executor.3: attempt to access beyond end of device [ 267.126626][ T9793] loop3: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 267.143976][ T9793] syz-executor.3: attempt to access beyond end of device [ 267.143976][ T9793] loop3: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 267.635918][ T29] audit: type=1800 audit(1851702205.926:156): pid=9793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 errno=0 [ 267.799137][ T5116] syz-executor.3: attempt to access beyond end of device [ 267.799137][ T5116] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 267.841337][ T9796] loop4: detected capacity change from 0 to 256 [ 267.841750][ T9784] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.863540][ T5116] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 267.888603][ T9784] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.901945][ T9784] bridge_slave_0: entered allmulticast mode [ 267.914333][ T9784] bridge_slave_0: entered promiscuous mode [ 267.926792][ T9784] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.934731][ T9784] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.943376][ T9784] bridge_slave_1: entered allmulticast mode [ 267.962779][ T9784] bridge_slave_1: entered promiscuous mode [ 267.979976][ T9796] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 268.080279][ T9784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 268.102368][ T9784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 268.216014][ T9784] team0: Port device team_slave_0 added [ 268.254951][ T9784] team0: Port device team_slave_1 added [ 268.428403][ T9784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 268.444069][ T9784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.474120][ T9784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 268.512042][ T9784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 268.519108][ T9784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.545664][ T53] Bluetooth: hci3: command tx timeout [ 268.556601][ T9784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 268.644769][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.854014][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.933521][ T9784] hsr_slave_0: entered promiscuous mode [ 268.939835][ T9784] hsr_slave_1: entered promiscuous mode [ 268.970290][ T9784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 268.977921][ T9784] Cannot create hsr debugfs directory [ 269.000299][ T8269] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 269.073197][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.192213][ T8269] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 269.217575][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.220900][ T8269] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 269.293217][ T8269] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 269.304154][ T8269] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 269.320949][ T8269] usb 4-1: SerialNumber: syz [ 269.337126][ T9799] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 269.437852][ T5111] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 269.449250][ T5111] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 269.462540][ T5111] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 269.471472][ T5111] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 269.485458][ T5111] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 269.498831][ T5111] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 269.803583][ T35] bridge_slave_1: left allmulticast mode [ 269.809602][ T35] bridge_slave_1: left promiscuous mode [ 269.827060][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.846563][ T35] bridge_slave_0: left allmulticast mode [ 269.925290][ T35] bridge_slave_0: left promiscuous mode [ 269.941831][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.166341][ T8269] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 270.196944][ T8269] usb 4-1: USB disconnect, device number 14 [ 270.610107][ T53] Bluetooth: hci3: command tx timeout [ 271.579888][ T53] Bluetooth: hci2: command tx timeout [ 271.630636][ T9818] input: syz0 as /devices/virtual/input/input11 [ 271.705593][ T9822] loop1: detected capacity change from 0 to 256 [ 271.740885][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 271.756247][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 271.785490][ T35] bond0 (unregistering): Released all slaves [ 272.205312][ T35] hsr_slave_0: left promiscuous mode [ 272.216487][ T35] hsr_slave_1: left promiscuous mode [ 272.225511][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 272.237735][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 272.247594][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 272.255623][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 272.279942][ T35] veth1_macvtap: left promiscuous mode [ 272.286046][ T35] veth0_macvtap: left promiscuous mode [ 272.291796][ T35] veth1_vlan: left promiscuous mode [ 272.297167][ T35] veth0_vlan: left promiscuous mode [ 272.683113][ T53] Bluetooth: hci3: command tx timeout [ 272.898905][ T35] team0 (unregistering): Port device team_slave_1 removed [ 272.958700][ T35] team0 (unregistering): Port device team_slave_0 removed [ 273.265308][ T9839] loop3: detected capacity change from 0 to 40427 [ 273.294691][ T9839] F2FS-fs (loop3): Found nat_bits in checkpoint [ 273.379453][ T9839] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 273.645363][ T53] Bluetooth: hci2: command tx timeout [ 273.781109][ T9847] syz-executor.3: attempt to access beyond end of device [ 273.781109][ T9847] loop3: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 273.796446][ T9847] syz-executor.3: attempt to access beyond end of device [ 273.796446][ T9847] loop3: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 274.009794][ T29] audit: type=1800 audit(1851702212.576:157): pid=9847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 errno=0 [ 274.474583][ T5116] syz-executor.3: attempt to access beyond end of device [ 274.474583][ T5116] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 274.502852][ T9851] syz-executor.1[9851] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 274.503088][ T9851] syz-executor.1[9851] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 274.514871][ T5116] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 274.564417][ T9803] chnl_net:caif_netlink_parms(): no params data found [ 274.706193][ T9784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 274.724090][ T9784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 274.771245][ T53] Bluetooth: hci3: command tx timeout [ 274.814763][ T9784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 274.825380][ T53] ================================================================== [ 274.833473][ T53] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x299/0x370 [ 274.841291][ T53] Read of size 4 at addr ffff888045600104 by task kworker/u9:0/53 [ 274.849082][ T53] [ 274.851412][ T53] CPU: 1 PID: 53 Comm: kworker/u9:0 Tainted: G W 6.10.0-rc2-next-20240604-syzkaller #0 [ 274.862424][ T53] Tainted: [W]=WARN [ 274.866216][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 274.876263][ T53] Workqueue: hci0 hci_rx_work [ 274.880961][ T53] Call Trace: [ 274.884230][ T53] [ 274.887149][ T53] dump_stack_lvl+0x241/0x360 [ 274.891826][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.897024][ T53] ? __pfx__printk+0x10/0x10 [ 274.901609][ T53] ? _printk+0xd5/0x120 [ 274.905755][ T53] ? __virt_addr_valid+0x183/0x520 [ 274.910872][ T53] ? __virt_addr_valid+0x183/0x520 [ 274.915983][ T53] print_report+0x169/0x550 [ 274.920479][ T53] ? __virt_addr_valid+0x183/0x520 [ 274.925585][ T53] ? __virt_addr_valid+0x183/0x520 [ 274.930690][ T53] ? __virt_addr_valid+0x44e/0x520 [ 274.935791][ T53] ? __phys_addr+0xba/0x170 [ 274.940287][ T53] ? do_raw_spin_lock+0x299/0x370 [ 274.945297][ T53] kasan_report+0x143/0x180 [ 274.949790][ T53] ? do_raw_spin_lock+0x299/0x370 [ 274.954804][ T53] do_raw_spin_lock+0x299/0x370 [ 274.959646][ T53] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 274.965016][ T53] _raw_spin_lock_irqsave+0xe1/0x120 [ 274.970298][ T53] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 274.976185][ T53] ? __local_bh_enable_ip+0x168/0x200 [ 274.981550][ T53] ? skb_dst_force+0x52/0x370 [ 274.986219][ T53] ? __sock_queue_rcv_skb+0x3ee/0x9b0 [ 274.991585][ T53] __sock_queue_rcv_skb+0x408/0x9b0 [ 274.996778][ T53] l2cap_sock_recv_cb+0x177/0x4f0 [ 275.001801][ T53] l2cap_recv_frame+0x8b6d/0x105f0 [ 275.006901][ T53] ? deref_stack_reg+0x1c7/0x260 [ 275.011834][ T53] ? validate_chain+0x11e/0x5920 [ 275.016768][ T53] ? validate_chain+0x11e/0x5920 [ 275.021704][ T53] ? validate_chain+0x11e/0x5920 [ 275.026634][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.031828][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.037021][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.042210][ T53] ? validate_chain+0x11e/0x5920 [ 275.047139][ T53] ? stack_trace_save+0x118/0x1d0 [ 275.052152][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.057342][ T53] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 275.062702][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.067893][ T53] ? mark_lock+0x9a/0x360 [ 275.072212][ T53] ? __lock_acquire+0x1359/0x2000 [ 275.077230][ T53] ? mark_lock+0x9a/0x360 [ 275.081567][ T53] ? hci_rx_work+0x4e7/0xca0 [ 275.086146][ T53] ? __pfx_lock_release+0x10/0x10 [ 275.091170][ T53] ? __mutex_unlock_slowpath+0x21d/0x750 [ 275.096790][ T53] ? __pfx_lock_release+0x10/0x10 [ 275.101804][ T53] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 275.107782][ T53] ? hci_conn_enter_active_mode+0x260/0x370 [ 275.113670][ T53] ? l2cap_recv_acldata+0x48e/0x1550 [ 275.118945][ T53] ? hci_conn_hash_lookup_handle+0x21/0x240 [ 275.124829][ T53] ? hci_conn_hash_lookup_handle+0x226/0x240 [ 275.130802][ T53] hci_rx_work+0x50f/0xca0 [ 275.135210][ T53] ? process_scheduled_works+0x945/0x1830 [ 275.140919][ T53] process_scheduled_works+0xa2c/0x1830 [ 275.146464][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 275.152436][ T53] ? assign_work+0x364/0x3d0 [ 275.157019][ T53] worker_thread+0x86d/0xd50 [ 275.161605][ T53] ? __kthread_parkme+0x169/0x1d0 [ 275.166619][ T53] ? __pfx_worker_thread+0x10/0x10 [ 275.171721][ T53] kthread+0x2f0/0x390 [ 275.175779][ T53] ? __pfx_worker_thread+0x10/0x10 [ 275.180885][ T53] ? __pfx_kthread+0x10/0x10 [ 275.185465][ T53] ret_from_fork+0x4b/0x80 [ 275.189873][ T53] ? __pfx_kthread+0x10/0x10 [ 275.194451][ T53] ret_from_fork_asm+0x1a/0x30 [ 275.199214][ T53] [ 275.202223][ T53] [ 275.204531][ T53] Allocated by task 9853: [ 275.208840][ T53] kasan_save_track+0x3f/0x80 [ 275.213509][ T53] __kasan_kmalloc+0x98/0xb0 [ 275.218100][ T53] __kmalloc_noprof+0x1f9/0x400 [ 275.222940][ T53] sk_prot_alloc+0xe0/0x210 [ 275.227428][ T53] sk_alloc+0x38/0x370 [ 275.231482][ T53] bt_sock_alloc+0x3c/0x340 [ 275.235975][ T53] l2cap_sock_create+0x13f/0x2d0 [ 275.240910][ T53] bt_sock_create+0x161/0x230 [ 275.245575][ T53] __sock_create+0x490/0x920 [ 275.250159][ T53] __sys_socket+0x150/0x3c0 [ 275.254652][ T53] __x64_sys_socket+0x7a/0x90 [ 275.259316][ T53] do_syscall_64+0xf3/0x230 [ 275.263809][ T53] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.269691][ T53] [ 275.272001][ T53] Freed by task 9852: [ 275.275962][ T53] kasan_save_track+0x3f/0x80 [ 275.280632][ T53] kasan_save_free_info+0x40/0x50 [ 275.285643][ T53] poison_slab_object+0xe0/0x150 [ 275.290568][ T53] __kasan_slab_free+0x37/0x60 [ 275.295321][ T53] kfree+0x149/0x360 [ 275.299200][ T53] __sk_destruct+0x476/0x5f0 [ 275.303774][ T53] l2cap_sock_release+0x15b/0x1d0 [ 275.308785][ T53] sock_close+0xbc/0x240 [ 275.313019][ T53] __fput+0x406/0x8b0 [ 275.316991][ T53] __x64_sys_close+0x7f/0x110 [ 275.321664][ T53] do_syscall_64+0xf3/0x230 [ 275.326160][ T53] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.332046][ T53] [ 275.334357][ T53] The buggy address belongs to the object at ffff888045600000 [ 275.334357][ T53] which belongs to the cache kmalloc-2k of size 2048 [ 275.348392][ T53] The buggy address is located 260 bytes inside of [ 275.348392][ T53] freed 2048-byte region [ffff888045600000, ffff888045600800) [ 275.362261][ T53] [ 275.364570][ T53] The buggy address belongs to the physical page: [ 275.370993][ T53] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45600 [ 275.379744][ T53] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 275.388231][ T53] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 275.395764][ T53] page_type: 0xfdffffff(slab) [ 275.400431][ T53] raw: 00fff00000000040 ffff888015042000 dead000000000100 dead000000000122 [ 275.409089][ T53] raw: 0000000000000000 0000000080080008 00000001fdffffff 0000000000000000 [ 275.417661][ T53] head: 00fff00000000040 ffff888015042000 dead000000000100 dead000000000122 [ 275.426320][ T53] head: 0000000000000000 0000000080080008 00000001fdffffff 0000000000000000 [ 275.434987][ T53] head: 00fff00000000003 ffffea0001158001 ffffffffffffffff 0000000000000000 [ 275.443647][ T53] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 275.452303][ T53] page dumped because: kasan: bad access detected [ 275.458710][ T53] page_owner tracks the page as allocated [ 275.464407][ T53] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8364, tgid 8364 (kworker/0:15), ts 218083447206, free_ts 217978244236 [ 275.487155][ T53] post_alloc_hook+0x1f3/0x230 [ 275.491920][ T53] get_page_from_freelist+0x2cbd/0x2d70 [ 275.497462][ T53] __alloc_pages_noprof+0x256/0x6c0 [ 275.502649][ T53] alloc_slab_page+0x5f/0x120 [ 275.507334][ T53] allocate_slab+0x5a/0x2f0 [ 275.511843][ T53] ___slab_alloc+0xcd1/0x14b0 [ 275.516515][ T53] __slab_alloc+0x58/0xa0 [ 275.520839][ T53] kmalloc_node_track_caller_noprof+0x281/0x440 [ 275.527072][ T53] kmalloc_reserve+0x111/0x2a0 [ 275.531836][ T53] pskb_expand_head+0x202/0x1390 [ 275.536768][ T53] netlink_trim+0x183/0x220 [ 275.541261][ T53] netlink_broadcast_filtered+0x76/0x1290 [ 275.546971][ T53] nlmsg_notify+0xfb/0x1c0 [ 275.551382][ T53] netdev_state_change+0x139/0x1a0 [ 275.556679][ T53] linkwatch_do_dev+0x112/0x170 [ 275.561547][ T53] __linkwatch_run_queue+0x44f/0x6c0 [ 275.566836][ T53] page last free pid 8767 tgid 8767 stack trace: [ 275.573152][ T53] free_unref_page+0xd22/0xea0 [ 275.577927][ T53] __put_partials+0xeb/0x130 [ 275.582518][ T53] put_cpu_partial+0x17c/0x250 [ 275.587290][ T53] __slab_free+0x2ea/0x3d0 [ 275.591701][ T53] qlist_free_all+0x9e/0x140 [ 275.596286][ T53] kasan_quarantine_reduce+0x14f/0x170 [ 275.601742][ T53] __kasan_slab_alloc+0x23/0x80 [ 275.606590][ T53] kmem_cache_alloc_noprof+0x135/0x2a0 [ 275.612048][ T53] getname_flags+0xbd/0x4f0 [ 275.616549][ T53] __x64_sys_symlinkat+0x7c/0xb0 [ 275.621483][ T53] do_syscall_64+0xf3/0x230 [ 275.625986][ T53] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.631883][ T53] [ 275.634202][ T53] Memory state around the buggy address: [ 275.639819][ T53] ffff888045600000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 275.647869][ T53] ffff888045600080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 275.655923][ T53] >ffff888045600100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 275.663985][ T53] ^ [ 275.668054][ T53] ffff888045600180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 275.676107][ T53] ffff888045600200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 275.684155][ T53] ================================================================== [ 275.692384][ T53] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 275.699657][ T53] CPU: 1 PID: 53 Comm: kworker/u9:0 Tainted: G W 6.10.0-rc2-next-20240604-syzkaller #0 [ 275.710670][ T53] Tainted: [W]=WARN [ 275.714462][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 275.724514][ T53] Workqueue: hci0 hci_rx_work [ 275.729208][ T53] Call Trace: [ 275.732499][ T53] [ 275.735432][ T53] dump_stack_lvl+0x241/0x360 [ 275.740122][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.745338][ T53] ? __pfx__printk+0x10/0x10 [ 275.749929][ T53] ? rcu_is_watching+0x15/0xb0 [ 275.754690][ T53] ? lock_release+0xbf/0x9f0 [ 275.759275][ T53] ? vscnprintf+0x5d/0x90 [ 275.763595][ T53] panic+0x349/0x870 [ 275.767486][ T53] ? check_panic_on_warn+0x21/0xb0 [ 275.772595][ T53] ? __pfx_panic+0x10/0x10 [ 275.777002][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 275.782192][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 275.788081][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 275.794405][ T53] ? print_report+0x502/0x550 [ 275.799077][ T53] check_panic_on_warn+0x86/0xb0 [ 275.804011][ T53] ? do_raw_spin_lock+0x299/0x370 [ 275.809027][ T53] end_report+0x77/0x160 [ 275.813260][ T53] kasan_report+0x154/0x180 [ 275.817776][ T53] ? do_raw_spin_lock+0x299/0x370 [ 275.822794][ T53] do_raw_spin_lock+0x299/0x370 [ 275.827635][ T53] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 275.833000][ T53] _raw_spin_lock_irqsave+0xe1/0x120 [ 275.838287][ T53] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 275.844180][ T53] ? __local_bh_enable_ip+0x168/0x200 [ 275.849549][ T53] ? skb_dst_force+0x52/0x370 [ 275.854310][ T53] ? __sock_queue_rcv_skb+0x3ee/0x9b0 [ 275.859678][ T53] __sock_queue_rcv_skb+0x408/0x9b0 [ 275.864874][ T53] l2cap_sock_recv_cb+0x177/0x4f0 [ 275.869897][ T53] l2cap_recv_frame+0x8b6d/0x105f0 [ 275.875004][ T53] ? deref_stack_reg+0x1c7/0x260 [ 275.879937][ T53] ? validate_chain+0x11e/0x5920 [ 275.884873][ T53] ? validate_chain+0x11e/0x5920 [ 275.889812][ T53] ? validate_chain+0x11e/0x5920 [ 275.894744][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.899936][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.905128][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.910329][ T53] ? validate_chain+0x11e/0x5920 [ 275.915265][ T53] ? stack_trace_save+0x118/0x1d0 [ 275.920293][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.925485][ T53] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 275.930848][ T53] ? __pfx_validate_chain+0x10/0x10 [ 275.936047][ T53] ? mark_lock+0x9a/0x360 [ 275.940378][ T53] ? __lock_acquire+0x1359/0x2000 [ 275.945413][ T53] ? mark_lock+0x9a/0x360 [ 275.949746][ T53] ? hci_rx_work+0x4e7/0xca0 [ 275.954331][ T53] ? __pfx_lock_release+0x10/0x10 [ 275.959353][ T53] ? __mutex_unlock_slowpath+0x21d/0x750 [ 275.964982][ T53] ? __pfx_lock_release+0x10/0x10 [ 275.970001][ T53] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 275.975984][ T53] ? hci_conn_enter_active_mode+0x260/0x370 [ 275.981875][ T53] ? l2cap_recv_acldata+0x48e/0x1550 [ 275.987153][ T53] ? hci_conn_hash_lookup_handle+0x21/0x240 [ 275.993041][ T53] ? hci_conn_hash_lookup_handle+0x226/0x240 [ 275.999014][ T53] hci_rx_work+0x50f/0xca0 [ 276.003427][ T53] ? process_scheduled_works+0x945/0x1830 [ 276.009141][ T53] process_scheduled_works+0xa2c/0x1830 [ 276.014691][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 276.020667][ T53] ? assign_work+0x364/0x3d0 [ 276.025248][ T53] worker_thread+0x86d/0xd50 [ 276.029834][ T53] ? __kthread_parkme+0x169/0x1d0 [ 276.034858][ T53] ? __pfx_worker_thread+0x10/0x10 [ 276.039970][ T53] kthread+0x2f0/0x390 [ 276.044037][ T53] ? __pfx_worker_thread+0x10/0x10 [ 276.049141][ T53] ? __pfx_kthread+0x10/0x10 [ 276.053725][ T53] ret_from_fork+0x4b/0x80 [ 276.058143][ T53] ? __pfx_kthread+0x10/0x10 [ 276.062725][ T53] ret_from_fork_asm+0x1a/0x30 [ 276.067489][ T53] [ 276.070733][ T53] Kernel Offset: disabled [ 276.075049][ T53] Rebooting in 86400 seconds..