last executing test programs:

7m21.343491861s ago: executing program 1 (id=796):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa00010, &(0x7f0000000080)=ANY=[@ANYBLOB='iocharset=iso8859-1,nostrict,iocharset=default,anchor=00000000000000000145,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c706172746974696f6e3d30303030303030303030303030303030303030322c756e64656c6574652c706172746974696f6e3d30303030303030303030303030303030303030312c756e686964652c001e066340c987db28915dbe6892bc3dce41ae76eaf528dc889820692d753009e30e567403a6c30e933de68a0a923eec1dccf226b58adb7d968bafe76628bceade8672fb893f87dc88", @ANYRES8=0x0, @ANYRES32=0x0, @ANYRES8], 0x1, 0xc68, &(0x7f0000001cc0)="$eJzs3U9sHNd9B/DfGy3FldzWTOwqThoHm7ZIZcVy9S+mYhXOqqbZBpBlIRRzC8CVuFIXpkiCpBrZSAumlx56CFAUPeTEojUKpGhgNEXQI9O6QHLxocipJ6KFjaDogSkCBCgQMJjZt+KSIi3ZJCVK/nxs8js7897sezPrGZrgmxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMTvv3z+xMm0xYYDD6AxAMB9cXHsKydObXX/BwAeWZe3+/9/AAAAAAAAAAAAAABgv0hRxBORYvbiapqoXnfVL3QGbt4aHxndutqhVNU8UJUvv+onT50+84Xnh8/28kJn+n3q77ZPxatjl883Xpq5MTvXnp9vTzbGpztXZybb97yHndbf7Fh1ABo3Xrs5ee3afOPUc6c3bL419N7gY0eGzg0/c/zpXtnxkdHRsfUi9f7ytQ/dkK7tRngcjCKOR4pnv/uT1IqIInZ+LOr399xvdqjqxLGqE+Mjo1VHpjqt6YVy46XegSgiGn2Vmr1jtPW5iNrAfe3D9poRi2XzywYfK7s3Ntuaa12ZajcuteYWOgudmelLqdvasj+NKOJsiliKiJXBO3c3EEXUIsW3H19NV/JTP6rj8PlqYPD27Sj2sI/3oGxnYyBiqXgIztk+NhhFvBIpfvb20biarzPVteZzEa+U+f2IN8t8MSKVH4wzEe9u8Tni4VSLIv6iPP/nVtNkdT3oXVcufLXx5elrM31le9eVD3h/uONK8YDuD4c25f2xz69N9SiiVV3xV9OH/2EHAAAAAAAAAAAAAAAAgN12KIr4ZKR4+T/+uBpXHNW49MfPDf/B0K/2jxl/6i77Kcs+FxGLxb2NyT2YBwZeSpdSesBjiT/K6lHEn+Txf9+8S1mnCQAAAAAAAAAAAAAAAAAAYC8V8eNI8cI7R9NS9M8p3pm+3rjcujLVnRW2N/dvb870tbW1tUbqZjPnRM7FnEs5l3Ou5Iwi18/ZzDmRczHnUs7lnCs540Cun7OZcyLnYs6lnMs5V3JGLdfP2cw5kXMx51LO5ZwrOWOfzN0LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAoKaKIX0SKb319NUWKiGbERHRzefBBtw4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2mIr4XKRp/2Ly9rhYRqfq362j57Uw0D5b58WgOl/liNM/nbFVZa37zAbSfnRlIRfwoUgzW37p9wvP5H+i+uv0xiDe/sf7qU7VuHuhtHHpv8LEjj58bHv3MU9stp60acOxCZ/rmrcb4yOjoWN/qWn73j/etG8rvW+xO14mI+dffeK01NfU3P42oFtpzec29L5QfgQ9e62FcSLWPSk93slDeJvZBM3ZjIWr7ohkPpu8b1B/UBYo9Vd7/340Uv/vOf/Zu+N37fz1+pfvq9h0+fv6n6/f/Fzbv6B7v/7XN9fL9v7ynb3X/f6Jv3Qv5p5GBWkR94cbswJGI+vzrbxzv3Ghdb19vT585ceKLw8NfPH1i4GBE/Vpnqt23tCuHCwAAAAAAAAAAAAAAAOD+SUV8KVK0frSaGhFxqxqvNXRu+JnjTx+IA9V4qw3jtl8du3y+8dLMjdm59vx8e7IxPt25OjPZvte3q1fDvcZHRvekM3d1aI/bf6j+0szs63Od63+0sOX2w/XzV+YX5lpXt94ch6KIaPavOVY1eHxktGr0VKc1XVW9tOVg+g9uIBXxX5Hi6plG+mxel8f/bx7hv2H8/+LmHe3i+P/PHF4f//exvqLle6ZUxM8jxe/85VPx2aqdh+OOY5bL/V2kOHb207lcHCzL9drQfa5Ad2RgWfankeKffrGxbG885BPrZU9+oIP7ECjP/+OR4nt//p34zbxu4/Mftj7/hzfvaI+e//Bk37rD688raM/N77jr5PN/PFK8+MRb8VvVmv9/3+d/9J69cbRbeP35HHt0/n+9b91Qft/f3q3OAwAAAAAAAAAAPMQGUhF/Hyl+MFpLz+d19/L3f5Obd7RHf//1ib51kxv+/m/vFnZ8UAEAAABgnxhIRfw4UlxfeOv2GOqN47/7xn/+3vr4z5G0aWv1e75fq54bsJu//+s3lN93YufdBgAAAAAAAAAAAAAAAAAAgH0lpSKez/OpT1Tj+Se3nU99OVK8/D/P5nLpSFmuNw/8UPW9fnFm+vj5qamZeiy0rky1G2Ozravtsu6TkWL1bz+d636pml+9N998d4739bnY5yLF6D/0ynbnYu/NTf7ketmTZdmPRYr//seNZfPU1Hnu6KrsqbLsX0eKr/1Lr+zaWrm1V/bIetnTZdnvRIoffq3R2+/hcr+956N+Yr3sc1dnit0/KQAAAAAAAAAAAAAAAAAAAHzkDKQi/ixS/O+Npdtj+fP8/wN9LytvfqNvvv9NblXz/A9V8/9vt1zVXdw0Xv4u8/9XzxVY3O5dAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZSiiDcixezF1bQ8WL7uql/oTN+8NT4yunW1Q6mqeaAqX37VT546feYLzw+f7eX7199tn4xXxy6fb7w0c2N2rj0/355sjE93rs5Mtu95Dzutv9mx6gA0brx2c/LatfnGqedOb9h8a+i9wceODJ0bfub404sRUZYdHxkdHesrUxv40O9+h7TN+oNRxF9Fime/+5P0g8GIInZ+LO7y2dlrh6pOHKs6MT4yWnVkqtOaXig3XuodiCKi0Vep2TtG+bzt5bnYkWZE+XkpygYfK7s3Ntuaa12ZajcuteYWOgudmelLqdvasj+NKOJsiliKiJXBO3c3EEW8Fim+/fhq+tfBiAO94/D5i2NfOXFq+3YUe9jHe1C2szEQsVQ8BOdsHxuMIv45Uvzs7aPxb4MRteh+xeciXinz+xFvRvd8p/KDcSbi3S0+RzycalHE/5Xn/9xqenuwvB70risXvtr48vS1mb6yvevKQ39/uJ/2+bWpHkX8sLrir6Z/9981AAAAAAAAAAAAAAAAwD5SxG9EihfeOZqq8cG3xxR3pq83LreuTHWH9fXG/vXGTK+tra01UjebOSdyLuZcyrmccyVnFLl+zmaZ9bW1ifx6MedSzuWcKznjQK6fs5lzIudizqWcyzlXckYt18/ZzDmRczHnUs7lnCs5Y5+M3QMAAAAAAAAAAAAAAAAAAB4tRfVPim99fTWtDXbnl56Ibi6bD/SR98sAAAD//xXq+Yo=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85)
lseek(r0, 0xd, 0x1)
getdents64(r0, 0x0, 0x4f)

7m20.936380224s ago: executing program 1 (id=800):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0xffffffffffffff22}, 0x28)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$USBDEVFS_SUBMITURB(r0, 0x802c550a, &(0x7f0000000280)=@urb_type_bulk={0x3, {0x1, 0x1}, 0xef90, 0x24, 0x0, 0x0, 0x2, 0xb98d, 0x16, 0xee, 0x8, 0x0})

7m20.489748602s ago: executing program 1 (id=804):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x800000, &(0x7f00000000c0)=ANY=[@ANYBLOB='lastblock=00000000000000000226,adinicb,gid=forget,nostrict,unhide,uid=', @ANYRESDEC=0x0, @ANYBLOB="2c73686f727461642c7569643d69676e6f72652c73686f727461642c766f6c756d653d30303030303030303030303030303030303030362c001829935912ddb19b617db523a6bb7c0d782285ef952b9282ba93ba5ef9353deee866199e1a1a16f9b8980aa11304cc9667f126de9a575a9cb3c29169cb6e8bd4820f0d3882914f9f4dd2ac97c7c5181676dc89c5fd4f9c455fcdbd2eef48adb33cdc1f9e9a7f3a2bcb07fb13cffd272aa79076e8039f7ab310e76e7400"/192, @ANYRES64], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x184a438, &(0x7f0000000280)=ANY=[], 0xa, 0x0, &(0x7f0000000180))
unlink(&(0x7f0000001940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

7m18.734603769s ago: executing program 1 (id=812):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x2a0000a, 0x0, 0x0, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x200)

7m18.164310616s ago: executing program 1 (id=817):
syz_mount_image$xfs(&(0x7f0000000200), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@swalloc}]}, 0x1, 0x97f1, &(0x7f0000012f40)="$eJzs3QeYJHXBaP1ZYMkZVERRVFSMRAkiShAQCRIVFBAkSw5KUJKIBEFBQBGQjJJzzjnnnHPOOcN+z7K7iusB9X7vvfh6znme3Zmurq6p/v+6qmamerqXmnfxuQYGxhwY1pQDI3fzHXMtvMnOc12+7y57nzzl2BNOMXzy8BtMNvziZIOGfxxlYGBglOHLGT5tnEdOOHGUgdHenv63xhlr7EHjDQxMP/ziHMM/zjzswySPjphvyEiNvKKD/npx0A7D/r3dBEO/xNBPlrnpgrMHBgYmfMfth95k2n+4o9KWmnO+ef9m9Ve3oVaDh3/+zn+jD/s3yf0DA5PcM8CPj3fOO+h9uEtDv+aEOz8w5nrvw9f+X9dSc843/0j+Q7fFUYdPm3noNj7yNmhs5Mf5TavOtufwIXz78TYwMHQX93fbyv+Klppz3gUH3n0/P/DQ2OOfPuTt/eY4zwwMjPPswMA4zw0MjPP8wMA4LwwMjPPi++1S//+ac64Z5hq6vY+4PJx9xGN5Qnpc7LvGC/sMDAyMMWyecd4adrwYd8oRx4Sqqqr6z27OuWaYG47/Y77X8X/rbea8peN/VVXV/97mn3OuGYYex0c6/o/7Xsf/b99ww5rDfvc/x8zDbvXW+3snqqqq6t9q3vnx+D/hex3/J9jpugM6/ldVVf3vbbGF3j7+jzvS8X/S9zr+r7nAHZcOn2/E9w1vvmORbz9/bPj0198xfdR3TH/tHdMHv2M575x/9HdMf+Ud08ccGBjnkeHT3/jb5HGeGXqbf1zOOC/97fk4k432jukvv2P66O+Y/srwdRo6fYx3TH/zHfOP+bfp4w79b8rhX/fV9xjqqqqq/5gWm2HeuQfe8Tz74ZNHPLEfnxd69NHb3Pl+rW9VVVVVVVVV/fu99eRpZ/3tb74/NvCOv13969+wDv+9wKBjzrnmmvdtRf8zGvSPvw/Z8v1ep/+/DXUe87ApBwbWXvL9XpV6H/pf87fq9X+l/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8tf3Luc///r3/8P3PP5nYbPOuvkd9y7+N9uOdnA6sM/u/mOuRZe/X1Y9/eh/9bz/wOrDxoYGO474VDLhedcbImpBwYGFr/3jslnGvjrdbMMvW62iUd9+485Bwamfvv/wZO9y5KHv8vC22/uMOlfl3HM28uff8j+ow4aaSXe0exn33fwaku9POPIHz/77vfjr+8vsfRL+0814m9ZRhlppjHf5cYjlj/ivozsPHzdpx667tNsuNa602ywyaZfWn2tFVZdedWV155++ulmnGGmGaf/yqzTrLL6mitPO+z/dxmzYW9dMeq/MmbjjjxmT875zjEb+b5NdNLBOGb/+K4ef7eIt5d47uwPXTZizEb7F8dsxNcb9b3HbMrVh3+hyQYGDyz/9tAMGhiYbLTBAxsPvTDdGAMDkw0ePu9kQ+f92sSjDAzs/Lc7Omj4i40Om2fQlkPn+Q9735JZh4/IZiPmG/l11kde0X/2viXHj7vbHSO9b8n/rf6Pjv//4DXLoL8O1Ig3QBg+zzCv9/l9Jv5hfacc7e2D3Lut73u8Ls7b0eNrrdUeXfJ/6nVxaH3HfY/1fY/X8XvX9Z16uqf3Grao/7H1HWlft+CwK/+Vfd3Ae+/rRqXbr3zlFCPv6xZ491X8u+14xBiNMdJM77av23mBc7cYuvyB997XLbj68BcP+Nu+bpSBgclGHbGvG7rjG33wwM5DL0w/9MIYgwcOGXphhrcvjDVwztALX15xnTVXGvT2ywwMX+60Q5c7x8SDhm1ANx682hi7DRky2vB1eWmcv1/X4Y+PKd95PJ9z4uGDOfy2I5Y7dNYRy31l22HXjT58uS//G8sdcVta38nOHHbdGMOX+8pIyx38Hssdcdt/2B6mHvR3T1SF/c37+r5GtP2O+R7r+x6vw42Pt7fdp1ruof+B1+Ee9G7rO9p7r++7vW/Iu67vY5c9vt//1OuG0+Psnn2HPVbGHP44e/PfePyOuO3I+7FhLwQybLc/5r+yH5vyH/ZjW406ykiD/Y7e7fvclWD+4VvEX5e20kEvrz5i7AePtNx/9n3uO+7LINiPTTjSz3ODtthvYBCN+SNrPr/RW7u+95gPHvj7ny1GjPmI277XmI/xr4z5R997zEf+PvndxnzqTw27fvBI6//OMV90jzluHDHmo4+03H825mO897HjH8d8YGAwjfnOkw8bt/fan77bmI+47YgxH/p1Zpt4tIF5BgYGpho+5qP/K2M+2f/M43xsmH/Y5yv/ddIzMy3yxRFjPvIY/7MxH/3fHPPN7/nr43yqt6/75CgDo48+sPEKG264/nTD/h9xcfph//O+6JmVho3zex1L381oxG3fa7sY7V8xmvBfMhr0z4wmH+3djP62aY168GLP/p/ui0b7d43O4X3RKfMNG7f3+r7o3cZ8xG3pODjpO24/8s+h7/H6WXif3h6fBbYb8fPef8LrZ434efd/5etnjfid5Ooj7+TrX63f/7vL313+7vJ3l7+4dzn/P+WI8/9Dxj3wg8N/6Bx85Sy3zPF+r+/73H/1+f/hvn93/n+OW2a5cuiPVsOve8/zs8Pm+Y88PzvzsA+TPDpivpHPD468ov/s/Oy+u2945f+j87P/R43YVv+Fn4vb/7vL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zFvcv5/2lHPA/gwSUW/s7wE6GDN5vuyM3e7/V9n/uvPv8/3Pfvzv9vduR0m40y8Nfr3vP8/7B5HOf/71toi2X/k8//j9hWO/9f/6T83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/cu5z/n2PE8wAOn32eT494PsD12++/1/u9vu9z/63n/3v/f2/t/93l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7ihp//HxjpbRIX6XGBwfn//929i/+i+WMW/8Xyxyz+i+ePWfyXyB+z+C+ZP2bx/27+mMX/e/ljFv+l8scs/kvnj1n8v58/ZvH/Qf6YxX+Z/DGL/7L5Yxb/5fLHLP4/zB+z+C+fP2bxXyF/zOL/o/wxi/+K+WMW/5Xyxyz+K+ePWfxXyR+z+K+aP2bxXy1/zOK/ev6Yxf/H+WMW/zXyxyz+a+aPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL//r5Yxb/DfLHLP4b5o9Z/H+SP2bx/2n+mMV/o/wxi//G+WMW/03yxyz+m+aPWfx/lj9m8f95/pjFf7P8MYv/5vljFv8t8scs/lvmj1n8t8ofs/j/In/M4r91/pjF/5f5Yxb/bfLHLP6/yh+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/6/zxyz+O+aPWfx3yh+z+P8mf8zi/9v8MYv/zvljFv9d8scs/r/LH7P475o/ZvHfLX/M4r97/pjF//f5Yxb/P+SPWfz3yB+z+P8xf8ziv2f+mMV/r/wxi//e+WMW/z/lj1n898kfs/jvmz9m8d8vf8ziv3/+mMX/gPwxi/+B+WMW/4Pyxyz+B+ePWfz/nD9m8f9L/pjF/5D8MYv/ofljFv/D8v/7Hhz/7Q8W/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH7P4v5U/ZvEfkj8m8R80kD9m8R+UP2bxHyV/zOI/av6YxX+0/DGL/+D8MYv/6PljFv8x8scs/mPmj1n8x8ofs/iPnT9m8R8nf8ziP27+mMV/vPwxi//4+WMW/wnyxyz+E+aPWfwnyh+z+E+cP2bxnyR/zOI/af6Yxf8D+WMW/w/mj1n8P5Q/ZvGfLH/M4v/h/DGL/+T5Yxb/j+SPWfw/mj9m8Z8if8zi/7H8MYv/x/PHLP5T5o9Z/D+RP2bx/2T+mMX/U/ljFv+p8scs/p/OH7P4fyZ/zOL/2fwxi//U+WMW/8/lj1n8P58/ZvH/Qv6Yxf+L+WMW/y/lj1n8v5w/ZvGfJn/M4j9t/pjFf7r8MYv/9PljFv8Z8scs/jPmj1n8v5I/ZvGfKX/M4j9z/pjFf5b8MYv/rPljFv+v5o9Z/GfLH7P4fy1/zOI/e/6Yxf/r+WMW/2/kj1n858gfs/jPmT9m8Z8rf8ziP3f+mMX/m/ljFv958scs/vPmj1n858sfs/h/K3/M4j9//pjF/9v5Yxb/BfLHLP4L5o9Z/BfKH7P4L5w/ZvH/Tv6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/bv6Yxf97+WMW/6Xyxyz+S+ePWfy/nz9m8f9B/pjFf5n8MYv/svljFv/l8scs/j/MH7P4L58/ZvFfIX/M4v+j/DGL/4r5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvFfLX/M4r96/pjF/8f5Yxb/NfLHLP5r5o9Z/NfKH7P4r50/ZvFfJ3/M4r9u/pjFf738MYv/+vljFv8N8scs/hvmj1n8f5I/ZvH/af6YxX+j/DGL/8b5Yxb/TfLHLP6b5o9Z/H+WP2bx/3n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+P8if8ziv3X+mMX/l/ljFv9t8scs/r/KH7P4b5s/ZvHfLn/M4r99/pjFf4f8MYv/r/PHLP475o9Z/HfKH7P4/yZ/zOL/2/wxi//O+WMW/13yxyz+v8sfs/jvmj9m8d8tf8ziv3v+mMX/9/ljFv8/5I9Z/PfIH7P4/zF/zOK/Z/6YxX+v/DGL/975Yxb/P+WPWfz3yR+z+O+bP2bx3y9/zOK/f/6Yxf+A/DGL/4H5Yxb/g/LHLP4H549Z/P+cP2bx/0v+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kv93ttWITyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf8zi/3r+mMX/jfwxi/+b+WMW/7fyxyz+Q/LHJP5vf5r/P2bxH5Q/ZvEfJX/M4j9q/pjFf7T8MYv/4Pwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4j9p/pjF/wP5Yxb/D+aPWfw/lD9m8Z8sf8zi/+H8MYv/5PljFv+P5I9Z/D+aP2bxnyJ/zOL/sfwxi//H88cs/lPmj1n8P5E/ZvH/ZP6Yxf9T+WMW/6nyxyz+n84fs/h/Jn/M4v/Z/DGL/9T5Yxb/z+WPWfw/nz9m8f9C/pjF/4v5Yxb/L+WPWfy/nD9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M/7Nf/D7sl7/oVn8v9L2j1n8Z8ofs/jPnD9m8Z8lf8ziP2v+mMX/q/ljFv/Z8scs/l/LH7P4z54/ZvH/ev6Yxf8b+WMW/znyxyz+c+aPWfznyh+z+M+dP2bx/2b+mMV/nvwxi/+8+WMW//nyxyz+38ofs/jPnz9m8f92/pjFf4H8MYv/gvljFv+F8scs/gvnj1n8v5M/ZvFfJH/M4r9o/pjFf7H8MYv/4vljFv8l8scs/kvmj1n8v5s/ZvH/Xv6YxX+p/DGL/9L5Yxb/7+ePWfx/kD9m8V8mf8ziv2z+mMV/ufwxi/8P88cs/svnj1n8V8gfs/j/KH/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/ivnj9m8f9x/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8ziv37+mMV/g/wxi/+G+WMW/5/kj1n8f5o/ZvHfKH/M4r9x/pjFf5P8MYv/pvljFv+f5Y9Z/H+eP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/rfLHLP6/yB+z+G+dP2bx/2X+mMV/m/wxi/+v8scs/tvmj1n8t8sfs/hvnz9m8d8hf8zi/+v8MYv/jvljFv+d8scs/r/JH7P4/zZ/zOK/c/6YxX+X/DGL/+/yxyz+u+aPWfx3yx+z+O+eP2bx/33+mMX/D/ljFv898scs/n/MH7P475k/ZvHfK3/M4r93/pjF/0/5Yxb/ffLHLP775o9Z/PfLH7P4758/ZvE/IH/M4n9g/pjF/6D8MYv/wfljFv8/549Z/P+SP2bxPyR/zOJ/aP6Yxf+w/DGL/+H5Yxb/I/LHLP5H5o9Z/I/KH7P4H50/ZvE/Jn/M4n9s/pjF/7j8MYv/8fljFv8T8scs/ifmj1n8T8ofs/ifnD9m8T8lf8zif2r+mMX/tPwxi//p+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljFv838scs/m/mj1n838ofs/gPyR+T+I86kD9m8R+UP2bxHyV/zOI/av6YxX+0/DGL/+D8MYv/6PljFv8x8scs/mPmj1n8x8ofs/iPnT9m8R8nf8ziP27+mMV/vPwxi//4+WMW/wnyxyz+E+aPWfwnyh+z+E+cP2bxnyR/zOI/af6Yxf8D+WMW/w/mj1n8P5Q/ZvGfLH/M4v/h/DGL/+T5Yxb/j+SPWfw/mj9m8Z8if8zi/7H8MYv/x/PHLP5T5o9Z/D+RP2bx/2T+mMX/U/ljFv+p8scs/p/OH7P4fyZ/zOL/2fwxi//U+WMW/8/lj1n8P58/ZvH/Qv6Yxf+L+WMW/y/lj1n8v5w/ZvGfJn/M4j9t/pjFf7r8MYv/9PljFv8Z8scs/jPmj1n8v5I/ZvGfKX/M4j9z/pjFf5b8MYv/rPljFv+v5o9Z/GfLH7P4fy1/zOI/e/6Yxf/r+WMW/2/kj1n858gfs/jPmT9m8Z8rf8ziP3f+mMX/m/ljFv958scs/vPmj1n858sfs/h/K3/M4j9//pjF/9v5Yxb/BfLHLP4L5o9Z/BfKH7P4L5w/ZvH/Tv6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/bv6Yxf97+WMW/6Xyxyz+S+ePWfy/nz9m8f9B/pjFf5n8MYv/svljFv/l8scs/j/MH7P4L58/ZvFfIX/M4v+j/DGL/4r5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvFfLX/M4r96/pjF/8f5Yxb/NfLHLP5r5o9Z/NfKH7P4r50/ZvFfJ3/M4r9u/pjFf738MYv/+vljFv8N8scs/hvmj1n8f5I/ZvH/af6YxX+j/DGL/8b5Yxb/TUz+/8YdtfhvavL/N7L4/yx/zOL/8/wxi/9m+WMW/83zxyz+W+SPWfy3zB+z+G+VP2bx/0X+mMV/6/wxi/8v88cs/tvkj1n8f5U/ZvHfNn/M4r9d/pjFf/v8MYv/DvljFv9f549Z/HfMH7P475Q/ZvH/Tf6Yxf+3+WMW/53zxyz+u+SPWfx/lz9m8d81f8ziv1v+mMV/9/wxi//v88cs/n/IH7P475E/ZvH/Y/6YxX/P/DGL/175Yxb/vfPHLP5/yh+z+O+TP2bx3zd/zOK/X/6YxX///DGL/wH5Yxb/A/PHLP4H5Y9Z/A/OH7P4/zl/zOL/l/wxi/8h+WMW/0Pzxyz+h6n8h0zwr85p8T9c5f+vZ/E/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj9m8X8jf8zi/2b+mMX/rfwxi/+Q/DGJ/2gD+WMW/0H5Yxb/UfLHLP6j5o9Z/EfLH7P4D84fs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+I+fP2bxnyB/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/D+QP2bx/2D+mMX/Q/ljFv/J8scs/h/OH7P4T54/ZvH/SP6Yxf+j+WMW/ynyxyz+H8sfs/h/PH/M4j9l/pjF/xP5Yxb/T+aPWfw/lT9m8Z8qf8zi/+n8MYv/Z/LHLP6fzR+z+E+dP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bx/1L+mMX/y/ljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8ziP2P+mMX/K/ljFv+Z8scs/jPnj1n8Z8kfs/jPmj9m8f9q/pjFf7b8MYv/1/LHLP6z549Z/L+eP2bx/0b+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfy/mT9m8Z8nf8ziP2/+mMV/vvwxi/+38scs/vPnj1n8v50/ZvFfIH/M4r9g/pjFf6H8MYv/wvljFv/v5I9Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv/v5o9Z/L+XP2bxXyp/zOK/dP6Yxf/7+WMW/x/kj1n8l8kfs/gvmz9m8V8uf8zi/8P8MYv/8vljFv8V8scs/j/KH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/qvnj1n8f5w/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMX/J/ljFv+f5o9Z/DfKH7P4b5w/ZvHfJH/M4r9p/pjF/2f5Yxb/n+ePWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/y/yxyz+W+ePWfx/mT9m8d8mf8zi/6v8MYv/tvljFv/t8scs/tvnj1n8d8gfs/j/On/M4r9j/pjFf6f8MYv/b/LHLP6/zR+z+O+cP2bx3yV/zOL/u/wxi/+u+WMW/93yxyz+u+ePWfx/nz9m8f9D/pjFf4/8MYv/H/PHLP575o9Z/PfKH7P4750/ZvH/U/6YxX+f/DGL/775Yxb//fLHLP77S/3H+CfXW/wPkPr/syz+B+aPWfwPyh+z+B+cP2bx/3P+mMX/L/ljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+z+L+eP2bxfyN/zOL/Zv6Yxf+t/DGL/5D8MYn/4IH8MYv/oPwxi/8o+WMW/1Hzxyz+o+WPWfwH549Z/EfPH7P4j5E/ZvEfM3/M4j9W/pjFf+z8MYv/OPljFv9x88cs/uPlj1n8x88fs/hPkD9m8Z8wf8ziP1H+mMV/4vwxi/8k+WMW/0nzxyz+H8gfs/h/MH/M4v+h/DGL/2T5Yxb/D+ePWfwnzx+z+H8kf8zi/9H8MYv/FPljFv+P5Y9Z/D+eP2bxnzJ/zOL/ifwxi/8n88cs/p/KH7P4T5U/ZvH/dP6Yxf8z+WMW/8/mj1n8p84fs/h/Ln/M4v/5/DGL/xfyxyz+X8wfs/h/KX/M4v/l/DGL/zT5Yxb/afPHLP7T5Y9Z/KfPH7P4z5A/ZvGfMX/M4v+V/DGL/0z5Yxb/mfPHLP6z5I9Z/GfNH7P4fzV/zOI/W/6Yxf9r+WMW/9nzxyz+X88fs/h/I3/M4j9H/pjFf878MYv/XPljFv+588cs/t/MH7P4z5M/ZvGfN3/M4j9f/pjF/1v5Yxb/+fPHLP7fzh+z+C+QP2bxXzB/zOK/UP6YxX/h/DGL/3fyxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6YxX/J/DGL/3fzxyz+38sfs/gvlT9m8V86f8zi//38MYv/D/LHLP7L5I9Z/JfNH7P4L5c/ZvH/Yf6YxX/5/DGL/wr5Yxb/H+WPWfxXzB+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/2r5Yxb/1fPHLP4/zh+z+K+RP2bxXzN/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4b5A/ZvHfMH/M4v+T/DGL/0/zxyz+G+WPWfw3zh+z+G+SP2bx3zR/zOL/s/wxi//P88cs/pvlj1n8N88fs/hvkT9m8d8yf8ziv1X+mMX/F/ljFv+t88cs/r/MH7P4b5M/ZvH/Vf6YxX/b/DGL/3b5Yxb/7fPHLP475I9Z/H+dP2bx3zF/zOK/U/6Yxf83+WMW/9/mj1n8d84fs/jvkj9m8f9d/pjFf9f8MYv/bvljFv/d88cs/r/PH7P4/yF/zOK/R/6Yxf+P+WMW/z3zxyz+e+WPWfz3zh+z+P8pf8ziv0/+mMV/3/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOL/5/wxi/9f8scs/ofkj1n8D80fs/gflj9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+x+SPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP6n5I9Z/E/NH7P4n5Y/ZvE/PX/M4n9G/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/iflz9m8T8/f8zif0H+mMX/wvwxi/9F+WMW/4vzxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5Yxb/IfljEv/RB/LHLP6D8scs/qPkj1n8R80fs/iPlj9m8R+cP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvEfP3/M4j9B/pjFf8L8MYv/RPljFv+J88cs/pPkj1n8J80fs/h/IH/M4v/B/DGL/4fyxyz+k+WPWfw/nD9m8Z88f8zi/5H8MYv/R/PHLP5T5I9Z/D+WP2bx/3j+mMV/yvwxi/8n8scs/p/MH7P4fyp/zOI/Vf6Yxf/T+WMW/8/kj1n8P5s/ZvGfOn/M4v+5/DGL/+fzxyz+X8gfs/h/MX/M4v+l/DGL/5fzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/1fyxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOL/1fwxi/9s+WMW/6/lj1n8Z88fs/h/PX/M4v+N/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4fzN/zOI/T/6YxX/e/DGL/3z5Yxb/b+WPWfznzx+z+H87f8ziv0D+mMV/wfwxi/9C+WMW/4Xzxyz+38kfs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/yXzxyz+380fs/h/L3/M4r9U/pjFf+n8MYv/9/PHLP4/yB+z+C+TP2bxXzZ/zOK/XP6Yxf+H+WMW/+Xzxyz+K+SPWfx/lD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+P84f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6YxX/D/DGL/0/yxyz+P80fs/hvlD9m8d84f8ziv0n+mMV/0/wxi//P8scs/j/PH7P4b5Y/ZvHfPH/M4r9F/pjFf8v8MYv/VvljFv9f5I9Z/LfOH7P4/zJ/zOK/Tf6Yxf9X+WMW/23zxyz+2+WPWfy3zx+z+O+QP2bx/3X+mMV/x/wxi/9O+WMW/9/kj1n8f5s/ZvHfOX/M4r9L/pjF/3f5Yxb/XfPHLP675Y9Z/HfPH7P4/z5/zOL/h/wxi/8e+WMW/z/mj1n898wfs/jvlT9m8d87f8zi/6f8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/+f88cs/n/JH7P4H5I/ZvE/NH/M4n9Y/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/gfkz9m8T82f8zif1z+mMX/+Pwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+J+SP2bxPzV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxi/8b+WMW/zfzxyz+b+WPWfyH5I9J/McYyB+z+A/KH7P4j5I/ZvEfNX/M4j9a/pjFf3D+mMV/9Pwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4T5I/ZvGfNH/M4v+B/DGL/wfzxyz+H8ofs/hPlj9m8f9w/pjFf/L8MYv/R/LHLP4fzR+z+E+RP2bx/1j+mMX/4/ljFv8p88cs/p/IH7P4fzJ/zOL/qfwxi/9U+WMW/0/nj1n8P5M/ZvH/bP6YxX/q/DGL/+fyxyz+n88fs/h/IX/M4v/F/DGL/5fyxyz+X84fs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+X8kfs/jPlD9m8Z85f8ziP0v+mMV/1vwxi/9X88cs/rPlj1n8v5Y/ZvGfPX/M4v/1/DGL/zfyxyz+c+SPWfznzB+z+M+VP2bxnzt/zOL/zfwxi/88+WMW/3nzxyz+8+WPWfy/lT9m8Z8/f8zi/+38MYv/AvljFv8F88cs/gvlj1n8F84fs/h/J3/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/h/N3/M4v+9/DGL/1L5Yxb/pfPHLP7fzx+z+P8gf8ziv0z+mMV/2fwxi/9y+WMW/x/mj1n8l88fs/ivkD9m8f9R/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8V89f8zi/+P8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/w3zxyz+P8kfs/j/NH/M4r9R/pjFf+P8MYv/JvljFv9N88cs/j/LH7P4/zx/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/H+RP2bx3zp/zOL/y/wxi/82+WMW/1/lj1n8t80fs/hvlz9m8d8+f8ziv0P+mMX/1/ljFv8d88cs/jvlj1n8f5M/ZvH/bf6YxX/n/DGL/y75Yxb/3+WPWfx3zR+z+O+WP2bx3z1/zOL/+/wxi/8f8scs/nvkj1n8/5g/ZvHfM3/M4r9X/pjFf+/8MYv/n/LHLP775I9Z/PfNH7P475c/ZvHfP3/M4n9A/pjF/8D8MYv/QfljFv+D88cs/n/OH7P4/yV/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT9m8R+SPybxH3Mgf8ziPyh/zOI/Sv6YxX/U/DGL/2j5Yxb/wfljFv/R88cs/mPkj1n8x8wfs/iPlT9m8R87f8ziP07+mMV/3Pwxi/94+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxn1jsP2SLd7/O4j+J2P+9svhPmj9m8f9A/pjF/4P5Yxb/D+WPWfwnyx+z+H84f8ziP3n+mMX/I/ljFv+P5o9Z/KfIH7P4fyx/zOL/8fwxi/+U+WMW/0/kj1n8P5k/ZvH/VP6YxX+q/DGL/6fzxyz+n8kfs/h/Nn/M4j91/pjF/3P5Yxb/z+ePWfy/kD9m8f9i/pjF/0v5Yxb/L+ePWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4z5Yxb/r+SPWfxnyh+z+M+cP2bxnyV/zOI/a/6Yxf+r+WMW/9nyxyz+X8sfs/jPnj9m8f96/pjF/xv5Yxb/OfLHLP5z5o9Z/OfKH7P4z50/ZvH/Zv6YxX+e/DGL/7z5Yxb/+fLHLP7fyh+z+M+fP2bx/3b+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfy/kz9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+S+aPWfy/mz9m8f9e/pjFf6n8MYv/0vljFv/v549Z/H+QP2bxXyZ/zOK/bP6YxX+5/DGL/w/zxyz+y+ePWfxXyB+z+P8of8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxXyx+z+K+eP2bx/3H+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOK/fv6YxX+D/DGL/4b5Yxb/n+SPWfx/mj9m8d8of8ziv3H+mMV/k/wxi/+m+WMW/5/lj1n8f54/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv+t8scs/r/IH7P4b50/ZvH/Zf6YxX+b/DGL/6/yxyz+2+aPWfy3yx+z+G+fP2bx3yF/zOL/6/wxi/+O+WMW/53yxyz+v8kfs/j/Nn/M4r9z/pjFf5f8MYv/7/LHLP675o9Z/HfLH7P4754/ZvH/ff6Yxf8P+WMW/z3yxyz+f8wfs/jvmT9m8d8rf8ziv3f+mMX/T/ljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/z/nj1n8/5I/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+F+dP2bxvyZ/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8ofs/i/nD9m8X8lf8zi/2r+mMX/tfwxi//r+WMW/zfyxyz+b+aPWfzfyh+z+A/JH5P4jzWQP2bxH5Q/ZvEfJX/M4j9q/pjFf7T8MYv/4Pwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4j9p/pjF/wP5Yxb/D+aPWfw/lD9m8Z8sf8zi/+H8MYv/5PljFv+P5I9Z/D+aP2bxnyJ/zOL/sfwxi//H88cs/lPmj1n8P5E/ZvH/ZP6Yxf9T+WMW/6nyxyz+n84fs/h/Jn/M4v/Z/DGL/9T5Yxb/z+WPWfw/nz9m8f9C/pjF/4v5Yxb/L+WPWfy/nD9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfy/kj9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/6/mj1n8Z8sfs/h/LX/M4j97/pjF/+v5Yxb/b+SPWfznyB+z+M+ZP2bxnyt/zOI/d/6Yxf+b+WMW/3nyxyz+8+aPWfznyx+z+H8rf8ziP3/+mMX/2/ljFv8F8scs/gvmj1n8F8ofs/gvnD9m8f9O/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8l8gfs/gvmT9m8f9u/pjF/3v5Yxb/pfLHLP5L549Z/L+fP2bx/0H+mMV/mfwxi/+y+WMW/+Xyxyz+P8wfs/gvnz9m8V8hf8zi/6P8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMX/x/ljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi//6+WMW/w3yxyz+G+aPWfx/kj9m8f9p/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8f5Y/ZvH/ef6YxX+z/DGL/+b5Yxb/LfLHLP5b5o9Z/LfKH7P4/yJ/zOK/df6Yxf+X+WMW/23yxyz+v8ofs/hvmz9m8d8uf8ziv33+mMV/h/wxi/+v88cs/jvmj1n8d8ofs/j/Jn/M4v/b/DGL/875Yxb/XfLHLP6/yx+z+O+aP2bx3y1/zOK/e/6Yxf/3+WMW/z/kj1n898gfs/j/MX/M4r9n/pjFf6/8MYv/3vljFv8/5Y9Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8/5w/ZvH/S/6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5Wh93XH92ul/nOz+L/a9o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/kPwxif/YA/ljFv9B+WMW/1Hyxyz+o+aPWfxHyx+z+A/OH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+k+aPWfw/kD9m8f9g/pjF/0P5Yxb/yfLHLP4fzh+z+E+eP2bx/0j+mMX/o/ljFv8p8scs/h/LH7P4fzx/zOI/Zf6Yxf8T+WMW/0/mj1n8P5U/ZvGfKn/M4v/p/DGL/2fyxyz+n80fs/hPnT9m8f9c/pjF//P5Yxb/L+SPWfy/mD9m8f9S/pjF/8v5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjF/yv5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvH/av6YxX+2/DGL/9fyxyz+s+ePWfy/nj9m8f9G/pjFf478MYv/nPljFv+58scs/nPnj1n8v5k/ZvGfJ3/M4j9v/pjFf778MYv/t/LHLP7z549Z/L+dP2bxXyB/zOK/YP6YxX+h/DGL/8L5Yxb/7+SPWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/7+aPWfy/lz9m8V8qf8ziv3T+mMX/+/ljFv8f5I9Z/JfJH7P4L5s/ZvFfLn/M4v/D/DGL//L5Yxb/FfLHLP4/yh+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP6r549Z/H+cP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvHfIH/M4r9h/pjF/yf5Yxb/n+aPWfw3yh+z+G8s8x/jX5zP4r+JzP9fzeK/af6Yxf9n+WMW/5/nj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi/8v8scs/lvnj1n8f5k/ZvHfJn/M4v+r/DGL/7b5Yxb/7fLHLP7b549Z/HfIH7P4/zp/zOK/Y/6YxX+n/DGL/2/yxyz+v80fs/jvnD9m8d8lf8zi/7v8MYv/rvljFv/d8scs/rvnj1n8f58/ZvH/Q/6YxX+P/DGL/x/zxyz+e+aPWfz3yh+z+O+dP2bx/1P+mMV/n/wxi/+++WMW//3yxyz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf/P+WMW/7/kj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5Yxb/t/LHLP5D8sck/uMM5I9Z/Aflj1n8R8kfs/iPmj9m8R8tf8ziPzh/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL39shP+Qgf9u//Hzxyzb/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4T5I/ZvGfNH/M4v+B/DGL/wfzxyz+H8ofs/hPlj9m8f9w/pjFf/L8MYv/R/LHLP4fzR+z+E+RP2bx/1j+mMX/4/ljFv8p88cs/p/IH7P4fzJ/zOL/qfwxi/9U+WMW/0/nj1n8P5M/ZvH/bP6YxX/q/DGL/+fyxyz+n88fs/h/IX/M4v/F/DGL/5fyxyz+X84fs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+X8kfs/jPlD9m8Z85f8ziP0v+mMV/1vwxi/9X88cs/rPlj1n8v5Y/ZvGfPX/M4v/1/DGL/zfyxyz+c+SPWfznzB+z+M+VP2bxnzt/zOL/zfwxi/88+WMW/3nzxyz+8+WPWfy/lT9m8Z8/f8zi/+38MYv/AvljFv8F88cs/gvlj1n8F84fs/h/J3/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/h/N3/M4v+9/DGL/1L5Yxb/pfPHLP7fzx+z+P8gf8ziv0z+mMV/2fwxi/9y+WMW/x/mj1n8l88fs/ivkD9m8f9R/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8V89f8zi/+P8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/w3zxyz+P8kfs/j/NH/M4r9R/pjFf+P8MYv/JvljFv9N88cs/j/LH7P4/zx/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/H+RP2bx3zp/zOL/y/wxi/82+WMW/1/lj1n8t80fs/hvlz9m8d8+f8ziv0P+mMX/1/ljFv8d88cs/jvlj1n8f5M/ZvH/bf6YxX/n/DGL/y75Yxb/3+WPWfx3zR+z+O+WP2bx3z1/zOL/+/wxi/8f8scs/nvkj/23+r8+ZMiQd/r/MX/sv9V/YKTtf8/8MYv/XvljFv+988cs/n/KH7P475M/ZvHfN3/M4r9f/pjFf//8MYv/AfljFv8D88cs/gflj1n8D84fs/j/OX/M4v+X/DGL/yH5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/ifkD9m8T8xf8zif1L+mMX/5Pwxi/8p+WMW/1Pzxyz+p+WPWfxPzx+z+J+RP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7n5Y9Z/M/PH7P4X5A/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/hfkT9m8b8yf8zif1X+2H+d/+C/ffpO/6vzx/7r/N9l+78mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljFv838scs/m/mj1n838ofs/gPyR+T+I87kD9m8R+UP2bxHyV/zOI/av6YxX+0/DGL/+D8MYv/6PljFv8x8scs/mPmj1n8x8ofs/iPnT9m8R8nf8ziP27+mMV/vPwxi//4+WMW/wnyxyz+E+aPWfwnyh+z+E+cP2bxnyR/zOI/af6Yxf8D+WMW/w++q/9bQ4YM+X+zav+JWfw/1PaPWfwnyx+z+H84f8ziP3n+mMX/I/ljFv+P5o9Z/KfIH7P4fyx/zOL/8fwxi/+U+WMW/0/kj1n8P5k/ZvH/VP6YxX+q/DGL/6fzxyz+n8kfs/h/Nn/M4j91/pjF/3P5Yxb/z+ePWfy/kD9m8f9i/pjF/0v5Yxb/L+ePWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4z5Yxb/r+SPWfxnyh+z+M+cP2bxnyV/zOI/a/6Yxf+r+WMW/9nyxyz+X8sfs/jPnj9m8f96/pjF/xv5Yxb/OfLHLP5z5o9Z/OfKH7P4z50/ZvH/Zv6YxX+e/DGL/7z5Yxb/+fLHLP7fyh+z+M+fP2bx/3b+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfy/kz9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+S+aPWfy/mz9m8f9e/pjFf6n8MYv/0vljFv/v549Z/H+QP2bxXyZ/zOK/bP6YxX+5/DGL/w/zxyz+y+ePWfxXyB+z+P8of8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxXyx+z+K+eP2bx/3H+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOK/fv6YxX+D/DGL/4b5Yxb/n+SPWfx/mj9m8d8of8ziv3H+mMV/k/wxi/+m+WMW/5/lj1n8f54/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv+t8scs/r/IH7P4b50/ZvH/Zf6YxX+b/DGL/6/yxyz+2+aPWfy3yx+z+G+fP2bx3yF/zOL/6/wxi/+O+WMW/53yxyz+v8kfs/j/Nn/M4r9z/pjFf5f8MYv/7/LHLP675o9Z/HfLH7P4754/ZvH/ff6Yxf8P+WMW/z3yxyz+f8wfs/jvmT9m8d8rf8ziv3f+mMX/T/ljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/z/nj1n8/5I/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+F+dP2bxvyZ/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+Y/tEEjj4HF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/kPwxif94A/ljFv9B+WMW/1Hyxyz+o+aPWfxHyx+z+A/OH7P4j54/ZvEfY2Dg2Pdrlf6Ts/iP2faPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4j9p/pjF/wP5Yxb/D+aPWfw/lD9m8Z8sf8zi/+H8MYv/5PljFv+P5I9Z/D+aP2bxnyJ/zOL/sfwxi//H88cs/lPmj1n8P5E/ZvH/ZP6Yxf9T+WMW/6nyxyz+n84fs/h/Jn/M4v/Z/DGL/9T5Yxb/z+WPWfw/nz9m8f9C/pjF/4v5Yxb/L+WPWfy/nD9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfy/kj9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/6/mj1n8Z8sfs/h/LX/M4j97/pjF/+v5Yxb/b+SPWfznyB+z+M+ZP2bxnyt/zOI/d/6Yxf+b+WMW/3nyxyz+8+aPWfznyx+z+H8rf8ziP3/+mMX/2/ljFv8F8scs/gvmj1n8F8ofs/gvnD9m8f9O/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8l8gfs/gvmT9m8f9u/pjF/3v5Yxb/pfLHLP5L549Z/L+fP2bx/0H+mMV/mfwxi/+y+WMW/+Xyxyz+P8wfs/gvnz9m8V8hf8zi/6P8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMX/x/ljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi//6+WMW/w3yxyz+G+aPWfx/kj9m8f9p/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8f5Y/ZvH/ef6YxX+z/DGL/+b5Yxb/LfLHLP5b5o9Z/LfKH7P4/yJ/zOK/df6Yxf+X+WMW/23yxyz+v8ofs/hvmz9m8d8uf8ziv33+mMV/h/wxi/+v88cs/jvmj1n8d8ofs/j/Jn/M4v/b/DGL/875Yxb/XfLHLP6/yx+z+O+aP2bx3y1/zOK/e/6Yxf/3+WMW/z/kj1n898gfs/j/MX/M4r9n/pjFf6/8MYv/3vljFv8/5Y9Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8/5w/ZvH/S/6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8ziPyR/TOI//kD+mMV/UP6YxX+U/DGL/6j5Yxb/0fLHLP6D88cs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6YxX+S/DGL/6T5Yxb/D+SPWfw/mD9m8f9Q/pjFf7L8MYv/h/PHLP6T549Z/D+SP2bx/2j+mMV/ivwxi//H8scs/h/PH7P4T5k/ZvH/RP6Yxf+T+WMW/0/lj1n8p8ofs/h/On/M4v+Z/DGL/2fzxyz+U+ePWfw/lz9m8f98/pjF/wv5Yxb/L+aPWfy/lD9m8f9y/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9K/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v5o/ZvGfLX/M4v+1/DGL/+z5Yxb/r+ePWfy/kT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/2/mj1n858kfs/jPmz9m8Z8vf8zi/638MYv//PljFv9v549Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjF/zv5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4r9k/pjF/7v5Yxb/7+WPWfyXyh+z+C+dP2bx/37+mMX/B/ljFv9l8scs/svmj1n8l8sfs/j/MH/M4r98/pjFf4X8MYv/j/LHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv8f549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/hvmD9m8f9J/pjF/6f5Yxb/jfLHLP4b549Z/DfJH7P4b5o/ZvH/Wf6Yxf/n+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOL/i/wxi//W+WMW/1/mj1n8t8kfs/j/Kn/M4r9t/pjFf7v8MYv/9vljFv8d8scs/r/OH7P475g/ZvHfKX/M4v+b/DGL/2/zxyz+O+ePWfx3yR+z+P8uf8ziv2v+mMV/t/wxi//u+WMW/9/nj1n8/5A/ZvHfI3/M4v/H/DGL/575Yxb/vfLHLP57549Z/P+UP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvH/c/6Yxf8v+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/kPwxif8EA/ljFv9B+WMW/1Hyxyz+o+aPWfxHyx+z+A/OH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi///xz49Jg2CGFAU/ZJ00nFSY9u2bdu2bdu2bdu2bdu29X/qrWDeOVu4dYfQP2rpP6T+UUv/ofSPWvoPrX/U0n8Y/aOW/sPqH7X0H07/qKX/8PpHLf1H0D9q6T+i/lFL/5H0j1r6j6x/1NJ/FP2jlv6j6h+19B9N/6il/+j6Ry39x9A/auk/pv5RS/+x9I9a+o+tf9TSfxz9o5b+4+oftfQfT/+opf/4+kct/SfQP2rpP6H+UUv/ifSPWvpPrH/U0n8S/aOW/pPqH7X0n0z/qKX/5PpHLf2n0D9q6T+l/lFL/6n0j1r6T61/1NJ/Gv2jlv7T6h+19J9O/6il//T6Ry39Z9A/auk/o/5RS/+Z9I9a+s+sf9TSfxb9o5b+s+oftfSfTf+opf/s+kct/efQP2rpP6f+UUv/ufSPWvrPrX/U0n8e/aOW/vPqH7X0n0//qKX//PpHLf0X0D9q6b+g/lFL/4X0j1r6L6x/1NJ/Ef2jlv6L6h+19F9M/6il/+L6Ry39l9A/aum/pP5RS/+l9I9a+i+tf9TSfxn9o5b+y+oftfRfTv+opf/y+kct/VfQP2rpv6L+UUv/lfSPWvqvrH/U0n8V/aOW/qvqH7X0X03/qKX/6vpHLf3X0D9q6b+m/lFL/7X0j1r6r61/1NJ/Hf2jlv7r6h+19F9P/6il//r6Ry39N9A/aum/of5RS/+N9I9a+m+sf9TSfxP9o5b+m+oftfTfTP+opf/m+kct/bfQP2rpv6X+UUv/rfSPWvpvrX/U0n8b/aOW/tvqH7X0307/qKX/9vpHLf130D9q6b+j/lFL/530j1r676x/1NJ/F/2jlv676h+19N9N/6il/+76Ry3999A/aum/p/5RS/+99I9a+u+tf9TSfx/9o5b+++oftfTfT/+opf/++kct/Q/QP2rpf6D+UUv/g/SPWvofrH/U0v8Q/aOW/ofqH7X0P0z/qKX/4fpHLf2P0D9q6X+k/lFL/6P0j1r6H61/1NL/GP2jlv7H6h+19D9O/6il//H6Ry39T9A/aul/ov5RS/+T9I9a+p+sf9TS/xT9o5b+p+oftfQ/Tf+opf/p+kct/c/QP2rpf6b+UUv/s/SPWvqfrX/U0v8c/YPBAwMDHf3P1T9q+f88/aOW/ufrH7X0v0D/qKX/hfpHLf0v0j9q6X+x/lFL/0v0j1r6X6p/1NL/Mv2jlv6X6x+19L9C/6il/5X6Ry39r9I/aul/tf5RS/9r9I9a+l+rf9TS/zr9o5b+1+sftfS/Qf+opf+N+kct/W/SP2rpf7P+UUv/W/SPWvrfqn/U0v82/aOW/rfrH7X0v0P/qKX/nfpHLf3v0j9q6X+3/lFL/3v0j1r636t/1NL/Pv2jlv736x+19H9A/6il/4P6Ry39H9I/aun/sP5RS/9H9I9a+j+qf9TS/zH9o5b+j+sftfR/Qv+opf+T+kct/Z/SP2rp/7T+UUv/Z/SPWvo/q3/U0v85/aOW/s/rH7X0f0H/qKX/i/pHLf1f0j9q6f+y/lFL/1f0j1r6v6p/1NL/Nf2jlv6v6x+19H9D/6il/5v6Ry3939I/aun/tv5RS/939I9a+r+rf9TS/z39o5b+7+sftfT/QP+opf+H+v/eoIGi/h/pH7X0/1j/qKX/J/pHLf0/1T9q6f+Z/lFL/8/1j1r6f6F/1NL/S/2jlv5f6R+19P9a/6il/zf6Ry39v9U/aun/nf5RS//v9Y9a+v+gf9TS/0f9o5b+P+kftfT/Wf+opf8v+kct/X/VPyrp//8B/aOW/n/SP2rp/2f9o5b+f9E/auk/SP+opf9f9Y9a+v9N/6il/2D9o5b+f9c/aun/D/2jlv7/1D9q6f8v/aOW/v/WP2rp/x/9o5b+/9U/aun/P/2jP1x/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPvbmPzKgs/jp+u7Z7+7N/NObyGDAabbuLK1q5MBpsP9bFgqo7FgAlkCyujUph7CG6gVoMSgzFMRoKIuk3dBBJjxothAsJKohKnonEiGuIQ1EVMDRMZ0bjU3G3v0t5rm/Wq17UX+3xetPc55Xe6LfnunLI1AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIKXN2265YW1HR9smL7zwwouBF6f6dyYgtdeiP9U/EgAAAAAAAAAAAAAAYCQ5vp3oVP8cAQAAAADgdNPS+q7u6qohp6oHH8z5eVvv+6ZXr7x+z/OPryy/7//w5cNccsLgg56enp6Xmrtm9h9OKoqi9Nmm9x9PrhyXrt/Zdfn2vqNQ/PbZ5tZt25sP7vzK1x+eO3X6nNres7XFmuvaO9qWTCiKUF1bbC0dNFQVRZhYW2wvHTSWDibVFveXDpb2HkwpDpQOLrx2Q8e60okTPjWcdlpaP1tUDym2GPK7weD+O7s27Sq/H+WS5avVFP391zX/cG/Fx8pG6L98/VBV2f+Yf4LAiMbW/+0Ly+9HueQJ9/9H2+tWDfexkfsvXz9M0D+kM8zz/5BGe5/39+yfMcLz/9xhLjmw/+lfVnaV+r/ply/U95+qOZnn/9Ln6zsK1ZX9Txjy/F96jq8pP/9PKopQO85fDjittLR+rnu0+39l90P7rzmrYlM1uP+jq/ZUl/o/fNcD7+8/VXtS/Q9cP9SMcv+v+syBoT9WYGxaWnf3VNz/x9B/sWCYSw70P3/3satK/Z+x88i+QR8bS/+1lf0v3nLjJxZv3nZLffuNa9e3rW+7qbGxoWnpsqbGi5Yv7n0k6Hs7zl8VOD2M7/5fTK3YVBVF28B+0YeXvVTq/+C5//hb/6nJY+x/4qj3/+fc/2FY508oJk4stq7dsmVTQ9/b8mFj39u+/2yY/k/8+n/E/ueV/z9g+evu0hfkA/vfvPOrHyn1f++kVQ/0n5o4xv4njdZ/52ufF4gwzvv/uorNkP7bX/3OulL/f3rl+KH+U2P9+n/yqP3vcv+H8WhprfgLP/9jpf5X/+vwcH9OcBLCFH/+B+nk6H/rtF98M24dpuof0snR/9LNbZF/2Tb8n/4hnRz9/2pH1ZG4dThD/5BOjv6/1v3gxrh1mKZ/SCdH//tnP/JU3Dr8v/4hnRz9H18//aq4dajTP6STo//LvrR3ddw6TNc/pJOj/6pXpj0Rtw4z9A/p5Oi/vursT8Wtw+v0D+nk6P+6zodfjFuHmfqHdHL0//mdv478Pp3wev1DOjn6f+qPW3fErcMs/UM6Ofp/YVZ7fdw6nKl/SCdH//ff8MQjcevwBv1DOjn6f/pbHzwWtw5B/5BOjv6/8eyRNXHrMFv/kE6O/vctPPaHuHU4S/+QTo7+//3Rqz8Qtw5v1D+kk6P/sH/5d+PW4Wz9Qzo5+r/iybsa4tZhjv4hnRz9d6647c64dThH/5BOjv6bmhfOjluHc/UP6eTof8af/3533DrM1T+kk6P/j9333sp/9/skhfP0D+nk6P/mDasfjVuH8/UP6eTof+WMngvi1mGe/iGdHP0fPnrfj+LWYb7+IZ0c/d9955Ir4tbhTfqHdHL0/4Nbz+uOW4c36x/SydH/y7V33Bq3Dgv0D+nk6P/LP6tZFrcOC/UP6eTo/8cPfX9X3Dq8Rf+QTo7+X3zfY+fErcMF+od0cvS/++JZX4xbh7fqH9LJ0f+7n9m4Pm4dFukf0snR/+S9vz8atw71+od0cvQ/f9XBD8Wtw4X6h3Ry9L9h0Zrfxa3DYv1DOjn6f+bA04fi1mGJ/iGdHP3veOzTzXHr0KB/SCdH/49f1vGfuHVo1D+kk6P/fzb95ONx67BU/5BOjv7PPPTtL8StQ5P+IZ0c/V/94OSZcetwkf4hnRz9b7xm9vfi1mGZ/iGdHP1fMvehS+PW4W36h3Ry9P+ev664OW4dLtY/pJOj/7p77nkubh2W6x/SydH/vGtvvyZuHS7RP6STo//r59Q/GbcOl+of0snR/x3HWxbErcMK/UM6Ofrvuu35fXHrsFL/kE6O/rs/+XJd3Dq8Xf+QTo7+90658t64dXiH/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+C87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDGQAAAABh/tZ5tB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJ8CAAD//3wF1A0=")
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = syz_open_dev$media(&(0x7f0000000080), 0x0, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f00000003c0)={0x0, 0xfffffffffffffe10, 0x0, 0x0, 0x5b, 0x0, &(0x7f00000016c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7m16.628909941s ago: executing program 1 (id=826):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000000d80)=[{{&(0x7f0000000280)={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000880)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000900)=[{&(0x7f00000008c0)='w', 0x1}], 0x1}}], 0x2, 0x8080)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r1=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x2, 0xab51, 0x4, 0x0, 0x0, 0x6, 0x7, 0x3, r1}, 0x20)

7m15.939312981s ago: executing program 32 (id=826):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000000d80)=[{{&(0x7f0000000280)={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000880)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000900)=[{&(0x7f00000008c0)='w', 0x1}], 0x1}}], 0x2, 0x8080)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r1=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x2, 0xab51, 0x4, 0x0, 0x0, 0x6, 0x7, 0x3, r1}, 0x20)

1m46.247549499s ago: executing program 5 (id=3285):
r0 = landlock_create_ruleset(&(0x7f0000000140)={0x8b28, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r1, 0x5460, 0x0)

1m46.108016805s ago: executing program 5 (id=3288):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r0 = memfd_create(&(0x7f0000000280)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\x96\xa7f\x9ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\x15n\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z\t\x00\x00\x00\x00\x00\x00\x00\x9b\x01\xf9t\xbb\x1er\x04\xdb\xd3\xed\xfd\xbdnC\xec#]\xbf\xa2\xa2H\x86\x86[8\x05\xfe\xdc\x11\x04\xa1u\x81', 0x0)
fsetxattr(r0, &(0x7f0000000240)=@known='user.incfs.id\x00', 0x0, 0x0, 0x0)
fremovexattr(r0, &(0x7f00000000c0)=@known='user.incfs.id\x00')

1m45.464124837s ago: executing program 5 (id=3294):
r0 = socket$alg(0x26, 0x5, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, <r1=>0x0}, &(0x7f0000000200)=0xc)
getgroups(0x1, &(0x7f00000004c0)=[<r2=>0xffffffffffffffff])
setresgid(r1, 0x0, r2)

1m44.943901461s ago: executing program 5 (id=3297):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@init_itable}, {@nobh}, {@nodiscard}]}, 0x3, 0x45c, &(0x7f0000000940)="$eJzs281vFGUYAPBnZtsCArYifvChVtHY+NFSQOXgQY0mHjAx0YMem7YQZKGG1kQIUTAGT8aYeDce/Rc86cUYTyZe9W5IiOECeFozuzN0d9ld6LLbLezvlwy873z0fZ6deXffmXc3gKE1mf2TRGyLiL8iYrxWbdxhsvbftSvn5q9fOTefRKXy3r9Jdb+rV87NF7sWx23NK1NpRPplEntatLt85uyJuXJ58XRen1k5+fHM8pmzLx4/OXds8djiqQOHDx86OPvKywde6kmeWUxXd3+2tHfX2x9++86Rr7N1aZF/Ux49Mtlp4zOVSo+bG6ztdeVkZICBsCaliMhO12i1/49HKVZP3ni89cVAgwP6qlKpVLa233y+AtzDkmis6/IwLIoP+uz+t1iaBwGv9W/4MXCXX6/dAGV5X8uX2paR6vOByO+Ntvep/cmI+OD8f99nS/TnOQQAQIOfs/HPC63Gf2k8XLff/fnc0EREPBAROyLiwYjYGREPRVT3fSQiHl1j+82TJDePf9JLXSV2m7Lx36v53Fbj+K8Y/cVEKa9tr+Y/mhw9Xl7cn78mUzG6KavPdmjjlzf//KbdtvrxX7Zk7RdjwTyOSyObGo9ZmFuZu5Oc612+ELF7pFX+yY2ZgCQidkXE7i7bOP7cj3vbbbt1/h30YJ6p8kPEs7Xzfz6a8i8knecnZzZHeXH/THFV3Oz3Py6+2679O8q/B7Lzf1/L6/9G/hNJ/Xzt8trbuPj3V23vabq9/seS96vlsXzdp3MrK6dnI8aSI7Wg69cfWD22qBf7Z/lP7Wvd/3fE6iuxJyKyi/ixiHg8Ip7IY38yIp6KiH0d8v/tjac/6j7//sryX1jT+V8tjEXzmtaF0olff2podOKm/K93Pv+HqqWpfM3tvP/dTlzdXc0AAABw90kjYlsk6fSNcppOT9e+L78zIi0vLa88f3Tpk1MLtd8ITESkxZOu8brnobP5bX2tfiEial8tKLYfzJ8bf1faUq1Pzy+VFwadPAy5rW36f+af0qCjA/rO77VgeOn/MLxu1f8/X6c4gPXn8x+GV4v+v2UQcQDrbVPLz39jfhgOTf3ftB8Mkab+v3lQcQDrr/vnf2M9jQNYf57/w1Ba3hK3/pF8x0Lxl7o8/J4txOiGCKNvhUg3RBgbtjB6l/eLwb0nAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NL/AQAA//8kV94B")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000100)='./bus\x00', 0x20020, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

1m43.924212971s ago: executing program 5 (id=3302):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000000c0)=ANY=[@ANYBLOB="fc0000001900010027bd700000000000e0000002000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400002000000000000080000000000000000000100000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff0000000000000000000000000200000004"], 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0xfd}, @in=@rand_addr=0x64010102, 0x4e22, 0x0, 0x0, 0x0, 0xa}, 0x4}, [@migrate={0x50, 0x11, [{@in=@local, @in=@broadcast, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1m41.210895487s ago: executing program 5 (id=3319):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x8001, 0x4)
r1 = epoll_create(0x1ff)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x20002000})

1m40.104834113s ago: executing program 33 (id=3319):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x8001, 0x4)
r1 = epoll_create(0x1ff)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x20002000})

54.386827804s ago: executing program 6 (id=3320):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0))
ppoll(&(0x7f0000000080)=[{r0, 0x5300}], 0x1, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x800c5011, &(0x7f00000001c0))

53.259967919s ago: executing program 6 (id=3567):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000000)=r0)

52.828550406s ago: executing program 6 (id=3571):
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x3, 0xfffd, @empty, 0x10000}}}, 0x108)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
read$msr(r1, &(0x7f0000032680)=""/102390, 0x18ff6)

37.709087698s ago: executing program 34 (id=3571):
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x3, 0xfffd, @empty, 0x10000}}}, 0x108)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
read$msr(r1, &(0x7f0000032680)=""/102390, 0x18ff6)

3.501867655s ago: executing program 3 (id=3913):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="80000000000101040000000000000000020000002400018014000180080001"], 0x80}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

3.246900458s ago: executing program 3 (id=3916):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x401, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x2f33, 0x2261}, [@IFLA_LINK_NETNSID={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0xc8001}, 0x24004840)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)

3.10736545s ago: executing program 3 (id=3918):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r0, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x40000000000018c, 0x2, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)

2.860464356s ago: executing program 4 (id=3923):
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x10005}, 0x38)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1, 0xffffffffffffffff, 0x521}, 0x57)

2.610502932s ago: executing program 0 (id=3925):
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000005c0)={<r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d00)={0x20, r2, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7ff, 0x1c}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4004004}, 0x200000d4)

2.478729848s ago: executing program 2 (id=3927):
r0 = fsopen(&(0x7f0000000000)='debugfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x1, 0x86)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

2.163772062s ago: executing program 7 (id=3928):
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x4}}, 0x20)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

2.149315393s ago: executing program 2 (id=3929):
sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

2.037630478s ago: executing program 4 (id=3930):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000050000000200000007"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001140)={{r0}, &(0x7f00000010c0), &(0x7f0000001100)='%pI4   \x00'}, 0x20)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1, r0}, 0xc)

1.999791786s ago: executing program 7 (id=3931):
r0 = socket(0x10, 0x80003, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8, "00000000000000e9070100240e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

1.908461894s ago: executing program 3 (id=3932):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1, 0x0, 0x6}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, 0x0}, 0xcc6684230f858bdc)

1.81812494s ago: executing program 4 (id=3933):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x10, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb"], 0x190)
syz_emit_ethernet(0x6e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x1, 0x3a, 0x0, @remote, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x5dc, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @loopback={0x4000000}, @empty, [@srh={0x2b}]}}}}}}}, 0x0)

1.774890188s ago: executing program 3 (id=3934):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8002, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x62a7, &(0x7f0000012f40)="$eJzs3c2OHFfZB/Cn+ms+8saxsojyWghNEgMJIf4MxhAgyQIW2bBA3qJYk0lk4QCyDXIiC0/kDQsuAoTEEhBLVlxAFmzZcQFYspGAbEihnjlnXN10u8fjdFfPnN9PmlQ9daqmT+XfNd3tquoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEC89d3vn60i4u2fpQXHI/4vuhGdiLVhvRERaxvH8/q9iHg2dprjmYjor0RUufGpiFcj4uNjEffu39ocLjq3z3585w9//c0PnvjeX37XP/2vP97ovjZtvZs3f/nPP90++P4CAABAieq6rqv0Mf9E+nzfabtTAMBC5Nf/OsnL1UtXby9Zf9RqtVp9COumerLbzSIitpvbDN8zOB0PAIfMdnzSdhdokfyL1ouIJ9ruBLDUqrY7wFzcu39rs0r5Vs3Xg43d9nwtyEj+29Xe/R3TprOMX2OyqOfXnejG01P6s7agPiyTnH9nLP+V1D5I03nnvyjT8h/s3vpUnJx/d/z4H3N08u9MzL9UOf/eI+XflT8AAAAAACyx/O//x1s+/7vy+LuyLw87/7uxoD4AAAAAAAAAwGftccf/21MZ/w8AAACW1fCz+tCvjj1YNu272IbLL1URT46tD5TiPyMjiKy33R0AAAAAAAAAAAAAKElv9xreS1VEPyKeXF+v63q9HjVeP6rH3f6wK33/oWRt/5EHAIBdHx8bu5e/iliNiEvpu/766+vrdb26tl6v12sr+f3sYGW1Xmt8rs3T4bKVwT7eEPcG9fCXrTa2a5r1eXlW+/jvGz7WoO7uo2OL0WLgABARu69G97wiHTF1/VS0/S6Hw8Hxf/Q4/tmPtp+nAAAAwPzVdV1XaZi/E+mcf6ftTgEAC5Ff/8fPC6jVarVarT56dVM92e1mERHbzW2G7xkMxw8Ah8x2fNJ2F2iR/IvWi4hn2+4EsNSqtjvAXNy7f2uzSvlWzdeDjd32fC3ISP7b1c52eftJ01nGrzFZ1PPrTnTj6Sn9eWZBfVgmOf/OeP5v77YP0nrzzn9RpuU/3M/jLfSnbTn/7nj+Y45O/p2J+Zcq5997pPy78gcAAAAAgCWW//3/+FKd/x0cdHdmetj53425PSoAAAAAAAAAzNe9+7c2832v+fz/5yas5/7PoynnX8m/SDn/dP//3oU3L46t123M333zQf7/uH9r87c3/v7/ebrf/FfyTJWeWVV6RlTpkapemh5wx6a40+8Oho/UrzrdXrrmp+6/G1fiamzFmZF1O+l4eNB+dqR92NP+Tnvd3W0/N9Le22vP258fae+nK53qtdx+Kjbjx3E13tlpH7atzNj/1Rnt9Yz2nH/X8V+knH+v8TPMfz21V2PTobsfdf7nuG9OJz3OG1c+/4sz89+dme5Ed2/fmob793wL/dn5f/LEIH56fevaqZuXb9y4djbSZGTpuUiTz1jOv59+cv4vvrDbnv/uN4/Xux8NHjn/ZXEnelPzf6ExP9zflxbctzbk/AfpJ+f/TmqffPwf5vynH/8vt9AfAAAAAAAAAAAAAAAAeJi6rnduEX0jIi6k+3/aujcTAFis/PpfJ3n5ouruQbf//eh+tNV/tXrBdbVk/Vlo/Wk978d7a6n2V32g+t9L1p+lq5vqyV5vFhHx5+Y2w/cMP5/0ywCAZfZpRPyt7U7QGvkXLH/f33B6su3OAAt1/YMPf3j56tWta9fb7gkAAAAAAAAAcFB5/M+NxvjPJ+u6vj223sj4r2/GxuOO/9nLM3sDjE4ZqLr76Pv0MJ2Ibqcx3PhzMW387/7e3MPG/+7NeLz+jPbBjPaVGe2rM9on3ujRkPN/rjHe+cmIODE2/HoJ47+Oj3lfgpz/843n8zD/L42t18y//vVhzr8zkv/pG+//5PT1Dz585cr7l9/bem/rR+fPnj1z/sKFixcvnn73ytWtM7v/bbHH85Xzz2Nfuw60LDn/nLn8y5Lz/0Kq5V+WnP8XUy3/suT88/s9+Zcl558/+8i/LDn/l1It/7Lk/L+cavmXJef/cqrlX5ac/1dSLf+y5PxfSbX8y5LzP5Vq+Zcl53861fvMf23e/WIxcv75DJfjvyw5/3xlg/zLkvM/l2r5lyXnfz7V8i9Lzv/VVMu/LDn/r6Za/mXJ+V9ItfzLkvP/WqrlX5ac/8VUy78sOf+vp1r+Zcn5fyPV8i9Lzv+1VMu/LDn/b6Za/mXJ+X8r1fIvS87/26mWf1ly/q+nWv5lefD9/2bMmDGTZ9r+ywQAAAAAAAAAAAAAjFvE5cRt7yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkausz4D+Jn98tqBxEBIndQJG8ckIdlk13biD9oUEz4bvkpCUugHtutdmwXHNl67BBrVjgIlEkZFFW3DRVtAqM1NhVVxQStAuUCtKlWC9oLeICpULqIqoIBUlVbAVjPnfd+dOTs7s+sdb86e8/tJyT87c2bOmTPvzO5j59kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGh38xtmP9nIsqzRaOQXbM2ylzTn5omtrUte++IeHwAAALB2P2/9+4Vr0gUHV3Cjtm3+6aZvfWVhYWEhe+/wn45+dmEhXTGRZaObsqx1XXTp++9rtG8TPJmNN4bavh7qs/vhPteP9Ll+tM/1Y32u39Tn+vE+1y85AUtszhrpzna2/nNrfkqza7PR1nU7u9zqycamoea5S7fNGq3bLIwey+ayE9lsNt2xfb5to7X9125u7uutWdzXUNu+tjdXyI8fPxqPoRHO8c6OfS3eZ/TD12cTP/nx40f/+uzz13ebfU9Dx/3lx3n7juZxfjxckh9rI9uUzkk8zqG249ze5TkZ7jjORut2zf8uHucLKzzO4cXDXFfF53w8G2r997db52mkkXU5T9vDZT+9JcuyC4uHXdxmyb6yoWxLxyVDi8/PeL4im/fRXEovz0ZWtU5vXsE6bc6ZnZ3rtPiaiM//zeF2I8scQ/vT9MMnxtqe958tXM46jZqPernXSnENDvq1UpY1GNfFt1sP+qmua3BnePyP37r8Guy6drqswfS429bgjn5rcGhsuHXM6UlotG6zuAZ3dWw/3NpTozWfu7X3Gpw6++jpqfmPfuyuuUePHJ89Pntyz65d03v27t2/f//UsbkTs9P5vy/zbJfflmwovQZ2hHMXXwO3FbZtX6oLXxhb8v57ua/D8R6vw62FbQf9OhwpPrjG+rwgl67p/LXxnuZJH784lC3zGms9P3es/XWYHnfb63Ck7XXY9XtKl9fhyApeh81tTt+xsp9ZRtr+6XYMy38vWNsa3Nq2Bos/jxTX4KB/HinLGhwP6+K7dyz/vWB7ON6nJlf788jwkjWYHm5472lekn7eH9/fGt3W5Q3NK64ay87Nz565+7EjZ8+e2ZWFsS5e0bZWiut1S9tjypas16FVr9eDczc9dUOXy7eGczV+V/Nf48s+V81t7rm793PV+u7W/Xx2XLo7C2PA1vt8dvtu3jyfY1n2uW8+8eDXH//cG5Y9n828+fGptf8snnJp2/vv6DLvvzH3/yLfX7qrJ4dHR/LX73A6O6Md78edT9VI672r0dr3C1Mrez8eDf+s9/vxtT3ej7cVth30+/Fo8cHF9+NGvz/tWJvi8zke1smJ6d7vx81ttu1e7Zoc6fl+fEuYjXD+XxOSQspFbWtnuXWb9jUyMhoe10jcQ+c63dOx/WjIZs19PbP78tbp7bfk9zWcHt2i9VqnE4VtB71O0599LbdOG/3+9O3yFJ/P8bAurt3Te502t3n2nrW/d26O/9n23jnWbw2ODo81j3k0LcLW+322sDmuwbuzo9mp7EQ207p2rLWeGq19Td67sjU4Fv5Z7/fKbT3W4O2FbQe9BtP3seXWXmNk6YMfgOLzOR7WxdP39l6DzW3euG+wP7veHi5J27T97Fr887Xl/szrhsJpulJrZSQc5zf39f6z2eY2J/avNmf2Pk93hkuu6nKeiq/f5V5TM9n6nKdt4Tif37/8eWoeT3Obzx5Y4Xo6mGXZ+Q/f3/rz3vD3K3937jtf6fh7l25/p3P+w/f/6KXH/nE1xw/AxveLfGzJv9e1/c3USv7+HwAAANgQYu4fCjOR/wEAAKAyYu6P/1d4Iv8DAABAZcTcPxJmUpP8v+2Nz8/94nyWmvkLQbw+nYYH8u1ix3U6fD2xsKh5+f1fmv3vfzi/sn0PZVn2swf+oOv22x6Ix5WbCMd56U2dly/xlbtWtO/DD59P+23vr38+3H98PCtdBt0quNNZln3tmk+39jPxvout+ewDh1vzwQtPPdnc5oUD+dfx9s+9It/+L0L59+CxIx23fy6chx+EOf227ucj3u7LF1+zfd8ji/uLt2vsuLr1sJ9+f36/8ffkfObJfPt4npc7/q9/6pkvN7d/7NXdj//8UPfjfybc75fC/N8b8+3bn4Pm1/F2nwjHH/cXb3f3F7/R9fgvfTLf/vSb8+0Ohxn3f3v4euebn59rP1+PNY50PK7sLfl2cf/T3/nj1vXx/uL9F49//NDFjvNRXB/P/lt+P1OF7ePlcT/R3xf237yf9vUZ9//MHx3uOM/99n/pwedubN5vcf93FrY7/eE7WvtfvL/O39j0l5/4dNf9xeM5+LenOx7PwXeH13HY/9PvD+sxXP9/l/L7K/52hcPv7nz/idt/fuv5jscTvfUn+f4vve54a24a37zlqpe89OoLr2qeuyz79qb8/vrt//hfneo4/i9cl5+PeH3s6Bf3v5y4/zMfmTx5av7c3Ew6q49f0/rdOW/Pjyce7zXhvbX49aFTZz8we2ZiemI6yyaq+yv0LtsXw/xRPi703nphyTvoHQ+H5/OGP//allv/9VPx8n9/T375xbfl37due/i5G8ceybLPhMu3hudvdftf6umbr2u9vhvPhiNcWPr7gtdi+87/2r+iDcPjL/5cENf76Vd+oHUemte1vm/E1/Uaj/97M/n9fDWc14Xwm5l3XLe4v/bt4+9GuPhQ/npf8/kLb3Pxef2b8Hy/4wf5/cfjio/3e+HnmG9s63y/uy2so6+eHyref+u3eFwI7yfZhfz6uFU83xdfuK7r4cXfQ5JduL719Z+k+7l+VQ9zOfMfnZ86MXfy3GNTZ2fnz07Nf/Rjhx49de7k2UOt3+V56IP9br/4/rSl9f40M7v3nqz1bnUqH1fESGmO//TDR2f2Td86M3vsyLljZx8+PXvm+NH5+aOzM/O3Hjl2bPYj/W4/N3Pfrt0H9uzbPXl8bua+/QcO7DkwOXfyVPMw8oPqY+/0hyZPnjnUusn8ffcc2HXvvfdMTz56amb2vn3T05Pn+t2+9b1psnnr3588M3viyNm5R2cn5+c+NnvfrgN79+7u+9sAHz19bH5i6sy5k1Pn5mfPTOWPZeJs6+Lm975+t6ea5v8j/3m2qJH/Ir7sXXfuTb+ftelLTyx7V/kmhV8g+nz4XTT//LLT+1fydcz9o2EmNcn/AAAAUAcx94+Fmcj/AAAAUBkx928KM5H/AQAAoDJi7h8PM6lJ/q9c/3/b+RXtX/9f/7/9fOn/16z//1DZ+v/5+4X+/2CstX+/mv7/Pv1//X/9/w4vTv+/PMev/6//z1Jl6//H3L85y2qZ/wEAAKAOYu7fEmYi/wMAAEBlxNx/VZiJ/A8AAACVEXP/S8JMapL/9f/1//X/9f/1/7vvX/9/Y9L/703/vw/9/6msXv3/C4M8fv1//X+WKlv/P+b+l4aZ1CT/AwAAQB3E3H91mIn8DwAAAJURc/81YSbyPwAAAFRGzP1bw0xqkv/1/7NsqK28rP+v/9+6QP9f/1//f8PS/+9N/78P/X+f/6//r//PQJWt/x9z/8vCTGqS/wEAAKAOYu5/eZiJ/A8AAADlM3J5N4u5/xVhJkvy/2XuAAAAAHjRxdx/bVb4IPia/P2//r/P/y9//39Tuk7/X/8/K2X/fzjT/y8P/f/e9P/70P/X/9f/1/9noMrW/2/l/mw8e2WYSU3yPwAAANRBzP3XhZnI/wAAAFAZMff/UpiJ/A8AAACVEXP/tjCTmuR//X/9//L3/33+v/5/2fv/Pv+/TPT/e9P/70P/X/9f/39N/f/hTP+fTmXr/8fcf32YSU3yPwAAANRBzP03hJnI/wAAAFAZMff/cpiJ/A8AAACVEXP/9jCTmuR//f+S9/9jc1T/X/9f/1//X/9/RfT/e9P/70P/X/9f/9/n/zNQZev/x9x/Y5hJTfI/AAAA1EHM/TeFmcj/AAAAUBkx978qzET+BwAAgMqIuX8izKQm+V//v+T9/7wHP+bz//X/9f/1//X/V0b/vzf9/z70//X/B9L/Xziv/6//T65s/f+Y+28OM6lJ/gcAAIA6iLl/R5iJ/A8AAACVEXP/LWEm8j8AAABURsz9O8NMapL/9f83RP8/0//X/9f/1//X/18Z/f/e9P/70P/X//f5//r/DFTZ+v8x9786zKQm+R8AAADqIOb+W8NM5H8AAACojJj7bwszkf8BAACgMmLuvz3MpCb5X/9f/1//X/9f/7/7/vX/Nyb9/970//vQ/9f/1//X/2egytb/j7n/NWEmNcn/AAAAUAcx998RZiL/AwAAQGXE3H9nmIn8DwAAAJURc/9kmElN8r/+v/6//r/+v/5/9/3r/29M+v+96f/3of+v/6//r//PQJWt/x9z/11hJjXJ/wAAAFAHMfffHWYi/wMAAEBlxNw/FWYi/wMAAEBlxNw/HWZSk/yv/6//r/+v/7+q/v+rFu9X/z+n/18u+v+96f/3of+v//+i9/9H9f+plLL1/2Pu3xVmUpP8DwAAAHUQc//uMBP5HwAAACoj5v49YSbyPwAAAFRGzP33hJnUJP/r/+v/6//r//v8/+771//fmPT/ext8/z8+RP1//X/9f5//r//PUmXr/8fcf2+YSU3yPwAAANRBzP17w0zkfwAAAKiMmPv3hZnI/wAAAFAZMffvDzOpSf7X/9f/1//X/9f/775//f+NSf+/N5//34f+v/6//r/+P2v00B+2f1W2/n/M/QfCTGqS/wEAAKAOYu5/bZiJ/A8AAACVEXP/r4SZyP8AAABQGTH3/2qYSU3yv/5/R/e8+XD1//X/9f/1/1v0/zcm/f/e9P/70P9fXX9+tPNL/X/9f/1/ipbt/4fovd79/5j77wszqUn+BwAAgDqIuf/XwkzkfwAAAKiMmPtfF2Yi/wMAAEBlxNx/MMykJvlf/9/n/+v/6//r/3ff/3r3/8fi/er/r4n+f2/6/33o//v8f/1//X8Gqmyf/x9z/+vDTGqS/wEAAKAOYu6/P8xE/gcAAIDKiLn/DWEm8j8AAABURsz9bwwzqUn+1//X/98o/f+r9P/1/wuPp2r9f5//Pxj6/73p//eh/6//r/+v/89Ala3/H3P/m8JMapL/AQAAoA5i7n9zmIn8DwAAAJURc/9bwkzkfwAAAKiMmPvfGmZSk/yv/6//v1H6/5n+v/5/4fHo/+v/d6P/35v+fx/6//r/+v/6/wxU2fr/Mff/ephJTfI/AAAA1EHM/Q+Emcj/AAAAUBkx978tzET+BwAAgMqIuf/tYSY1yf/6//r/+v/6/2vq/2/W/9f/Lxf9/942WP//51eHy/X/c/r/5T7+1fb/RwpfX5H+//eX6/8vbCreXv+fK6Fs/f+Y+98RZlKT/A8AAAB1EHP/O8NM5H8AAACojJj73xVmIv8DAABAZcTc/xthJjXJ//r/zeNYbC/r/1e1/z+k/+/z//X/a0L/v7cN1v/3+f8F+v/lPn6f/6//z1Jl6//H3P/uMJOa5H8AAACog5j7Hwwzkf8BAACgMmLufyjMRP4HAACAyoi5/z1hJjXJ//r/Pv+/Hv1/n/+f6f/r/9fE2vr3o/r/kf6//r/+fzn6//+p/8/GVrb+f8z9D4eZ1CT/AwAAQB3E3P9ImIn8DwAAAJURc/9vhpnI/wAAAFAZMfe/N8ykJvlf/3+j9P8nNmj//wn9/yvY/7/p6nw7/X/9fxb5/P/e9P/70P/X/y9b/9/n/7PBla3/H3P/+8JMVp7/x1e8JQAAAHBlFP8iqSDm/t8KM6nJ3/8DAABAHcTc/9thJvI/AAAAVEbM/b8TZlKT/K//v1H6/z7/P9P/9/n/hcej/6//38369f/jO4/+v/6//n+k/6//r/9PUdn6/zH3/26YSU3yPwAAANRBzP3vDzOR/wEAAGBD6Pb/ZBfF3H8ozET+BwAAgMqIuf9wmElN8r/+v/6//n9J+/9/tuNfvvutdx7epf+v/6//vyrr+vn/zRe/z//X/9f/T/T/9f/1/ykqW/8/5v4jYSY1yf8AAABQBzH3/16YifwPAAAAlRFz/9EwE/kfAAAAKiPm/pkwk5rkf/1//X/9/5L2/zfw5//H86H/32lg/f/4pqv/31Xev0+r6Mr2/x9Z7Inr/6+2/z/W9VL9f/3/jXz8+v/6/yxVtv5/zP2zYSY1yf8AAABQByH3Dx3L5+IV8j8AAABURsz9x8NM5H8AAACojJj7PxBmUpP8r/+v/6//r//v8/+7779X/78x4vP/yyr173/aeqHo/xeUp//fnf6//v9GPn79f/1/lipb/z/m/rkwk5rkfwAAAKiDmPs/GGYi/wMAAEBlxNz/oTAT+R8AAAAqI+b+E2EmNcn/+v/6//r/+v/6/933X9rP/9f/72mt/Xv9/0D/v979///R/9f/1/9nMP6fvTtpsqxO6zh+UgsqM9qFCyNcuDHCpS+hF7rWF+DCjRsjDCNstVtt5652Hlu7tZ21BecBVBBEVHAeQEUUZ1BxngdURJSojrr5PE9OJ8/N4ea95/z/n8+iHkkquVeizOJH8vXMrf/P3f8pcUsn+x8AAAB6kLv/LXGL/Q8AAADNyN3/qXGL/Q8AAADNyN3/aXFLJ/tf/3+d/v+oUtb/n3z/6/v/fMUb7P8/Sv9/3uvr//X/LdP/T9P/rzHe/98/DENf/b/n/+v/9f9syNz6/9z9nx63dLL/AQAAoAe5+986HNj/AAAA0Ki3rn7cH94Wt9j/AAAA0Izc/Z8Rt3Sy/0/1/3tDn/1/Zrye/+/5//r/8/r/1Q/6f/3//G23/3/nva98+v8L9/8Pv2fdy860/2/x+f/3j31w1/38de36/V+w/7993ufr/2nR3Pr/3P2fGbd0sv8BAACgB7n7Pytusf8BAACgGbn73x632P8AAADQjNz9nx23dLL/N/f8/4PVxxfa/xf9v/5/9QH9v+f/6/8Xy/P/p/X0/P+3vfCmt7zy+Ic9cZnX76j/H7Xrfn7p79/z//X/nDW3/j93/+fELZ3sfwAAAOhB7v7PjVvsfwAAAGhG7v7Pi1vsfwAAAGhG7v7Pj1s62f+b6/8X/fz/ov/X/68+sKj+/47+X//PMfr/aT31/1d5ff2//l//r/9ns+bW/+fu/4K4pZP9DwAAAD3I3f+FcYv9DwAAAM3I3f+OuMX+BwAAgGbk7r8Tt3Sy//X/N9//v6H/1//H9fx//b/+/+bp/6fp/9fQ/+v/9f/6fzZqbv1/7v53xi2d7H8AAADoQe7+L4pb7H8AAABoRu7+L45b7H8AAABoRu7+L4lbOtn/+n/P/9f/6//1/+Ovr/9fJv3/NP3/Gvr/6/bz9+n/9f/6f467ZP//+sSX7Y30/7n7vzRu6WT/AwAAQA9y939Z3GL/AwAAQDNy93953GL/AwAAQDNy939F3NLJ/tf/6//1//r/K/f/Z3/prej/x+n/t0P/P202/f/erdEP6/8X3/97/r/+X//PCXN7/n/u/q+MWzrZ/wAAANCD3P1fFbdM7P9L/8t8AAAAYKdy93913OL7/wAAALB4WZ3l7v+auKWT/a//1//r//X/nv8//vpT/f8Tx96f/n9e9P/TZtP/n0P/r/9f8vvX/+v/OWtu/X/u/q+NWzrZ/wAAANCD3P3vilvsfwAAAGhG7v6vi1vsfwAAAGhG7v6vj1s62f/j/f/Rn9f/X4z+/+T71/+P//rYVP+ff0X9/2T//9Ge/98n/f+07ff/t/X/J//6+v8btOv333j/f7Du8/X/jJlb/5+7/91xSyf7HwAAAHqQu/89cYv9DwAAAM3I3f8NcYv9DwAAAM3I3f+NcUsn+9/z//X/+v/l9f+e/39ol8//H7be/9/S/1+Q/n+a5/+vof/X/+v/Pf+fjZpb/5+7/71xSyf7HwAAAHrw3teG1e7/pmGw/wEAAGCJjv+3A6f/g9KQu/+b4xb7HwAAAJqRu/9b4pZO9r/+X/+v/9f/6//HX/+y/f+6ByN7/v926P+n6f/X0P/fRD9/q7H+/33nff4c+v936P+ZmRP9/1NHH99V/5+7/1vjlk72PwAAAPQgd/+3xS32PwAAADQjd/+3xy32PwAAADQjd/93xC2d7P8b7/8nglj9v/5f/6//b6n/X0f/vx36/2n6/zX0/57/7/n/+n826qj/P/n1cFf9f+7+74xbOtn/AAAA0IPc/d8Vt9j/AAAA0Izc/e+LW+x/AAAAaEbu/u+OWzrZ/57/r//X/+v/9f/jr6//Xyb9/zT9/xr6f/2//l//z0adeP7/Mbvq/3P3PxC3dLL/AQAAoAe5+x+MW+x/AAAAaEbu/u+JW+x/AAAAaEbu/u+NWzrZ//r/m+3/8+P6f/3/oP/X/+v/t6Lb/n9v7Heis87p/5/9pDsfe/Ij+n/9v/5f/6//ZwNm0f/fPfqny9z93xe3dLL/AQAAoAe5+78/brH/AQAAoBm5+38gbrH/AQAAoBm5+38wbrnk/v/gjb6r7dH/e/6//l//r/8ff339/zJ12/9fkOf/r6H/1//r//X/bNQs+v9jf5y7/4fiFt//BwAAgGbk7v/huMX+BwAAgGbk7v+RuMX+BwAAgGbk7v/RuKWT/a//1//r//X/+v/x179q/78/jNP/b4f+f5r+fw39v/5f/6//Z6Pm1v/n7n8obulk/wMAAEAPcvc/HLfY/wAAANCM3P0/FrfY/wAAANCM3P0/Hrd0sv/1//p//b/+X/8//vqe/79M+v9p+v9hGB6ZeANj/f/d2/p//b/+X//PFc2t/8/d/xNxSyf7HwAAAHqQu/+RuMX+BwAAgGbk7n80brH/AQAAoBm5+38ybulk/+v/9f/6f/2//n/89fX/y6T/n6b/X8Pz//X/+n/9Pxs1t/4/d/9jcUsn+x8AAAB6kLv/8bjF/gcAAIBm5O7/qbjF/gcAAIBm5O5/Im7pZP/r//X/+n/9/430/3f0/6fp/7fj5vr/Qf/fXv9/+suN/l//r//X/7Nh2+r/X4+v9+v6/9z9Px23dLL/AQAAoAe5+5+MW+x/AAAAaEbu/p+JW+x/AAAAaEbu/p+NWzrZ//p//b/+X//v+f/jr6//XybP/5+m/19D/6//v9T7/5ATf6T/1/9z1rb6//N6/9N/nLv/5+KWTvY/AAAA9CB3/1Nxi/0PAAAAzcjd/3TcYv8DAABAM3L3/3zc0sn+1//r/0/2/8Og/9f/6/8PbaH/3x/0/xun/5+m/19D/99m//8Bw5Kf/38Qfzp+uR+c+/n6f+Zobv1/7v5fiFs62f8AAADQg9z9vxi32P8AAADQjNz9vxS32P8AAADQjNz9vxy3tLT/3zg/fVt+/3/71Cfq/4dhePHtnv+v/594ff3/bPr/+ruq/98c/f+0Rvv/V4Zh0P9vQLP9/5bev+f/6/85a279f+7+X4lbWtr/AAAA0Lnc/b8at9j/AAAA0Izc/b8Wt9j/AAAA0Izc/b8et3Sy/5ff/5/+RP3/cK3n/+v/Vx/Q/+v/9f+Ldd3+/oH9+D1N/7+k/n/Lz/8/uPc7Xrf9/945/9wz6P/1//p/Rsyt/8/d/xtxSyf7HwAAAHqQu/+ZuMX+BwAAgGbk7n82brH/AQAAoBm5+38zbulk/+v/9f/6/2X2//v6f/2//n/UXJ7//+Y3f8zz+v9W+3/P/z+P/l//r//ntLn1/7n7fytu6WT/AwAAQA9y9/923GL/AwAAQDNy9z8Xt9j/AAAA0IznViHn/vA7w9Dl/j/b/983HBaqh8b6/2jU9P/H6P9Pvn/9//ivD8//1//r/2/eXPp/z/+/2vvX/+v/l/z+L9X/f/jZz9f/06K59f+5+5+PWzrZ/wAAANCD3P2/G7fY/wAAANCM3P2/F7fY/wAAANCM3P0vxC2d7H/P/7/h/v8+/b/+X/9fvy71//r/LdD/T9P/r6H/v34/n19V9f/Lff7/B+r/2Zy59f+5+38/blkNv4/4oCv+rwkAAADMSO7+P4hbOvn+PwAAAPQgd/8fxi32PwAAADQjd/8fxS2d7H/9v+f/6//1//r/8dfX/y+T/n+a/n+Nfvr//bEP7rqfv65dv/8d9v+rXxae/88cza3/z93/x3FLJ/sfAAAA2vba6sfc/X8St9j/AAAA0Izc/X8at9j/AAAA0Izc/S/GLZ3s/yX2/wf6f/3/pfr/T9D/n3p9/b/+v2X6//wdfZz+f41++v9Ru+7nN/b+7/0fQV/9/4r+nzmaW/+fu/+luKWT/Q8AAAA9yN3/Z3GL/Q8AAADNyN3/53GL/Q8AAAALdfvMR3L3/0Xc0sT+v7X2Zyyx//f8/6v3/3tDj/2/5//r//X/PVlO///g6G/Snv+v/9f/L/f96//1/5w1t/4/d//Le7ca3P8AAADQro/7yE9+6aI/9+XVj/vDX8Yt9j8AAAA0I3f/X8Ut9j8AAAA0I3f/X8ctnex//X9f/X+fz//X/+v/9f89WU7/P07/r//X/y/3/ev/9f+cNbf+P3f/38Qtx4bf+v8vegAAAMBW3X+5n567/2/jlk6+/w8AAAA9yN3/d3HLmf1/94L/VTsAAAAwN7n7/z5u6eT7//r/mff/ww31//Hz9P+Htt3/7536+fr/Q/p//f8m6P+nXbP/v7un/9f/T9D/6//1/5w2t/4/d/+Tjw1d7n8AAABo1Il/o/APqx/3h3+MWy66/09/owoAAACYndz9/xS3+P4/AAAANCN3/z/HLZ3sf/3/zPv/Kz3//6D+J8//n2f/v7Xn/79rf/T19f/6/5bp/6d5/v8a+n/9v/7/8v3/q4dH/8+YS/T/q0F60/1/7v5/iVs62f8AAADQg9z9/xq32P8AAADQjNz9/xa32P8AAADQjNz9/x63dLL/9f876P/ffXsYbrT/v8Dz//X/ffT/57x+O/3/h77pzjMf/4mPPqT/58g2+//8taD/1//r/w/p/zvt/4P+nzFze/5/7v7/iFs62f8AAADQg9z9r8Qt9j8AAAA0I3f/f8Yt9/b/07t6VwAAAMAm5e7/r7ilk+//6/9bfP7/Mvv//Hu9g/7/zvL6/2yKe+//Pf9f/3+W5/9P0/+vof/X/+v/9f9s1Nz6/9z9/x23dLL/AQAAoAe5+1+NW3L/7136X90DAAAAM5O7/3/iFt//BwAAgGbk7n8tbulk/+v/9f9z6f+T5/8ffZ7n/x/S/+v/L0P/P03/v4b+X/+v/9f/s1Fz6/9z9/9v3NLJ/gcAAIAe5O5/PW6x/wEAAKAZufv/L26x/wEAAKAZufv/P27pZP/r//X/+n/9//b7/8Ovtfr/o7+r+v/N0f9P0/+vof/X/+v/9f9s1Nz6/9z97w8AAP//9wRuTQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000100)=""/27, 0x1b)
getdents64(r0, 0xfffffffffffffffe, 0x2a)

1.666496033s ago: executing program 4 (id=3935):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902)

1.624607844s ago: executing program 7 (id=3936):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0)
openat2(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x40000, 0x0, 0x8}, 0x18)

1.509551085s ago: executing program 0 (id=3937):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000ec0)=ANY=[@ANYBLOB='iocharset=cp865,utf8=1,utf8=0,utf8=1,iocharset=utf8,sys_immutable,uni_xlate=0,uni_xlate=1,uni_xlate=1,gid=', @ANYRESDEC=0x0, @ANYRESDEC=0x0], 0xfd, 0x1b2, &(0x7f0000000880)="$eJzs2zFrE2EYB/Dn2jSmdUgGJ3G40Sk0/QQNUkEMCEoGBUGxDUhPChYCOthuDn4JP4yDq34Sxw7CSXNJ2oQINZgcJL/fkodc/rnnfcMleQJ5de/d8eHJae9l73vUkiQ29iONiyQasREj5wEArJKLPI9feZ7nt85j+2vkeV52RwDAovn8B4D18+z5i8ftTufgaZrWIrLP/W6/W9wWx9u9eBtZHMVu1ON3XH5BGCrqh486B7vpQCO+ZGfD/Fm/uzmZb0U9GrPzrSKfTua3Yud6fi/qcWd2fm9mvhr3q+P8VkTU4+ebOIksDuMye5X/1ErTB086U/nbg8cBAADAKmimY4P5vRqT83uzOXl8NB9vDvPt5Ma/D0zN15W4Wyl16QCwtk4/fDx+nWVH7+coasPnmDN+s+LHTnGSBZ7iPxWjLR3fs7+M/fnXonq9w6lie8GtVpa+5CQiytrwbxFR+ss910U9KEp4MwKW6urqL7sTAAAAAAAAAAAAAADgb5bxv6Ky1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA+vkTAAD//72NgaU=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x189800, 0x9b)
syz_mount_image$exfat(&(0x7f0000000440), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f0000000180)=ANY=[@ANYBLOB='allow_utime=00000000000000000000000,gid=', @ANYRESHEX=0xee01, @ANYBLOB=',errors=continue,dmask=00000000000000000100001,iocharset=cp857,discard,umask=00000000000037777777777,errors=continue,umask=00000000000000000000002,allow_utime=00000000000000000000001,errors=remount-ro,discard,sys_tz,gid=', @ANYRESHEX, @ANYBLOB="69653d303030383030303030303030307030303030304d6e616d3b2d99d6551d6de459901c9c76c79e000000"], 0x1, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x40047211, &(0x7f00000002c0))

987.236819ms ago: executing program 7 (id=3938):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

895.545617ms ago: executing program 0 (id=3939):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f0000000080), 0x10)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f00000000c0)=0x5, 0x4)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f00000005c0)=0x4, 0x4)

894.394995ms ago: executing program 4 (id=3940):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000340)={{0x12, 0x1, 0x310, 0x1a, 0xcf, 0x3, 0x40, 0x423, 0xa, 0x5fd8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0xac, 0x10, 0xf9, "", [{{0x9, 0x4, 0x8a, 0x1, 0x0, 0x40, 0x6c, 0x59, 0x9}}]}}]}}, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, &(0x7f0000001540)={0x14, 0x0, &(0x7f00000007c0)={0x0, 0x3, 0x4, @lang_id={0x1, 0x3, 0xc0a}}}, 0x0)
syz_usb_control_io$uac2(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

882.453525ms ago: executing program 2 (id=3941):
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff, 0x3, 0x2}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23}, 0x3)

640.181834ms ago: executing program 2 (id=3942):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200008c0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x3, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x48054)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)

572.790221ms ago: executing program 7 (id=3943):
r0 = add_key$user(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000300)="cf2ae5242d1f0414fe9d60ed3ece", 0xe, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
r2 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000000680)="3e12", 0x2, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, 0x0)

426.014052ms ago: executing program 0 (id=3944):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x2800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r1, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xffffffff80000000})
ioctl$IOMMU_IOAS_COPY$syz(r0, 0x3b83, &(0x7f0000000240)={0x28, 0x10000, r1, r1, 0x2234ab, 0x5, 0x0, 0xff494})

380.095636ms ago: executing program 2 (id=3945):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200), 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x6, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000c30100000001000095"], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x24}, 0x94)

366.9248ms ago: executing program 7 (id=3946):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000000), 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x31, &(0x7f00000006c0), 0x4)

315.436563ms ago: executing program 3 (id=3947):
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
chmod(&(0x7f0000000180)='./file0\x00', 0x2dc)
lchown(&(0x7f00000001c0)='./file0\x00', 0xee00, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe8c40, 0x78)

293.060897ms ago: executing program 4 (id=3948):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x11, &(0x7f0000004100)=ANY=[@ANYBLOB="18000000000100000000000000010000b7080000000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800080085000000b6000000850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

178.656179ms ago: executing program 0 (id=3949):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, r1, 0x1, 0x72bd29, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}]}]}]}, 0x2c}}, 0x20000000)

105.637992ms ago: executing program 0 (id=3950):
r0 = getpid()
syz_pidfd_open(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='fdinfo/3\x00')
read$eventfd(r1, &(0x7f0000000280), 0x8)

0s ago: executing program 2 (id=3951):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14b442, 0x2)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x5412, 0x0, 0x16)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

kernel console output (not intermixed with test programs):

OD found
[  447.100036][   T57] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  447.207466][ T1250] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now attached
[  447.283563][T12484] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  447.760792][T12484] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  447.800416][ T1250] usb 6-1: USB disconnect, device number 12
[  447.808338][ T1250] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  448.042433][   T32] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  448.046552][   T38] audit: type=1800 audit(1776185022.475:21): pid=12484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2516" name="file1" dev="loop0" ino=10 res=0 errno=0
[  448.197256][   T32] usb 4-1: unable to get BOS descriptor or descriptor too short
[  448.207226][   T32] usb 4-1: unable to read config index 0 descriptor/start: -71
[  448.207265][   T32] usb 4-1: can't read configurations, error -71
[  448.462244][T10584] syz-executor: attempt to access beyond end of device
[  448.462244][T10584] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  448.472654][T10584] CPU: 0 UID: 0 PID: 10584 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  448.472699][T10584] Tainted: [L]=SOFTLOCKUP
[  448.472705][T10584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  448.472717][T10584] Call Trace:
[  448.472724][T10584]  <TASK>
[  448.472733][T10584]  dump_stack_lvl+0xe8/0x150
[  448.472761][T10584]  f2fs_stop_checkpoint+0x383/0x540
[  448.472793][T10584]  f2fs_write_end_io+0x1274/0x1740
[  448.472835][T10584]  __submit_merged_bio+0x256/0x6a0
[  448.472869][T10584]  __submit_merged_write_cond+0x3c9/0x4e0
[  448.472907][T10584]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  448.472954][T10584]  f2fs_write_data_pages+0x287e/0x34f0
[  448.473007][T10584]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  448.473076][T10584]  ? do_raw_spin_lock+0x12b/0x2f0
[  448.473109][T10584]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  448.473135][T10584]  ? lockdep_hardirqs_on+0x7a/0x110
[  448.473161][T10584]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  448.473186][T10584]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  448.473207][T10584]  ? reacquire_held_locks+0x104/0x190
[  448.473232][T10584]  ? rt_spin_lock+0x1e0/0x400
[  448.473260][T10584]  ? rt_spin_unlock+0x14f/0x200
[  448.473286][T10584]  ? rt_spin_unlock+0x160/0x200
[  448.473305][T10584]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  448.473326][T10584]  do_writepages+0x32e/0x550
[  448.473350][T10584]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  448.473373][T10584]  ? rt_spin_unlock+0x14f/0x200
[  448.473405][T10584]  filemap_fdatawrite+0x1ec/0x2f0
[  448.473429][T10584]  ? irqentry_exit+0x1a6/0x680
[  448.473455][T10584]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  448.473514][T10584]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  448.473538][T10584]  ? __rcu_read_unlock+0x83/0xe0
[  448.473560][T10584]  ? rt_spin_unlock+0x160/0x200
[  448.473584][T10584]  f2fs_sync_dirty_inodes+0x30e/0x830
[  448.473619][T10584]  f2fs_write_checkpoint+0x9df/0x26a0
[  448.473639][T10584]  ? __lock_acquire+0x6b5/0x2cf0
[  448.473697][T10584]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  448.473769][T10584]  kill_f2fs_super+0x314/0x730
[  448.473795][T10584]  ? __pfx_kill_f2fs_super+0x10/0x10
[  448.473828][T10584]  ? lockdep_hardirqs_on+0x7a/0x110
[  448.473865][T10584]  deactivate_locked_super+0xbc/0x130
[  448.473891][T10584]  cleanup_mnt+0x437/0x4d0
[  448.473915][T10584]  ? _raw_spin_unlock_irq+0x23/0x50
[  448.473944][T10584]  task_work_run+0x1d9/0x270
[  448.473973][T10584]  ? __pfx_task_work_run+0x10/0x10
[  448.474004][T10584]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.474024][T10584]  exit_to_user_mode_loop+0xed/0x480
[  448.474045][T10584]  ? rcu_is_watching+0x15/0xb0
[  448.474072][T10584]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.474090][T10584]  do_syscall_64+0x33e/0xf80
[  448.474116][T10584]  ? trace_irq_disable+0x3b/0x140
[  448.474137][T10584]  ? clear_bhb_loop+0x40/0x90
[  448.474159][T10584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.474177][T10584] RIP: 0033:0x7fe4300dda57
[  448.474196][T10584] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  448.474211][T10584] RSP: 002b:00007ffe85c7d598 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  448.474231][T10584] RAX: 0000000000000000 RBX: 00007fe430172048 RCX: 00007fe4300dda57
[  448.474243][T10584] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe85c7d650
[  448.474255][T10584] RBP: 00007ffe85c7d650 R08: 00007ffe85c7e650 R09: 00000000ffffffff
[  448.474267][T10584] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe85c7e6e0
[  448.474278][T10584] R13: 00007fe430172048 R14: 000000000006d549 R15: 00007ffe85c7e720
[  448.474308][T10584]  </TASK>
[  448.506146][T10584] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  448.536709][T12554] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.2547'.
[  449.252351][T12571] C: renamed from team_slave_0 (while UP)
[  449.340633][T12571] netlink: 'syz.4.2556': attribute type 1 has an invalid length.
[  449.340656][T12571] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2556'.
[  449.340684][T12571] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  449.437520][T12574] loop5: detected capacity change from 0 to 512
[  449.466338][T12574] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  449.682503][T12574] EXT4-fs (loop5): 1 truncate cleaned up
[  449.704534][T12574] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  449.772771][   T38] audit: type=1800 audit(1776185024.185:22): pid=12574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2557" name="file1" dev="loop5" ino=15 res=0 errno=0
[  449.856493][T12584] delete_channel: no stack
[  450.071560][ T8219] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.452487][   T38] audit: type=1326 audit(1776185025.885:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  451.453707][   T38] audit: type=1326 audit(1776185025.885:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  451.456441][   T38] audit: type=1326 audit(1776185025.885:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  451.462701][   T38] audit: type=1326 audit(1776185025.885:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  451.462746][   T38] audit: type=1326 audit(1776185025.905:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  451.463734][   T38] audit: type=1326 audit(1776185025.905:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  451.493263][   T38] audit: type=1326 audit(1776185025.905:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  451.493606][   T38] audit: type=1326 audit(1776185025.925:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12630 comm="syz.3.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d8259c819 code=0x7ffc0000
[  452.024306][T12623] loop2: detected capacity change from 0 to 131072
[  452.025327][T12623] xfs: Deprecated parameter 'ikeep'
[  452.025344][T12623] XFS: ikeep mount option is deprecated.
[  452.159574][T12623] XFS (loop2): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  452.277922][T12623] XFS (loop2): Starting recovery (logdev: internal)
[  452.375371][T12623] XFS (loop2): Ending recovery (logdev: internal)
[  452.453478][ T6568] XFS (loop2): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  452.473742][T12652] loop5: detected capacity change from 0 to 16
[  452.587524][T12652] erofs (device loop5): mounted with root inode @ nid 36.
[  452.776440][T12656] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2591'.
[  453.114941][   T61] Bluetooth: hci3: command 0x0405 tx timeout
[  454.368648][T12680] loop3: detected capacity change from 0 to 512
[  454.514727][T12667] loop5: detected capacity change from 0 to 40427
[  454.614845][T12667] f2fs: Bad value for 'grpjquota'
[  455.893023][T12706] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2610'.
[  456.176900][T12708] loop2: detected capacity change from 0 to 4096
[  456.334062][T12715] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  456.437981][ T7177] IPVS: starting estimator thread 0...
[  456.630894][T12716] IPVS: using max 8 ests per chain, 19200 per kthread
[  456.712976][T12722] loop2: detected capacity change from 0 to 1024
[  456.715631][T12722] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  456.717732][T12722] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  456.718143][T12722] EXT4-fs (loop2): orphan cleanup on readonly fs
[  456.830260][T12722] EXT4-fs error (device loop2): ext4_free_blocks:6718: comm syz.2.2615: Freeing blocks not in datazone - block = 0, count = 4096
[  456.830283][T12722] loop2: lost filesystem error report for type 5 error -117
[  456.843731][    C0] EXT4-fs (loop2): initial error at time 1776185031: ext4_free_blocks:6718
[  456.843756][    C0] EXT4-fs (loop2): last error at time 1776185031: ext4_free_blocks:6718
[  456.882700][T12696] loop0: detected capacity change from 0 to 32768
[  456.896058][T12696] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2606 (12696)
[  456.994559][ T7177] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  457.069985][T12696] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  457.070017][T12696] BTRFS info (device loop0): using xxhash64 checksum algorithm
[  457.115046][T12722] EXT4-fs (loop2): Remounting filesystem read-only
[  457.115586][T12722] EXT4-fs (loop2): 1 orphan inode deleted
[  457.143729][T12722] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  457.162894][ T7177] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  457.162922][ T7177] usb 4-1: config 0 has no interface number 0
[  457.162951][ T7177] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  457.162989][ T7177] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  457.163016][ T7177] usb 4-1: config 0 interface 255 has no altsetting 0
[  457.163048][ T7177] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  457.163070][ T7177] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.250319][ T7177] usb 4-1: config 0 descriptor??
[  457.265015][ T7177] ums-realtek 4-1:0.255: USB Mass Storage device detected
[  457.389522][ T6568] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.713692][ T7177] usb 4-1: USB disconnect, device number 14
[  458.195268][T12756] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2623'.
[  458.262801][T12696] BTRFS info (device loop0): enabling ssd optimizations
[  458.262826][T12696] BTRFS info (device loop0): turning on flush-on-commit
[  458.262841][T12696] BTRFS info (device loop0): turning on async discard
[  458.262856][T12696] BTRFS info (device loop0): enabling free space tree
[  458.262882][T12696] BTRFS info (device loop0): force zlib compression, level 3
[  458.262900][T12696] BTRFS info (device loop0): max_inline set to 4096
[  458.763214][T10584] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  458.770198][T12771] loop5: detected capacity change from 0 to 512
[  458.998885][T12771] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  458.999040][T12771] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  459.336090][ T8219] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.778705][T12784] dvmrp6: entered allmulticast mode
[  460.058139][T12805] vxfs: WRONG superblock magic 00000000 at 1
[  460.068018][T12805] vxfs: WRONG superblock magic 00000000 at 8
[  460.068045][T12805] vxfs: can't find superblock.
[  460.715666][T12821] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2650'.
[  460.899072][   T38] kauditd_printk_skb: 11 callbacks suppressed
[  460.899090][   T38] audit: type=1326 audit(1776185035.335:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12819 comm="syz.5.2651" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8506eec819 code=0x0
[  462.006918][T12843] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  462.159032][ T5836] hid_parser_main: 222 callbacks suppressed
[  462.159054][ T5836] hid-generic 0005:15C2:0C6E.0013: unknown main item tag 0x0
[  463.232160][T12852] syz.4.2661 (12852) used greatest stack depth: 16128 bytes left
[  463.400238][ T5836] hid-generic 0005:15C2:0C6E.0013: hidraw0: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa
[  463.675185][T12887] loop2: detected capacity change from 0 to 2048
[  464.045236][T12887] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  465.198727][T12927] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.2687'.
[  465.987564][T12953] loop5: detected capacity change from 0 to 2048
[  466.325636][T12953] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  466.711061][T12962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2703'.
[  467.146236][T12977] loop3: detected capacity change from 0 to 64
[  467.833111][T12993] loop0: detected capacity change from 0 to 512
[  467.874452][T12993] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  467.923057][T12993] EXT4-fs (loop0): 1 orphan inode deleted
[  467.923081][T12993] EXT4-fs (loop0): 1 truncate cleaned up
[  467.927250][T12993] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  468.021978][T12993] EXT4-fs (loop0): shut down requested (2)
[  468.168610][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  469.134899][T13002] loop5: detected capacity change from 0 to 32768
[  469.195320][T13002] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  469.243098][T13002] XFS (loop5): Ending clean mount
[  469.282928][T13019] loop2: detected capacity change from 0 to 8192
[  469.352872][   T38] audit: type=1800 audit(1776185043.785:43): pid=13019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2728" name="file2" dev="loop2" ino=1048702 res=0 errno=0
[  469.916757][T13019] syz.2.2728: attempt to access beyond end of device
[  469.916757][T13019] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  469.916796][T13019] Buffer I/O error on dev loop2, logical block 57847, async page read
[  470.182379][T13045] loop0: detected capacity change from 0 to 128
[  470.211857][ T8219] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  470.356503][T13045] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  470.442606][T13045] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  470.771786][T13045] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 93: 0xcc != 0x00
[  470.771816][T13045] UDF-fs: error (device loop0): udf_count_free_bitmap: udf_count_free failed
[  470.771836][T13045] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 93: 0xcc != 0x00
[  470.771855][T13045] UDF-fs: error (device loop0): udf_count_free_bitmap: udf_count_free failed
[  471.089791][T13039] loop3: detected capacity change from 0 to 32768
[  471.167866][T13039] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  471.361744][T13039] XFS (loop3): Ending clean mount
[  471.681553][T13073] loop0: detected capacity change from 0 to 2048
[  471.841462][T13073] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  472.122518][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  472.370373][T13083] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2746'.
[  472.372038][T13083] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2746'.
[  472.372059][T13083] netlink: 528 bytes leftover after parsing attributes in process `syz.0.2746'.
[  472.567416][T13085] dummy0: entered promiscuous mode
[  472.587248][T13085] macvlan2: entered promiscuous mode
[  472.601547][T13085] macvlan2: entered allmulticast mode
[  472.601570][T13085] dummy0: entered allmulticast mode
[  472.888257][ T5830] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  473.667466][T13102] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  473.667483][T13102] IPv6: NLM_F_CREATE should be set when creating new route
[  473.735779][T13102] IPv6: NLM_F_CREATE should be set when creating new route
[  473.735812][T13102] IPv6: NLM_F_CREATE should be set when creating new route
[  473.748604][T13102] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  475.021560][T13129] loop5: detected capacity change from 0 to 256
[  475.056557][T13129] exfat: Deprecated parameter 'namecase'
[  475.066758][T13129] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  476.650419][T11628] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  476.654299][T13161] loop3: detected capacity change from 0 to 2048
[  476.926820][T13174] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  477.602355][T13192] loop0: detected capacity change from 0 to 128
[  477.741203][T13174] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  477.741229][T13174] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  477.786365][T13174] Remounting filesystem read-only
[  477.955658][ T5830] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  478.125653][ T1716] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  479.030569][T13202] loop2: detected capacity change from 0 to 40427
[  479.036904][T13202] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  479.036929][T13202] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  479.712631][T13202] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  479.794024][T13228] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2800'.
[  480.002810][T13202] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  480.002842][T13202] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  480.391430][T13240] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2808'.
[  480.628527][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  483.018811][T13262] loop5: detected capacity change from 0 to 32768
[  483.467754][T13262] JBD2: Ignoring recovery information on journal
[  483.815303][T13262] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  484.135846][ T5956] usb 1-1: new low-speed USB device number 17 using dummy_hcd
[  484.414035][ T5956] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  484.414085][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  484.414111][ T5956] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  484.414135][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  484.414160][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  484.485615][ T5956] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  484.485675][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  484.485702][ T5956] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  484.485727][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  484.485753][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  484.490916][ T5956] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  484.490978][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  484.491005][ T5956] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  484.491029][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  484.491054][ T5956] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  484.500699][ T5956] usb 1-1: string descriptor 0 read error: -22
[  484.500845][ T5956] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  484.500880][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.627315][ T5956] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  484.793687][ T5879] usb 1-1: USB disconnect, device number 17
[  485.029286][T13278] adutux: No device or device unplugged -19
[  485.516077][T13308] loop3: detected capacity change from 0 to 256
[  485.531086][T13308] exfat: Deprecated parameter 'namecase'
[  485.560608][ T8219] ocfs2: Unmounting device (7,5) on (node local)
[  485.731864][T13308] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  487.427683][T13317] loop5: detected capacity change from 0 to 40427
[  487.453393][T13317] F2FS-fs (loop5): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  487.453423][T13317] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  487.487011][T13317] F2FS-fs (loop5): invalid crc value
[  487.505186][T13341] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2851'.
[  487.685741][T13317] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  488.107920][T13351] loop0: detected capacity change from 0 to 2048
[  488.137777][T13351] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  488.187439][T13351] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  488.252304][T13357] loop3: detected capacity change from 0 to 8
[  488.342289][T13357] SQUASHFS error: zstd decompression error: 10
[  488.342689][T13357] SQUASHFS error: zstd decompression failed, data probably corrupt
[  488.342722][T13357] SQUASHFS error: Failed to read block 0x62b: -5
[  488.342739][T13357] SQUASHFS error: Unable to read metadata cache entry [629]
[  488.342755][T13357] SQUASHFS error: Unable to read directory block [629:ff26]
[  488.676358][T13359] SQUASHFS error: Unable to read metadata cache entry [629]
[  488.676385][T13359] SQUASHFS error: Unable to read directory block [629:ff26]
[  488.732810][T13317] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  488.732841][T13317] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  488.788564][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  488.907090][T13369] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2862'.
[  489.579736][T13383] loop0: detected capacity change from 0 to 512
[  489.619401][T13383] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  489.619735][T13383] EXT4-fs (loop0): orphan cleanup on readonly fs
[  489.650521][ T8219] syz-executor: attempt to access beyond end of device
[  489.650521][ T8219] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  489.703037][T13383] Quota error (device loop0): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6).
[  489.703271][T13383] EXT4-fs warning (device loop0): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  489.706941][T13383] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  489.724636][ T8219] CPU: 0 UID: 0 PID: 8219 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  489.724670][ T8219] Tainted: [L]=SOFTLOCKUP
[  489.724685][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  489.724698][ T8219] Call Trace:
[  489.724706][ T8219]  <TASK>
[  489.724715][ T8219]  dump_stack_lvl+0xe8/0x150
[  489.724743][ T8219]  f2fs_stop_checkpoint+0x383/0x540
[  489.724775][ T8219]  f2fs_write_end_io+0x1274/0x1740
[  489.724816][ T8219]  __submit_merged_bio+0x256/0x6a0
[  489.724850][ T8219]  __submit_merged_write_cond+0x3c9/0x4e0
[  489.724884][ T8219]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  489.724933][ T8219]  f2fs_write_data_pages+0x287e/0x34f0
[  489.724952][ T8219]  ? __bfs+0x153/0x290
[  489.724973][ T8219]  ? __pfx_hlock_conflict+0x10/0x10
[  489.725040][ T8219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  489.725101][ T8219]  ? __lock_acquire+0x6b5/0x2cf0
[  489.725127][ T8219]  ? __lock_acquire+0x6b5/0x2cf0
[  489.725169][ T8219]  ? do_raw_spin_lock+0x12b/0x2f0
[  489.725200][ T8219]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  489.725228][ T8219]  ? lockdep_hardirqs_on+0x7a/0x110
[  489.725254][ T8219]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  489.725279][ T8219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  489.725299][ T8219]  do_writepages+0x32e/0x550
[  489.725325][ T8219]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  489.725348][ T8219]  ? rt_spin_unlock+0x14f/0x200
[  489.725384][ T8219]  filemap_fdatawrite+0x1ec/0x2f0
[  489.725416][ T8219]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  489.725439][ T8219]  ? __lock_acquire+0x6b5/0x2cf0
[  489.725495][ T8219]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  489.725523][ T8219]  ? rt_spin_unlock+0x160/0x200
[  489.725547][ T8219]  f2fs_sync_dirty_inodes+0x30e/0x830
[  489.725582][ T8219]  f2fs_write_checkpoint+0x9df/0x26a0
[  489.725635][ T8219]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  489.725695][ T8219]  ? kfree+0x1c5/0x6c0
[  489.725714][ T8219]  ? __wake_up_common_lock+0x18a/0x1e0
[  489.725734][ T8219]  ? f2fs_stop_gc_thread+0x82/0xb0
[  489.725765][ T8219]  kill_f2fs_super+0x314/0x730
[  489.725791][ T8219]  ? __pfx_kill_f2fs_super+0x10/0x10
[  489.725822][ T8219]  ? lockdep_hardirqs_on+0x7a/0x110
[  489.725860][ T8219]  deactivate_locked_super+0xbc/0x130
[  489.725887][ T8219]  cleanup_mnt+0x437/0x4d0
[  489.725911][ T8219]  ? _raw_spin_unlock_irq+0x23/0x50
[  489.725940][ T8219]  task_work_run+0x1d9/0x270
[  489.725968][ T8219]  ? __pfx_task_work_run+0x10/0x10
[  489.726015][ T8219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.726035][ T8219]  exit_to_user_mode_loop+0xed/0x480
[  489.726056][ T8219]  ? rcu_is_watching+0x15/0xb0
[  489.726083][ T8219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.726103][ T8219]  do_syscall_64+0x33e/0xf80
[  489.726128][ T8219]  ? trace_irq_disable+0x3b/0x140
[  489.726148][ T8219]  ? clear_bhb_loop+0x40/0x90
[  489.726171][ T8219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.726196][ T8219] RIP: 0033:0x7f8506eeda57
[  489.726214][ T8219] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  489.726230][ T8219] RSP: 002b:00007ffde0456638 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  489.726251][ T8219] RAX: 0000000000000000 RBX: 00007f8506f82048 RCX: 00007f8506eeda57
[  489.726263][ T8219] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde04566f0
[  489.726273][ T8219] RBP: 00007ffde04566f0 R08: 00007ffde04576f0 R09: 00000000ffffffff
[  489.726286][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde0457780
[  489.726297][ T8219] R13: 00007f8506f82048 R14: 00000000000775b3 R15: 00007ffde04577c0
[  489.726328][ T8219]  </TASK>
[  489.728315][ T8219] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  489.811537][T13383] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.2871: bg 0: block 15: invalid block bitmap
[  489.811572][T13383] loop0: lost filesystem error report for type 5 error -117
[  489.814198][T13383] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  489.814222][T13383] loop0: lost filesystem error report for type 5 error -117
[  489.821192][    C0] EXT4-fs (loop0): error count since last fsck: 2
[  489.821215][    C0] EXT4-fs (loop0): initial error at time 1776185064: ext4_validate_block_bitmap:432
[  489.821235][    C0] EXT4-fs (loop0): last error at time 1776185064: ext4_mb_clear_bb:6679
[  489.875434][T13383] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #16: comm syz.0.2871: data will be lost
[  489.875631][T13383] EXT4-fs (loop0): 1 truncate cleaned up
[  489.912041][T13383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  490.103146][T13383] EXT4-fs error (device loop0): ext4_get_link:106: inode #16: comm syz.0.2871: bad symlink.
[  490.114031][T13393] EXT4-fs error (device loop0): ext4_get_link:106: inode #16: comm syz.0.2871: bad symlink.
[  490.425774][T13400] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2876'.
[  490.529143][T13400] 8021q: adding VLAN 0 to HW filter on device batadv1
[  490.556360][T13400] team0: Port device batadv1 added
[  490.556471][T13399] tipc: Started in network mode
[  490.556496][T13399] tipc: Node identity ac14140f, cluster identity 4711
[  490.623042][T13399] tipc: New replicast peer: 172.20.20.187
[  490.648852][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  490.674226][T13399] tipc: Enabled bearer <udp:syz2>, priority 10
[  490.804857][T13404] netlink: 316 bytes leftover after parsing attributes in process `syz.2.2880'.
[  491.207753][T13415] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2884'.
[  491.347711][ T5879] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  491.545795][ T5879] usb 4-1: Using ep0 maxpacket: 8
[  491.574993][ T5879] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  491.575029][ T5879] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  491.575055][ T5879] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  491.575077][ T5879] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  491.575119][ T5879] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  491.575140][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.794254][   T32] tipc: Node number set to 2886997007
[  492.036888][ T5879] usb 4-1: GET_CAPABILITIES returned 0
[  492.036930][ T5879] usbtmc 4-1:16.0: can't read capabilities
[  492.053005][T13426] loop0: detected capacity change from 0 to 256
[  492.252400][ T5879] usb 4-1: USB disconnect, device number 15
[  493.622852][T13460] mmap: syz.4.2902 (13460): VmData 37453824 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  494.258726][T13469] loop2: detected capacity change from 0 to 256
[  494.690008][T13476] loop0: detected capacity change from 0 to 64
[  495.484704][T13488] loop2: detected capacity change from 0 to 512
[  495.576096][T13488] EXT4-fs error (device loop2): __ext4_iget:5481: inode #11: block 1: comm syz.2.2914: invalid block
[  495.576145][T13488] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  495.580096][    C1] EXT4-fs (loop2): error count since last fsck: 1
[  495.580121][    C1] EXT4-fs (loop2): initial error at time 1776185070: __ext4_iget:5481: inode 11: block 1
[  495.580155][    C1] EXT4-fs (loop2): last error at time 1776185070: __ext4_iget:5481: inode 11: block 1
[  495.632594][T13488] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.2914: couldn't read orphan inode 11 (err -117)
[  495.632630][T13488] loop2: lost filesystem error report for type 5 error -117
[  495.773655][T13488] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  495.816354][T13488] EXT4-fs error (device loop2): __ext4_add_entry:2412: inode #2: comm syz.2.2914: Directory hole found for htree leaf block 0
[  496.212186][ T6568] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  496.376617][T13505] TCP: TCP_TX_DELAY enabled
[  496.467764][T13508] pimreg: entered allmulticast mode
[  496.492826][T13509] pimreg: left allmulticast mode
[  497.832365][   T38] audit: type=1326 audit(1776185072.255:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.2.2927" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f895c36c819 code=0x0
[  498.215756][T13530] loop0: detected capacity change from 0 to 256
[  498.215840][T13531] loop3: detected capacity change from 0 to 128
[  498.303033][T13531] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  498.317982][T13530] exFAT-fs (loop0): failed to test first cluster bit of root dir(5)
[  498.326035][T13531] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  498.996100][T13543] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2935'.
[  500.457769][T13575] netlink: 844 bytes leftover after parsing attributes in process `syz.0.2945'.
[  501.118821][T13582] block nbd3: shutting down sockets
[  501.613162][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  501.620264][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  502.488366][T13623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2967'.
[  502.623968][T13619] loop3: detected capacity change from 0 to 32768
[  502.658353][ T5879] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  502.777824][T13619] JBD2: Ignoring recovery information on journal
[  502.808638][T13617] loop2: detected capacity change from 0 to 32768
[  502.828681][ T5879] usb 6-1: Using ep0 maxpacket: 32
[  502.837609][ T5879] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  502.837634][ T5879] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  502.837652][ T5879] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  502.837671][ T5879] usb 6-1: config 1 has no interface number 0
[  502.837712][ T5879] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  502.837739][ T5879] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  502.837778][ T5879] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  502.837800][ T5879] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.841371][T13617] (syz.2.2965,13617,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  502.845278][T13617] (syz.2.2965,13617,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  502.946258][T13617] JBD2: Ignoring recovery information on journal
[  502.999721][ T5879] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  503.167344][T13619] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  503.232389][T13617] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  503.292252][ T5879] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now attached
[  503.938978][ T5956] usb 6-1: USB disconnect, device number 13
[  503.943303][ T5956] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  504.148378][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  504.324305][   T32] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  504.603487][   T32] usb 1-1: Using ep0 maxpacket: 16
[  504.607590][   T32] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  504.607644][   T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  504.607671][   T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  504.607700][   T32] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  504.607721][   T32] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  504.670616][   T32] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  504.670644][   T32] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  504.670660][   T32] usb 1-1: Manufacturer: syz
[  504.764529][   T32] usb 1-1: config 0 descriptor??
[  505.187926][   T32] rc_core: IR keymap rc-hauppauge not found
[  505.201730][   T32] Registered IR keymap rc-empty
[  505.205254][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.218407][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.302635][   T32] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  505.305637][   T32] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12
[  505.333009][ T5830] ocfs2: Unmounting device (7,3) on (node local)
[  505.430403][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.448593][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.468411][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.498486][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.520419][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.543232][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.558493][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.578377][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.598666][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.625527][   T32] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  505.661709][ T6568] ocfs2: Unmounting device (7,2) on (node local)
[  505.780398][   T32] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 0
[  505.780424][   T32] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  505.812842][   T32] usb 1-1: USB disconnect, device number 18
[  506.978495][T13690] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2995'.
[  507.027251][T13684] dvmrp1: tun_chr_ioctl cmd 1074812118
[  507.481730][T13704] loop3: detected capacity change from 0 to 128
[  507.499713][T13704] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  507.525213][T13704] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  507.558324][   T32] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  507.617326][T13704] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 93: 0xcc != 0x00
[  507.617349][T13704] UDF-fs: error (device loop3): udf_count_free_bitmap: udf_count_free failed
[  507.617364][T13704] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 93: 0xcc != 0x00
[  507.617374][T13704] UDF-fs: error (device loop3): udf_count_free_bitmap: udf_count_free failed
[  507.760119][   T32] usb 3-1: Using ep0 maxpacket: 16
[  507.762567][   T32] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  507.762614][   T32] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  507.762642][   T32] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  507.762662][   T32] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  507.762681][   T32] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  507.764081][   T32] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  507.764107][   T32] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  507.764126][   T32] usb 3-1: Manufacturer: syz
[  507.872180][   T32] usb 3-1: config 0 descriptor??
[  508.348288][   T32] rc_core: IR keymap rc-hauppauge not found
[  508.348307][   T32] Registered IR keymap rc-empty
[  508.403379][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.429501][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.451889][   T32] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  508.455400][   T32] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input13
[  508.517037][   T38] audit: type=1326 audit(1776185082.945:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13719 comm="syz.4.3007" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7ab468c819 code=0x0
[  508.544782][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.574183][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.598594][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.617176][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.698127][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.728523][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.748389][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.780598][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.803150][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.829702][   T32] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  508.885983][   T32] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 0
[  508.886008][   T32] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  508.934055][T13727] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3010'.
[  508.962232][   T32] usb 3-1: USB disconnect, device number 12
[  509.155397][T13732] loop0: detected capacity change from 0 to 256
[  509.466588][T13736] netem: incorrect gi model size
[  509.466624][T13736] netem: change failed
[  509.562424][T11628] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  509.821876][T13744] tipc: Started in network mode
[  509.821905][T13744] tipc: Node identity ac14140f, cluster identity 4711
[  509.822203][T13744] tipc: New replicast peer: 255.255.255.255
[  509.822892][T13744] tipc: Enabled bearer <udp:syz2>, priority 10
[  510.968698][ T7177] tipc: Node number set to 2886997007
[  511.481435][T13753] loop3: detected capacity change from 0 to 131072
[  511.623203][T13753] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  511.644027][T13753] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  514.237066][T13815] loop5: detected capacity change from 0 to 2048
[  514.317833][T13815] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  514.622201][T13824] netlink: 84 bytes leftover after parsing attributes in process `syz.5.3049'.
[  515.925142][T13854] loop3: detected capacity change from 0 to 2048
[  516.204665][T13854] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  516.247835][T13857] loop5: detected capacity change from 0 to 32768
[  516.262917][T13857] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3062 (13857)
[  516.291417][T13857] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  516.291452][T13857] BTRFS info (device loop5): using crc32c checksum algorithm
[  516.291482][T13857] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  516.594540][T13857] BTRFS info (device loop5): rebuilding free space tree
[  516.918353][   T32] usb 4-1: new low-speed USB device number 16 using dummy_hcd
[  517.095910][T13857] BTRFS info (device loop5): disabling free space tree
[  517.096002][T13857] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  517.096027][T13857] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  517.159246][   T32] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  517.159293][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  517.159319][   T32] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  517.159342][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  517.159366][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  517.162884][   T32] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  517.162929][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  517.162955][   T32] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  517.162979][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  517.163004][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  517.165002][   T32] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  517.165051][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  517.165077][   T32] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  517.165102][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  517.165126][   T32] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  517.168083][T13857] BTRFS info (device loop5): enabling ssd optimizations
[  517.168107][T13857] BTRFS info (device loop5): turning on async discard
[  517.168124][T13857] BTRFS info (device loop5): enabling disk space caching
[  517.168140][T13857] BTRFS info (device loop5): force clearing of disk cache
[  517.168208][T13857] BTRFS info (device loop5): use zstd compression, level 3
[  517.182814][   T32] usb 4-1: string descriptor 0 read error: -22
[  517.182949][   T32] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  517.182967][   T32] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.491937][T13851] loop2: detected capacity change from 0 to 32768
[  517.899379][ T8219] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  518.100718][   T32] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  518.241047][   T32] usb 4-1: USB disconnect, device number 16
[  520.018030][T13904] loop2: detected capacity change from 0 to 32768
[  520.979074][T13925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3086'.
[  521.073131][T13927] loop3: detected capacity change from 0 to 128
[  521.519222][T13930] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3088'.
[  522.854220][T13973] loop3: detected capacity change from 0 to 512
[  522.888135][T13973] EXT4-fs (loop3): 1 truncate cleaned up
[  522.890967][T13973] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  523.058558][  T819] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  523.077104][   T38] audit: type=1800 audit(1776185097.465:46): pid=13976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3106" name="file1" dev="loop3" ino=15 res=0 errno=0
[  523.211618][  T819] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  523.211651][  T819] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  523.211688][  T819] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  523.211711][  T819] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.268987][  T819] usb 1-1: config 0 descriptor??
[  523.736337][  T819] keytouch 0003:0926:3333.0014: fixing up Keytouch IEC report descriptor
[  523.886414][  T819] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0014/input/input14
[  524.125384][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.244391][T14021] program syz.5.3126 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  525.340799][T14006] loop2: detected capacity change from 0 to 32768
[  525.352693][T14006] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3120 (14006)
[  525.897737][T14006] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  525.897771][T14006] BTRFS info (device loop2): using sha256 checksum algorithm
[  526.109632][  T819] keytouch 0003:0926:3333.0014: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  526.131012][  T819] usb 1-1: USB disconnect, device number 19
[  526.438655][T14042] fido_id[14042]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  526.728325][ T1250] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  526.952023][ T1250] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  526.952056][ T1250] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  526.952094][ T1250] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  526.952117][ T1250] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.011067][T14006] BTRFS info (device loop2): enabling ssd optimizations
[  527.011091][T14006] BTRFS info (device loop2): turning on async discard
[  527.011104][T14006] BTRFS info (device loop2): enabling free space tree
[  527.150372][ T1250] usb 6-1: config 0 descriptor??
[  527.373597][ T6568] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  527.720172][T14054] loop0: detected capacity change from 0 to 1024
[  527.726246][T14054] EXT4-fs: Ignoring removed orlov option
[  527.728131][ T1250] keytouch 0003:0926:3333.0015: fixing up Keytouch IEC report descriptor
[  528.309495][T14064] netlink: 'syz.3.3137': attribute type 1 has an invalid length.
[  528.329817][T14054] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  528.338842][ T1250] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0015/input/input15
[  529.127767][T14073] loop2: detected capacity change from 0 to 16
[  529.258331][T14073] erofs (device loop2): mounted with root inode @ nid 36.
[  530.047331][ T1250] keytouch 0003:0926:3333.0015: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  530.162232][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.437793][T14086] netlink: 212340 bytes leftover after parsing attributes in process `syz.0.3144'.
[  530.437886][T14086] openvswitch: netlink: Port 167772160 exceeds max allowable 65535
[  531.446263][T14104] loop3: detected capacity change from 0 to 128
[  531.536611][T14110] loop2: detected capacity change from 0 to 1024
[  531.537671][T14110] EXT4-fs: Ignoring removed orlov option
[  531.768745][T14110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  531.886667][ T1250] usb 6-1: USB disconnect, device number 14
[  532.692145][ T6568] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.781089][T14138] loop0: detected capacity change from 0 to 256
[  532.834240][T14138] FAT-fs (loop0): bogus sectors per cluster 223
[  532.834264][T14138] FAT-fs (loop0): Can't find a valid FAT filesystem
[  534.874252][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  535.151641][T14156] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  535.165429][T14156] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  535.303690][T14184] loop5: detected capacity change from 0 to 128
[  535.555685][   T38] audit: type=1800 audit(1776185109.805:47): pid=14158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3173" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  535.607563][T14158] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  535.607607][T14158] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  535.607626][T14158] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  536.373223][T14198] bond1: ARP target 9.0.0.0 is already present
[  536.373249][T14198] bond1: option arp_ip_target: invalid value (9)
[  536.455853][T14198] bond1 (unregistering): Released all slaves
[  536.514870][   T38] audit: type=1800 audit(1776185110.955:48): pid=14184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3184" name="file1" dev="loop5" ino=1048737 res=0 errno=0
[  536.817364][T14156] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  536.817462][T14156] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  537.115807][ T5828] Bluetooth: hci4: command 0x0406 tx timeout
[  537.120340][T14156] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  537.120556][T14156] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  537.341217][T14156] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  537.341297][T14156] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  537.456266][T14156] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  537.862807][ T1250] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  538.132816][ T1250] usb 4-1: Using ep0 maxpacket: 16
[  538.136579][ T1250] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  538.136634][ T1250] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  538.136663][ T1250] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  538.136685][ T1250] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  538.136706][ T1250] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  538.137924][ T1250] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  538.137959][ T1250] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  538.137978][ T1250] usb 4-1: Manufacturer: syz
[  538.241702][ T1250] usb 4-1: config 0 descriptor??
[  538.302165][T14226] input: syz1 as /devices/virtual/input/input16
[  538.558997][ T1250] rc_core: IR keymap rc-hauppauge not found
[  538.559018][ T1250] Registered IR keymap rc-empty
[  538.559230][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.588397][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.610408][ T1250] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  538.668901][ T1250] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input17
[  538.707782][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.724432][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.748752][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.771909][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.798392][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.818475][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.838356][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.858433][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.869414][ T5828] Bluetooth: hci1: command 0x0406 tx timeout
[  538.888500][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.918401][ T1250] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.983165][ T1250] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  538.983190][ T1250] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  539.032553][ T1250] usb 4-1: USB disconnect, device number 17
[  539.198755][ T5828] Bluetooth: hci4: command 0x0406 tx timeout
[  539.198795][ T5828] Bluetooth: hci0: command 0x0405 tx timeout
[  539.326827][T14242] 9p: Bad value for 'rfdno'
[  539.348316][T14206] Bluetooth: hci3: command 0x0405 tx timeout
[  539.842953][T14252] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3209'.
[  539.891679][T14252] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3209'.
[  539.893279][T14255] loop0: detected capacity change from 0 to 256
[  540.180996][T14255] FAT-fs (loop0): Directory bread(block 64) failed
[  540.181030][T14255] FAT-fs (loop0): Directory bread(block 65) failed
[  540.181126][T14255] FAT-fs (loop0): Directory bread(block 66) failed
[  540.181149][T14255] FAT-fs (loop0): Directory bread(block 67) failed
[  540.181245][T14255] FAT-fs (loop0): Directory bread(block 68) failed
[  540.181267][T14255] FAT-fs (loop0): Directory bread(block 69) failed
[  540.181362][T14255] FAT-fs (loop0): Directory bread(block 70) failed
[  540.181383][T14255] FAT-fs (loop0): Directory bread(block 71) failed
[  540.181475][T14255] FAT-fs (loop0): Directory bread(block 72) failed
[  540.181497][T14255] FAT-fs (loop0): Directory bread(block 73) failed
[  540.318853][T14260] loop3: detected capacity change from 0 to 32768
[  540.324355][T14260] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3215 (14260)
[  540.381560][T14260] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  540.381593][T14260] BTRFS info (device loop3): using xxhash64 checksum algorithm
[  540.381621][T14260] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  540.390340][T14264] program syz.5.3214 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  540.547736][T14260] BTRFS info (device loop3): rebuilding free space tree
[  540.672160][T14260] BTRFS info (device loop3): disabling free space tree
[  540.672212][T14260] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  540.672225][T14260] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  540.704778][T14260] BTRFS info (device loop3): setting nodatasum
[  540.704802][T14260] BTRFS info (device loop3): allowing degraded mounts
[  540.704819][T14260] BTRFS info (device loop3): turning on async discard
[  540.704835][T14260] BTRFS info (device loop3): enabling disk space caching
[  540.704849][T14260] BTRFS info (device loop3): force clearing of disk cache
[  540.704866][T14260] BTRFS info (device loop3): force zlib compression, level 3
[  540.870738][T14260] BTRFS info (device loop3): balance: start -susage=1,usage=1..0,drange=6..6,vrange=8..15,limit=2,stripes=7..3
[  540.875940][T14260] BTRFS info (device loop3): balance: ended with status: 0
[  540.951178][T14206] Bluetooth: hci1: command 0x0406 tx timeout
[  541.099864][ T5830] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  541.268675][T14206] Bluetooth: hci0: command 0x0405 tx timeout
[  541.430088][T14206] Bluetooth: hci3: command 0x0405 tx timeout
[  541.540060][  T152] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  541.943457][T14297] loop5: detected capacity change from 0 to 4096
[  542.744026][T14314] netlink: 'syz.2.3231': attribute type 6 has an invalid length.
[  542.871040][T14320] netlink: 'syz.4.3232': attribute type 10 has an invalid length.
[  543.515004][T14206] Bluetooth: hci3: command 0x0405 tx timeout
[  544.716995][T14320] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  545.201780][T14345] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3241'.
[  545.202041][T14345] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3241'.
[  545.723732][T14364] loop0: detected capacity change from 0 to 4096
[  545.763338][T14369] loop2: detected capacity change from 0 to 256
[  545.965713][T14369] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  546.036322][   T38] audit: type=1800 audit(1776185120.435:49): pid=14369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3255" name="file1" dev="loop2" ino=1048739 res=0 errno=0
[  546.036375][   T38] audit: type=1800 audit(1776185120.455:50): pid=14369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3255" name="file1" dev="loop2" ino=1048739 res=0 errno=0
[  546.487634][T14376] FAT-fs (loop2): error, corrupted file size (i_pos 196, 16779264)
[  546.487667][T14376] FAT-fs (loop2): Filesystem has been set read-only
[  546.625781][T14376] FAT-fs (loop2): error, corrupted file size (i_pos 196, 16779008)
[  546.625905][T14376] FAT-fs (loop2): error, corrupted file size (i_pos 196, 16779008)
[  548.023255][T14395] program syz.2.3265 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  548.726349][T14413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3273'.
[  550.036600][T14438] tipc: Enabled bearer <eth:gre0>, priority 10
[  550.461665][   T38] audit: type=1326 audit(1776185124.895:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14449 comm="syz.5.3288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8506eec819 code=0x7ffc0000
[  550.461828][   T38] audit: type=1326 audit(1776185124.895:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14449 comm="syz.5.3288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8506eec819 code=0x7ffc0000
[  550.529375][   T38] audit: type=1326 audit(1776185124.965:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14449 comm="syz.5.3288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8506eec819 code=0x7ffc0000
[  550.529773][   T38] audit: type=1326 audit(1776185124.965:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14449 comm="syz.5.3288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8506eec819 code=0x7ffc0000
[  550.531480][   T38] audit: type=1326 audit(1776185124.965:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14449 comm="syz.5.3288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f8506eec819 code=0x7ffc0000
[  550.621398][T14452] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3289'.
[  550.748722][T14448] loop3: detected capacity change from 0 to 4096
[  550.777743][   T38] audit: type=1326 audit(1776185125.205:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14449 comm="syz.5.3288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8506eec819 code=0x7ffc0000
[  550.778084][   T38] audit: type=1326 audit(1776185125.205:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14449 comm="syz.5.3288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8506eec819 code=0x7ffc0000
[  550.780510][T14448] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  550.892738][T14429] loop2: detected capacity change from 0 to 32768
[  551.100268][   T38] audit: type=1800 audit(1776185125.535:58): pid=14429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3278" name="file1" dev="loop2" ino=7 res=0 errno=0
[  551.129326][T14448] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  551.148076][T14448] ntfs3(loop3): ino=19, mi_enum_attr
[  551.552422][T14467] loop0: detected capacity change from 0 to 256
[  551.574528][T14467] exfat: Deprecated parameter 'namecase'
[  551.574570][T14467] exfat: Deprecated parameter 'namecase'
[  551.664095][T14469] loop5: detected capacity change from 0 to 512
[  551.735706][T14462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.787514][T14469] EXT4-fs: Ignoring removed nobh option
[  551.812980][T14469] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  551.863494][T14469] EXT4-fs (loop5): 1 truncate cleaned up
[  551.876712][T14469] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  551.940054][T14467] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  552.136589][T14448] ntfs3(loop3): failed to convert "c46c" to iso8859-14
[  552.509431][ T8219] EXT4-fs error (device loop5): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  552.528660][T14448] ntfs3(loop3): ino=20, mi_enum_attr
[  553.312716][T14496] loop6: detected capacity change from 0 to 524288000
[  554.267985][T14502] Invalid logical block size (65536)
[  554.308447][ T1250] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  554.490772][ T1250] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  554.490802][ T1250] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  554.490821][ T1250] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  554.490869][ T1250] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  554.490896][ T1250] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  554.500119][ T1250] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  554.500149][ T1250] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  554.500169][ T1250] usb 3-1: Product: syz
[  554.500183][ T1250] usb 3-1: Manufacturer: syz
[  554.701819][ T8219] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  554.702117][ T1250] cdc_wdm 3-1:1.0: skipping garbage
[  554.702133][ T1250] cdc_wdm 3-1:1.0: skipping garbage
[  554.945537][ T1250] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  554.945574][ T1250] cdc_wdm 3-1:1.0: Unknown control protocol
[  555.648496][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -EPIPE
[  555.886134][T14514] loop3: detected capacity change from 0 to 131072
[  555.936231][T14514] F2FS-fs (loop3): invalid crc value
[  556.111824][T14514] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  556.181368][T14514] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  556.402891][ T5879] usb 3-1: USB disconnect, device number 13
[  556.886948][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  557.010272][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  557.018093][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  557.063452][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  557.068136][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  558.162472][T14549] loop0: detected capacity change from 0 to 512
[  558.166697][T14549] EXT4-fs: Ignoring removed nomblk_io_submit option
[  558.225288][T14549] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  558.225310][T14549] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[  558.225644][T14549] EXT4-fs (loop0): orphan cleanup on readonly fs
[  558.225761][T14549] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0
[  558.225854][T14549] EXT4-fs warning (device loop0): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  558.225881][T14549] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  558.376651][T14549] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3330: bg 0: block 40: padding at end of block bitmap is not set
[  558.376689][T14549] loop0: lost filesystem error report for type 5 error -117
[  558.378436][    C1] EXT4-fs (loop0): error count since last fsck: 1
[  558.378455][    C1] EXT4-fs (loop0): initial error at time 1776185132: ext4_validate_block_bitmap:441
[  558.378472][    C1] EXT4-fs (loop0): last error at time 1776185132: ext4_validate_block_bitmap:441
[  558.385858][T14549] EXT4-fs (loop0): Remounting filesystem read-only
[  558.386013][T14549] EXT4-fs (loop0): 1 truncate cleaned up
[  558.463821][T14549] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  558.501060][T14549] EXT4-fs (loop0): shut down requested (2)
[  558.794582][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.146559][  T152] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  559.146593][  T152] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.348922][T14206] Bluetooth: hci0: command tx timeout
[  559.916322][T14566] loop0: detected capacity change from 0 to 4096
[  559.926116][T14566] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  559.930278][T14566] ntfs3(loop0): ino=3, mi_enum_attr
[  560.170641][T14566] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  560.170809][T14566] ntfs3(loop0): ino=1a, mi_enum_attr
[  560.170933][T14566] ntfs3(loop0): ino=1a, mi_enum_attr
[  560.170949][T14566] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  560.270078][  T152] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  560.270114][  T152] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.720545][T14580] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3343'.
[  561.262335][T14588] loop3: detected capacity change from 0 to 4096
[  561.433337][T14206] Bluetooth: hci0: command tx timeout
[  561.606699][  T152] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.606734][  T152] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.891266][T14602] loop2: detected capacity change from 0 to 1024
[  561.916084][T14602] hfsplus: Filesystem is marked locked, mounting read-only.
[  561.920877][T14602] hfsplus: failed to load catalog file
[  562.226559][T14586] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  562.227425][T14586] 8021q: adding VLAN 0 to HW filter on device macsec2
[  562.540215][T14586] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  562.750293][T14610] program syz.3.3355 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  563.077289][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  563.077350][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  563.381701][  T152] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  563.381736][  T152] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  563.514515][T14206] Bluetooth: hci0: command tx timeout
[  563.976779][T14645] C: renamed from team_slave_0 (while UP)
[  564.035905][T14645] netlink: 'syz.0.3369': attribute type 3 has an invalid length.
[  564.035926][T14645] netlink: 116 bytes leftover after parsing attributes in process `syz.0.3369'.
[  564.035941][T14645] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  564.380005][T14529] chnl_net:caif_netlink_parms(): no params data found
[  564.975654][T14529] bridge0: port 1(bridge_slave_0) entered blocking state
[  564.975813][T14529] bridge0: port 1(bridge_slave_0) entered disabled state
[  564.976035][T14529] bridge_slave_0: entered allmulticast mode
[  564.978126][T14529] bridge_slave_0: entered promiscuous mode
[  565.255559][T14529] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.255682][T14529] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.255953][T14529] bridge_slave_1: entered allmulticast mode
[  565.264820][T14529] bridge_slave_1: entered promiscuous mode
[  565.400682][T14669] UBIFS error (pid: 14669): cannot open "./file0", error -22
[  565.532690][T14529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  565.550335][T14529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  565.609544][T14206] Bluetooth: hci0: command tx timeout
[  565.923028][T14529] team0: Port device team_slave_0 added
[  565.926570][T14529] team0: Port device team_slave_1 added
[  566.199821][T14529] batman_adv: batadv0: Adding interface: batadv_slave_0
[  566.199833][T14529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  566.199849][T14529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  566.405877][ T5879] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  566.513688][T14684] batadv0: entered promiscuous mode
[  566.516449][T14684] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  566.544587][T14684] hsr1: entered allmulticast mode
[  566.544609][T14684] batadv0: entered allmulticast mode
[  566.544633][T14684] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  566.545124][T14684] 8021q: adding VLAN 0 to HW filter on device hsr1
[  566.617946][T14529] batman_adv: batadv0: Adding interface: batadv_slave_1
[  566.617961][T14529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  566.617985][T14529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  566.654138][ T5879] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  566.654167][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.654185][ T5879] usb 4-1: Product: syz
[  566.654197][ T5879] usb 4-1: Manufacturer: syz
[  566.654211][ T5879] usb 4-1: SerialNumber: syz
[  566.677001][ T5879] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  567.058646][T14695] loop2: detected capacity change from 0 to 1024
[  567.132588][T14695] hfsplus: failed to load catalog file
[  567.320932][T14529] hsr_slave_0: entered promiscuous mode
[  567.335720][T14529] hsr_slave_1: entered promiscuous mode
[  567.337484][T14529] debugfs: 'hsr0' already exists in 'hsr'
[  567.337509][T14529] Cannot create hsr debugfs directory
[  567.406016][T14701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3391'.
[  568.371130][ T1250] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  569.066863][T14741] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3403'.
[  569.144395][ T5956] usb 4-1: USB disconnect, device number 18
[  569.394264][T14746] loop2: detected capacity change from 0 to 512
[  569.573268][  T152] bridge_slave_1: left allmulticast mode
[  569.573287][  T152] bridge_slave_1: left promiscuous mode
[  569.573434][  T152] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.831373][T14757] loop0: detected capacity change from 0 to 256
[  570.045799][  T152] bridge_slave_0: left allmulticast mode
[  570.045829][  T152] bridge_slave_0: left promiscuous mode
[  570.046079][  T152] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.131862][T14746] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.3406: invalid indirect mapped block 256 (level 2)
[  570.131892][T14746] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  570.138661][    C1] EXT4-fs (loop2): error count since last fsck: 1
[  570.138684][    C1] EXT4-fs (loop2): initial error at time 1776185144: ext4_free_branches:1023: inode 11
[  570.138710][    C1] EXT4-fs (loop2): last error at time 1776185144: ext4_free_branches:1023: inode 11
[  570.148358][ T1250] usb 4-1: Service connection timeout for: 256
[  570.148392][ T1250] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[  570.168342][T14746] EXT4-fs (loop2): 2 truncates cleaned up
[  570.176330][T14746] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  570.311296][ T1250] ath9k_htc: Failed to initialize the device
[  570.317763][ T5956] usb 4-1: ath9k_htc: USB layer deinitialized
[  570.391345][ T6568] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  571.101648][T14769] loop0: detected capacity change from 0 to 4096
[  571.424687][T14773] loop2: detected capacity change from 0 to 16
[  571.435667][T14773] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  572.947879][ T2130] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  573.043982][  T152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  573.059853][  T152] bond_slave_0: left promiscuous mode
[  573.099021][  T152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  573.140989][  T152] bond_slave_1: left promiscuous mode
[  573.142846][  T152] bond0 (unregistering): Released all slaves
[  573.212763][ T5490] 8021q: adding VLAN 0 to HW filter on device eth1
[  573.825529][T14793] loop2: detected capacity change from 0 to 4096
[  574.717589][T14812] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  575.228454][ T5879] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  575.508924][ T5879] usb 4-1: Using ep0 maxpacket: 8
[  575.512998][ T5879] usb 4-1: config 0 has no interfaces?
[  575.517520][ T5879] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  575.517547][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.517565][ T5879] usb 4-1: Product: syz
[  575.517579][ T5879] usb 4-1: Manufacturer: syz
[  575.517592][ T5879] usb 4-1: SerialNumber: syz
[  575.655509][ T5879] usb 4-1: config 0 descriptor??
[  575.878126][   T32] usb 4-1: USB disconnect, device number 19
[  576.628218][   T38] audit: type=1326 audit(1776185151.045:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14837 comm="syz.4.3435" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ab468c819 code=0x0
[  576.859219][T14844] input: syz0 as /devices/virtual/input/input19
[  577.389103][ T5490] 8021q: adding VLAN 0 to HW filter on device eth2
[  578.893881][T14883] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3452'.
[  579.294546][T14891] loop0: detected capacity change from 0 to 512
[  579.372096][T14892] netlink: 92 bytes leftover after parsing attributes in process `syz.4.3455'.
[  579.396395][T14891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  579.396525][T14891] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  579.616077][T14892] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3455'.
[  580.200593][T14899] EXT4-fs error (device loop0): ext4_empty_dir:3082: inode #12: comm syz.0.3456: invalid size
[  580.215637][T14899] EXT4-fs (loop0): Remounting filesystem read-only
[  580.403156][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  580.468847][   T13] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  580.468876][   T13] Quota error (device loop0): write_blk: dquota write failed
[  580.468888][   T13] Quota error (device loop0): free_dqentry: Can't write quota data block 5
[  581.135879][T14930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3464'.
[  582.572992][T14938] loop0: detected capacity change from 0 to 131072
[  582.574089][T14938] xfs: Deprecated parameter 'ikeep'
[  582.574107][T14938] XFS: ikeep mount option is deprecated.
[  582.615964][T14938] XFS (loop0): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  582.699712][  T152] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  582.699741][  T152] batman_adv: batadv0: Removing interface: batadv_slave_0
[  582.733079][T14938] XFS (loop0): Starting recovery (logdev: internal)
[  582.758946][  T152] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  582.758973][  T152] batman_adv: batadv0: Removing interface: batadv_slave_1
[  582.887850][T14938] XFS (loop0): Ending recovery (logdev: internal)
[  583.239010][T14933] loop2: detected capacity change from 0 to 32768
[  583.291034][T14933] 
[  583.291034][T14933]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  583.291034][T14933] 
[  583.509090][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  583.536685][  T152] veth1_macvtap: left promiscuous mode
[  583.570591][  T152] veth0_macvtap: left promiscuous mode
[  583.570874][  T152] veth1_vlan: left promiscuous mode
[  583.571038][  T152] veth0_vlan: left promiscuous mode
[  583.739325][T10584] XFS (loop0): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  583.841758][ T6568] 
[  583.841758][ T6568]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  583.841758][ T6568] 
[  583.842070][ T6568] 
[  583.842070][ T6568]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  583.842070][ T6568] 
[  584.488789][ T7177] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  584.726413][ T7177] usb 4-1: Using ep0 maxpacket: 32
[  584.734502][ T7177] usb 4-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 137, changing to 11
[  584.734536][ T7177] usb 4-1: config 1 interface 0 has no altsetting 0
[  584.758738][ T7177] usb 4-1: New USB device found, idVendor=046d, idProduct=c22d, bcdDevice= 0.40
[  584.758765][ T7177] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.758784][ T7177] usb 4-1: Product: syz
[  584.758796][ T7177] usb 4-1: Manufacturer: syz
[  584.758809][ T7177] usb 4-1: SerialNumber: syz
[  585.066371][ T7177] usbhid 4-1:1.0: can't add hid device: -71
[  585.066489][ T7177] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  585.090673][ T7177] usb 4-1: USB disconnect, device number 20
[  585.784506][T14994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3483'.
[  586.759087][  T152] team0 (unregistering): Port device team_slave_1 removed
[  586.798969][  T152] team0 (unregistering): Port device team_slave_0 removed
[  587.138842][T14529] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  587.307210][T14529] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  587.317432][ T5490] 8021q: adding VLAN 0 to HW filter on device eth3
[  587.541426][T14529] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  587.565096][T14529] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  587.574613][T14529] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  587.688720][  T819] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  587.697220][T14529] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  587.719216][T14529] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  587.797592][T15008] loop0: detected capacity change from 0 to 164
[  587.820089][T15007] loop2: detected capacity change from 0 to 4096
[  587.878400][  T819] usb 4-1: Using ep0 maxpacket: 32
[  587.880772][  T819] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  587.880799][  T819] usb 4-1: config 0 has no interface number 0
[  587.880840][  T819] usb 4-1: config 0 interface 184 has no altsetting 0
[  587.883858][  T819] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  587.883887][  T819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.883908][  T819] usb 4-1: Product: syz
[  587.883921][  T819] usb 4-1: Manufacturer: syz
[  587.883936][  T819] usb 4-1: SerialNumber: syz
[  587.893112][T14529] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  587.955155][  T819] usb 4-1: config 0 descriptor??
[  588.137247][T15017] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  588.911348][  T819] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71
[  588.911381][  T819] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  588.912019][  T819] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  588.912045][  T819] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  588.912062][  T819] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  588.912079][  T819] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  588.912379][  T819] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  589.046510][  T819] usb 4-1: USB disconnect, device number 21
[  589.305482][T15030] pimreg: tun_chr_ioctl cmd 2147767506
[  589.607497][T15042] loop3: detected capacity change from 0 to 2048
[  590.051111][T15051] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  590.136374][T14529] 8021q: adding VLAN 0 to HW filter on device bond0
[  590.219127][T15056] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3508'.
[  590.219157][T15056] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3508'.
[  590.275644][T14529] 8021q: adding VLAN 0 to HW filter on device team0
[  590.314661][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  590.314791][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  590.430236][ T2130] bridge0: port 2(bridge_slave_1) entered blocking state
[  590.430354][ T2130] bridge0: port 2(bridge_slave_1) entered forwarding state
[  590.785870][ T5490] 8021q: adding VLAN 0 to HW filter on device eth4
[  591.107864][   T38] audit: type=1326 audit(1776185165.535:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15067 comm="syz.2.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895c36c819 code=0x7ffc0000
[  591.108116][   T38] audit: type=1326 audit(1776185165.535:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15067 comm="syz.2.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895c36c819 code=0x7ffc0000
[  591.122088][   T38] audit: type=1326 audit(1776185165.555:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15067 comm="syz.2.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895c36c819 code=0x7ffc0000
[  591.122801][   T38] audit: type=1326 audit(1776185165.555:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15067 comm="syz.2.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f895c36c819 code=0x7ffc0000
[  591.123204][   T38] audit: type=1326 audit(1776185165.555:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15067 comm="syz.2.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f895c36c819 code=0x7ffc0000
[  591.208328][T15070] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3517'.
[  591.307572][T15072] fuse: Bad value for 'fd'
[  591.528404][T15051] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  591.528437][T15051] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  591.582447][T15051] Remounting filesystem read-only
[  591.627415][ T5830] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  593.471846][T15093] loop2: detected capacity change from 0 to 32768
[  593.522231][T15093] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3522 (15093)
[  593.581651][T15110] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  593.581955][T15110] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.714029][T15110] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.875289][T14529] 8021q: adding VLAN 0 to HW filter on device batadv0
[  594.080535][T15093] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  594.080570][T15093] BTRFS info (device loop2): using crc32c checksum algorithm
[  594.417586][T15138] block nbd3: not configured, cannot reconfigure
[  594.799786][T15093] BTRFS info (device loop2): enabling ssd optimizations
[  594.799815][T15093] BTRFS info (device loop2): turning on flush-on-commit
[  594.799833][T15093] BTRFS info (device loop2): enabling free space tree
[  594.799850][T15093] BTRFS info (device loop2): enabling auto defrag
[  594.799869][T15093] BTRFS info (device loop2): use lzo compression, level 1
[  594.799889][T15093] BTRFS info (device loop2): max_inline set to 4096
[  595.282561][T15161] loop3: detected capacity change from 0 to 64
[  595.583642][   T38] audit: type=1800 audit(1776185170.005:65): pid=15159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3522" name="file1" dev="loop2" ino=260 res=0 errno=0
[  595.644222][T14529] veth0_vlan: entered promiscuous mode
[  595.772034][T14529] veth1_vlan: entered promiscuous mode
[  596.084359][T15167] netlink: 'syz.4.3544': attribute type 2 has an invalid length.
[  596.122345][T14529] veth0_macvtap: entered promiscuous mode
[  596.174409][T14529] veth1_macvtap: entered promiscuous mode
[  596.212431][T14529] batman_adv: batadv0: Interface activated: batadv_slave_0
[  596.284436][T14529] batman_adv: batadv0: Interface activated: batadv_slave_1
[  596.321925][  T990] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  596.343030][ T3611] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  596.369887][  T990] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  596.372011][  T990] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  596.766629][   T38] audit: type=1326 audit(1776185171.185:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15166 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7fc00000
[  597.087067][   T38] audit: type=1326 audit(1776185171.515:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.087111][   T38] audit: type=1326 audit(1776185171.515:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.087144][   T38] audit: type=1326 audit(1776185171.515:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.087177][   T38] audit: type=1326 audit(1776185171.515:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.087207][   T38] audit: type=1326 audit(1776185171.515:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.087235][   T38] audit: type=1326 audit(1776185171.515:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.087262][   T38] audit: type=1326 audit(1776185171.515:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.100156][   T38] audit: type=1326 audit(1776185171.535:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.100198][   T38] audit: type=1326 audit(1776185171.535:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15177 comm="syz.0.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  597.852959][ T5879] usb 1-1: new low-speed USB device number 20 using dummy_hcd
[  598.080559][ T5879] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  598.080588][ T5879] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  598.080632][ T5879] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  598.080675][ T5879] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  598.080700][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.116852][T15182] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  598.123193][ T5879] hub 1-1:1.0: bad descriptor, ignoring hub
[  598.123229][ T5879] hub 1-1:1.0: probe with driver hub failed with error -5
[  598.131725][ T5879] cdc_wdm 1-1:1.0: skipping garbage
[  598.131743][ T5879] cdc_wdm 1-1:1.0: skipping garbage
[  598.875734][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  599.414774][ T5879] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  599.414796][ T5879] cdc_wdm 1-1:1.0: Unknown control protocol
[  599.549842][T15190] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  599.779471][ T5879] usb 1-1: USB disconnect, device number 20
[  600.041358][T15190] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  600.047713][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.047736][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.901139][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.901160][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.198573][ T6568] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  603.168317][ T5879] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  603.438020][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  603.438054][ T5879] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  603.438094][ T5879] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c0b, bcdDevice= 0.00
[  603.438127][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.448064][ T5879] usb 1-1: config 0 descriptor??
[  604.299904][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.299944][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.299970][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.299996][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.300023][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.300057][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.300083][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.300110][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.300136][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.300163][ T5879] corsair-psu 0003:1B1C:1C0B.0016: unknown main item tag 0x0
[  604.313560][ T5879] corsair-psu 0003:1B1C:1C0B.0016: collection stack underflow
[  604.313590][ T5879] corsair-psu 0003:1B1C:1C0B.0016: item 0 0 0 12 parsing failed
[  604.363855][ T5879] corsair-psu 0003:1B1C:1C0B.0016: probe with driver corsair-psu failed with error -22
[  604.386446][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  604.401796][ T5879] usb 1-1: USB disconnect, device number 21
[  604.858653][T15270] loop2: detected capacity change from 0 to 4096
[  605.006736][T15270] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  607.106491][T15310] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3580'.
[  607.497649][T15270] ntfs3(loop2): ino=1d, mi_enum_attr
[  607.497679][T15270] ntfs3(loop2): ino=1d, mi_enum_attr
[  607.632440][T15314] loop3: detected capacity change from 0 to 32768
[  607.633367][T15314] xfs: Deprecated parameter 'noikeep'
[  607.633384][T15314] XFS: noikeep mount option is deprecated.
[  607.724273][T15314] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  607.863581][T15314] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  607.871504][T15314] XFS (loop3): Starting recovery (logdev: internal)
[  607.897777][T15314] XFS (loop3): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:48). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  607.897813][T15314] XFS (loop3): Metadata corruption detected at xfs_agi_verify+0x194/0x460, xfs_agi block 0x2 
[  607.897854][T15314] XFS (loop3): Unmount and run xfs_repair
[  607.897865][T15314] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  607.897882][T15314] 00000000: 58 41 47 49 00 00 00 01 00 00 00 00 00 00 10 00  XAGI............
[  607.897897][T15314] 00000010: 00 00 00 40 00 00 00 03 00 00 00 01 00 00 00 37  ...@...........7
[  607.897911][T15314] 00000020: 00 00 11 40 ff ff ff ff ff ff ff ff ff ff ff ff  ...@............
[  607.897926][T15314] 00000030: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  607.897939][T15314] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  607.897953][T15314] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  607.897965][T15314] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  607.897978][T15314] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  607.902267][T15314] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_buf_submit+0x355/0xc40 (fs/xfs/xfs_buf.c:1372).  Shutting down filesystem.
[  607.902320][T15314] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  607.902336][T15314] loop3: lost filesystem error report for type 5 error -108
[  607.907544][T15314] XFS (loop3): log mount/recovery failed: error -117
[  608.008002][T15314] XFS (loop3): log mount failed
[  608.399416][T15270] ntfs3(loop2): ino=1d, mi_enum_attr
[  608.755444][T15344] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3586'.
[  610.563589][T15378] loop3: detected capacity change from 0 to 128
[  610.862600][T15378] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  610.863055][T15378] ext4 filesystem being mounted at /712/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  610.894196][T15378] fscrypt (loop3, inode 12): Unsupported encryption flags (0x10)
[  610.910003][T15375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  611.090041][ T5830] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  611.305114][T15390] Failed to get privilege flags for destination (handle=0x2:0x0)
[  612.557274][T15386] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  612.563534][T15386] block device autoloading is deprecated and will be removed.
[  612.849402][T15429] loop2: detected capacity change from 0 to 128
[  612.875697][T15429] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  612.894347][T15429] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  613.030083][T15432] fuse: Bad value for 'fd'
[  613.815593][T15435] loop0: detected capacity change from 0 to 32768
[  613.834302][T15435] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  613.879838][T15435] XFS (loop0): Ending clean mount
[  614.305526][T10584] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  615.472157][T15488] loop3: detected capacity change from 0 to 256
[  615.490166][T15488] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  616.465771][T15507] loop2: detected capacity change from 0 to 2048
[  616.541278][T15507] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  616.548134][T15507] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  616.896112][T15515] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3657'.
[  616.947402][T15513] overlayfs: invalid origin (0000)
[  617.206076][T15527] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3660'.
[  617.206098][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3660'.
[  617.538354][T15188] usb 1-1: new low-speed USB device number 22 using dummy_hcd
[  617.692449][T15188] usb 1-1: config 0 has no interfaces?
[  617.693867][T15188] usb 1-1: config 0 has no interfaces?
[  617.697302][T15188] usb 1-1: config 0 has no interfaces?
[  617.719083][T15188] usb 1-1: string descriptor 0 read error: -22
[  617.719236][T15188] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  617.719259][T15188] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.804841][T15188] usb 1-1: config 0 descriptor??
[  618.056923][   T37] usb 1-1: USB disconnect, device number 22
[  618.595280][T15556] loop2: detected capacity change from 0 to 4096
[  618.804967][T15564] netlink: 'syz.0.3678': attribute type 39 has an invalid length.
[  619.344467][ T5828] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  619.533097][ T5828] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  619.604966][ T5828] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  619.621789][T15570] loop2: detected capacity change from 0 to 512
[  619.741691][ T5828] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  619.752111][ T5828] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  620.163749][T15570] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  620.163891][T15570] ext4 filesystem being mounted at /612/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  620.373013][ T6568] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  620.965341][T15596] sctp: [Deprecated]: syz.3.3691 (pid 15596) Use of int in max_burst socket option.
[  620.965341][T15596] Use struct sctp_assoc_value instead
[  621.917348][T14206] Bluetooth: hci5: command tx timeout
[  621.938321][T15619] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3700'.
[  621.960812][T15618] netlink: 'syz.2.3701': attribute type 83 has an invalid length.
[  622.192710][T15622] bond0: entered promiscuous mode
[  622.192733][T15622] bond_slave_0: entered promiscuous mode
[  622.192961][T15622] bond_slave_1: entered promiscuous mode
[  622.290397][T15622] bond0: left promiscuous mode
[  622.290413][T15622] bond_slave_0: left promiscuous mode
[  622.290564][T15622] bond_slave_1: left promiscuous mode
[  622.674077][   T38] kauditd_printk_skb: 1 callbacks suppressed
[  622.674096][   T38] audit: type=1326 audit(1776185197.095:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15640 comm="syz.4.3711" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7ab468c819 code=0x0
[  622.927076][T15567] chnl_net:caif_netlink_parms(): no params data found
[  623.675453][T15567] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.675631][T15567] bridge0: port 1(bridge_slave_0) entered disabled state
[  623.675839][T15567] bridge_slave_0: entered allmulticast mode
[  623.692058][T15567] bridge_slave_0: entered promiscuous mode
[  623.806750][   T38] audit: type=1326 audit(1776185198.235:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.3722" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7ab468c819 code=0x0
[  623.990251][T14206] Bluetooth: hci5: command tx timeout
[  624.242203][T15655] sp0: Synchronizing with TNC
[  624.257737][T15567] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.257844][T15567] bridge0: port 2(bridge_slave_1) entered disabled state
[  624.258105][T15567] bridge_slave_1: entered allmulticast mode
[  624.260800][T15567] bridge_slave_1: entered promiscuous mode
[  624.267133][T15682] netlink: 'syz.3.3726': attribute type 14 has an invalid length.
[  624.484002][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  624.484068][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  624.717025][T15689] program syz.3.3729 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  624.905600][T15567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  624.944730][T15567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  625.278899][T15567] team0: Port device team_slave_0 added
[  625.294666][T15567] team0: Port device team_slave_1 added
[  625.524874][T15567] batman_adv: batadv0: Adding interface: batadv_slave_0
[  625.524890][T15567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  625.524924][T15567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  625.527145][T15567] batman_adv: batadv0: Adding interface: batadv_slave_1
[  625.527160][T15567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  625.527184][T15567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  625.779737][   T38] audit: type=1326 audit(1776185200.215:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15703 comm="syz.0.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  625.779781][   T38] audit: type=1326 audit(1776185200.215:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15703 comm="syz.0.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  625.781429][   T38] audit: type=1326 audit(1776185200.215:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15703 comm="syz.0.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  625.781815][   T38] audit: type=1326 audit(1776185200.215:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15703 comm="syz.0.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  625.782371][   T38] audit: type=1326 audit(1776185200.215:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15703 comm="syz.0.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  625.782619][   T38] audit: type=1326 audit(1776185200.215:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15703 comm="syz.0.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  625.783217][   T38] audit: type=1326 audit(1776185200.215:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15703 comm="syz.0.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4300dc819 code=0x7ffc0000
[  625.994426][T15567] hsr_slave_0: entered promiscuous mode
[  626.009386][T15567] hsr_slave_1: entered promiscuous mode
[  626.014454][T15567] debugfs: 'hsr0' already exists in 'hsr'
[  626.014482][T15567] Cannot create hsr debugfs directory
[  626.079330][T14206] Bluetooth: hci5: command tx timeout
[  626.170738][T15710] loop3: detected capacity change from 0 to 256
[  626.545519][T15710] FAT-fs (loop3): Directory bread(block 64) failed
[  626.545563][T15710] FAT-fs (loop3): Directory bread(block 65) failed
[  626.545664][T15710] FAT-fs (loop3): Directory bread(block 66) failed
[  626.545687][T15710] FAT-fs (loop3): Directory bread(block 67) failed
[  626.545798][T15710] FAT-fs (loop3): Directory bread(block 68) failed
[  626.546951][T15710] FAT-fs (loop3): Directory bread(block 69) failed
[  626.547056][T15710] FAT-fs (loop3): Directory bread(block 70) failed
[  626.547079][T15710] FAT-fs (loop3): Directory bread(block 71) failed
[  626.556898][T15710] FAT-fs (loop3): Directory bread(block 72) failed
[  626.556936][T15710] FAT-fs (loop3): Directory bread(block 73) failed
[  626.559464][T15719] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3742'.
[  626.559494][T15719] netlink: 'syz.4.3742': attribute type 6 has an invalid length.
[  626.559507][T15719] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3742'.
[  627.768770][T15742] loop0: detected capacity change from 0 to 256
[  628.148342][T14206] Bluetooth: hci5: command tx timeout
[  628.565151][T15754] loop0: detected capacity change from 0 to 512
[  628.570571][T15754] EXT4-fs: inline encryption not supported
[  628.570601][T15754] EXT4-fs: Ignoring removed mblk_io_submit option
[  628.738457][T15754] EXT4-fs (loop0): Test dummy encryption mode enabled
[  628.749737][T15754] EXT4-fs (loop0): orphan cleanup on readonly fs
[  628.749773][T15754] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.3757: inode #13: comm syz.0.3757: iget: illegal inode #
[  628.749799][T15754] loop0: lost filesystem error report for type 5 error -117
[  628.751729][T15754] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.3757: couldn't read orphan inode 13 (err -117)
[  628.751762][T15754] loop0: lost filesystem error report for type 5 error -117
[  628.774759][T15754] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  628.955656][T15754] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  628.957302][T15765] loop3: detected capacity change from 0 to 256
[  628.995286][T15754] EXT4-fs error (device loop0): __ext4_remount:6837: comm syz.0.3757: Abort forced by user
[  629.019941][T15754] EXT4-fs (loop0): Remounting filesystem read-only
[  629.019963][T15754] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  629.220247][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  630.066147][T15771] bond1: invalid ARP target 0.0.0.0 specified for addition
[  630.066175][T15771] bond1: option arp_ip_target: invalid value (0)
[  630.193509][T15771] bond1 (unregistering): Released all slaves
[  630.309062][T15779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3767'.
[  631.414353][T15803] loop3: detected capacity change from 0 to 2048
[  631.446478][T15803] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  631.606118][T15805] loop2: detected capacity change from 0 to 256
[  631.887235][T15805] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  631.933597][T15805] exFAT-fs (loop2): start_clu is invalid cluster(0x0)
[  632.144489][T15567] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  632.192558][T15567] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  632.203414][T15567] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  632.238015][T15822] loop0: detected capacity change from 0 to 512
[  632.247264][T15822] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  632.309055][T15822] EXT4-fs (loop0): 1 truncate cleaned up
[  632.311219][T15822] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  632.430856][T15567] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  632.436254][T15567] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  632.530208][T10584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  632.626418][T15567] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  632.627354][T15830] netlink: 'syz.3.3788': attribute type 1 has an invalid length.
[  632.646768][T15567] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  632.694428][T15567] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  632.802073][T15837] loop3: detected capacity change from 0 to 16
[  632.833024][T15837] erofs (device loop3): rootino(nid 36) is not a directory(i_mode 66700)
[  632.868075][T15837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3789'.
[  632.954484][T15837] ip6gre3: entered promiscuous mode
[  632.954508][T15837] ip6gre3: entered allmulticast mode
[  633.361949][T15850] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3794'.
[  633.494946][T15852] netlink: 'syz.2.3795': attribute type 1 has an invalid length.
[  633.904774][T15567] 8021q: adding VLAN 0 to HW filter on device bond0
[  633.948848][T15184] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  634.113964][T15567] 8021q: adding VLAN 0 to HW filter on device team0
[  634.115575][T15184] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[  634.115625][T15184] usb 3-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[  634.115648][T15184] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.123398][ T1716] bridge0: port 1(bridge_slave_0) entered blocking state
[  634.123610][ T1716] bridge0: port 1(bridge_slave_0) entered forwarding state
[  634.251801][T15184] usb 3-1: config 0 descriptor??
[  634.252785][T15858] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  634.268093][ T1716] bridge0: port 2(bridge_slave_1) entered blocking state
[  634.275410][ T1716] bridge0: port 2(bridge_slave_1) entered forwarding state
[  634.525796][T15870] No memory to map
[  634.956368][T15184] hid_parser_main: 173 callbacks suppressed
[  634.956390][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956420][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956447][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956474][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956499][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956525][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956551][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956577][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956603][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  634.956629][T15184] wacom 0003:056A:0084.0017: unknown main item tag 0x0
[  635.018284][ T5956] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  635.051121][T15184] wacom 0003:056A:0084.0017: reserved main item tag 0xd
[  635.087214][T15184] wacom 0003:056A:0084.0017: hidraw0: USB HID v7f.fd Device [HID 056a:0084] on usb-dummy_hcd.2-1/input0
[  635.178340][ T5956] usb 1-1: Using ep0 maxpacket: 16
[  635.179866][T15184] usb 3-1: USB disconnect, device number 14
[  635.190605][ T5956] usb 1-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  635.190638][ T5956] usb 1-1: config 0 interface 0 has no altsetting 0
[  635.190671][ T5956] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  635.190692][ T5956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.270252][T15880] Bluetooth: MGMT ver 1.23
[  635.283336][ T5956] usb 1-1: config 0 descriptor??
[  635.521604][T15878] fido_id[15878]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  636.077467][ T5956] mcp2221 0003:04D8:00DD.0018: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  636.124761][T15886] 9p: Bad value for 'rfdno'
[  636.671374][ T5956] usb 1-1: USB disconnect, device number 23
[  636.802121][T15567] 8021q: adding VLAN 0 to HW filter on device batadv0
[  636.919574][ T1250] usb 3-1: new low-speed USB device number 15 using dummy_hcd
[  637.125153][ T1250] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  637.125179][ T1250] usb 3-1: config 0 has no interface number 0
[  637.125215][ T1250] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  637.125241][ T1250] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  637.125278][ T1250] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  637.125300][ T1250] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.186470][ T3510] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  637.230525][T15899] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3812'.
[  637.484820][ T1250] usb 3-1: config 0 descriptor??
[  637.485828][T15891] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  637.600220][ T1250] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  638.453562][    C1] iowarrior 3-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  638.673568][T15922] netlink: 'syz.0.3819': attribute type 11 has an invalid length.
[  638.673592][T15922] netlink: 190972 bytes leftover after parsing attributes in process `syz.0.3819'.
[  638.686247][T15188] usb 3-1: USB disconnect, device number 15
[  638.785233][T15567] veth0_vlan: entered promiscuous mode
[  638.818607][T15567] veth1_vlan: entered promiscuous mode
[  638.887491][T15567] veth0_macvtap: entered promiscuous mode
[  638.944992][T15567] veth1_macvtap: entered promiscuous mode
[  639.014279][T15567] batman_adv: batadv0: Interface activated: batadv_slave_0
[  639.062360][T15567] batman_adv: batadv0: Interface activated: batadv_slave_1
[  639.120846][ T2171] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  639.121099][ T2171] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  639.121135][ T2171] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  639.121167][ T2171] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  639.212879][T15930] loop0: detected capacity change from 0 to 1024
[  639.429511][T15933] loop3: detected capacity change from 0 to 128
[  639.788723][T15933] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  639.810221][T15933] ext4 filesystem being mounted at /776/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  641.213639][T15943] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.213658][T15943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.692269][ T5830] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  642.387633][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  642.387655][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  643.086474][T15975] loop3: detected capacity change from 0 to 4096
[  643.217974][T15975] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  643.341758][T15984] netlink: 56 bytes leftover after parsing attributes in process `syz.7.3844'.
[  643.397125][T15966] loop0: detected capacity change from 0 to 32768
[  643.446008][T15966] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  643.474919][T15975] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  643.572298][T15966] XFS (loop0): Ending clean mount
[  643.855351][T16001] loop2: detected capacity change from 0 to 256
[  643.856502][T16001] exfat: Deprecated parameter 'namecase'
[  643.856591][T16001] exfat: Deprecated parameter 'utf8'
[  643.973475][T15966] XFS (loop0): Quotacheck needed: Please wait.
[  644.126611][T16001] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  644.210905][   T10] kernel write not supported for file bpf-map (pid: 10 comm: kworker/0:1)
[  645.235363][T16022] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.261023][T16022] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.645655][T15966] XFS (loop0): Quotacheck: Done.
[  646.052897][T10584] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  647.135134][T16038] loop7: detected capacity change from 0 to 40427
[  647.294123][T16044] loop3: detected capacity change from 0 to 32768
[  648.573042][T16038] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  648.639173][T16044] find_entry called with index = 0
[  648.888379][T16044] read_mapping_page failed!
[  648.917335][T16044] ERROR: (device loop3): txCommit: 
[  648.917335][T16044] 
[  649.138992][T16038] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  649.451643][T16086] loop2: detected capacity change from 0 to 2048
[  649.571844][T16086] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  649.936727][   T38] audit: type=1326 audit(1776185224.365:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16090 comm="syz.4.3888" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7ab468c819 code=0x0
[  650.112039][T16079] loop0: detected capacity change from 0 to 32768
[  650.338389][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  650.500094][   T10] usb 4-1: config 1 has an invalid interface number: 234 but max is 1
[  650.500120][   T10] usb 4-1: config 1 has 3 interfaces, different from the descriptor's value: 2
[  650.500140][   T10] usb 4-1: config 1 has no interface number 2
[  650.500193][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  650.500229][   T10] usb 4-1: config 1 interface 234 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[  650.500252][   T10] usb 4-1: config 1 interface 234 has no altsetting 0
[  650.502978][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  650.503009][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.503029][   T10] usb 4-1: Product: syz
[  650.503042][   T10] usb 4-1: Manufacturer: syz
[  650.503057][   T10] usb 4-1: SerialNumber: syz
[  650.963313][   T10] usb 4-1: selecting invalid altsetting 1
[  650.982078][T16098] mkiss: ax0: crc mode is auto.
[  651.210704][   T10] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[  651.210755][   T10] cdc_ncm 4-1:1.0: bind() failure
[  651.357518][   T10] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  651.357569][   T10] cdc_ncm 4-1:1.1: bind() failure
[  651.393938][T16094] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  651.633019][   T10] usb 4-1: USB disconnect, device number 22
[  651.653716][T16111] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3895'.
[  651.653733][T16111] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3895'.
[  651.653743][T16111] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3895'.
[  651.654069][T16111] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3895'.
[  651.654081][T16111] netlink: 'syz.4.3895': attribute type 6 has an invalid length.
[  652.013523][T15188] kernel read not supported for file /mdstat (pid: 15188 comm: kworker/0:4)
[  653.085865][T16155] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3913'.
[  653.085890][T16155] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3913'.
[  653.085904][T16155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3913'.
[  653.735663][T16174] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3922'.
[  655.145359][T16207] loop0: detected capacity change from 0 to 128
[  655.167916][T16207] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  656.019965][T16201] loop3: detected capacity change from 0 to 32768
[  656.064535][T16201] 
[  656.064535][T16201]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  656.064535][T16201] 
[  656.158533][ T2130] ERROR: (device loop3): diWrite: ixpxd invalid
[  656.158533][ T2130] 
[  656.211419][ T2130] ERROR: (device loop3): txCommit: 
[  656.211419][ T2130] 
[  656.211555][ T2130] jfs_write_inode: jfs_commit_inode failed!
[  656.211698][ T5830] 
[  656.211698][ T5830]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  656.211698][ T5830] 
[  656.213388][ T5830] 
[  656.213388][ T5830]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  656.213388][ T5830] 
[  656.439534][   T13] ==================================================================
[  656.439550][   T13] BUG: KASAN: use-after-free in copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.439586][   T13] Read of size 4096 at addr ffff888077877000 by task kworker/u8:1/13
[  656.439603][   T13] 
[  656.439617][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  656.439643][   T13] Tainted: [L]=SOFTLOCKUP
[  656.439650][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  656.439662][   T13] Workqueue: loop3 loop_workfn
[  656.439687][   T13] Call Trace:
[  656.439693][   T13]  <TASK>
[  656.439701][   T13]  dump_stack_lvl+0xe8/0x150
[  656.439723][   T13]  print_address_description+0x55/0x1e0
[  656.439742][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.439768][   T13]  print_report+0x58/0x70
[  656.439784][   T13]  kasan_report+0x117/0x150
[  656.439812][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.439842][   T13]  kasan_check_range+0x264/0x2c0
[  656.439868][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.439895][   T13]  __asan_memcpy+0x29/0x70
[  656.439917][   T13]  copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.439955][   T13]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[  656.439981][   T13]  ? rcu_is_watching+0x15/0xb0
[  656.440007][   T13]  ? shmem_write_begin+0x1ce/0x320
[  656.440034][   T13]  generic_perform_write+0x5b1/0x8b0
[  656.440059][   T13]  ? __pfx_generic_perform_write+0x10/0x10
[  656.440079][   T13]  ? __mark_inode_dirty+0x4cf/0x13b0
[  656.440104][   T13]  ? preempt_count_add+0x91/0x190
[  656.440122][   T13]  ? mnt_put_write_access_file+0xbf/0x100
[  656.440148][   T13]  ? file_update_time_flags+0x406/0x4b0
[  656.440173][   T13]  shmem_file_write_iter+0xfb/0x120
[  656.440201][   T13]  lo_rw_aio+0xc80/0xf00
[  656.440229][   T13]  ? __pfx_lo_rw_aio+0x10/0x10
[  656.440251][   T13]  ? kthread_associate_blkcg+0x490/0x600
[  656.440275][   T13]  ? rt_spin_unlock+0x160/0x200
[  656.440296][   T13]  loop_process_work+0x637/0x11b0
[  656.440324][   T13]  ? __pfx_loop_process_work+0x10/0x10
[  656.440347][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  656.440368][   T13]  ? look_up_lock_class+0x57/0x110
[  656.440392][   T13]  ? register_lock_class+0x31/0x2e0
[  656.440416][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  656.440439][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  656.440461][   T13]  ? do_raw_spin_unlock+0xf5/0x210
[  656.440481][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.440499][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.440519][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.440535][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.440553][   T13]  process_scheduled_works+0xb68/0x1910
[  656.440581][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  656.440602][   T13]  ? assign_work+0x3d5/0x5e0
[  656.440618][   T13]  worker_thread+0xa90/0x1040
[  656.440647][   T13]  kthread+0x388/0x470
[  656.440668][   T13]  ? __pfx_worker_thread+0x10/0x10
[  656.440685][   T13]  ? __pfx_kthread+0x10/0x10
[  656.440707][   T13]  ret_from_fork+0x514/0xb70
[  656.440729][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  656.440748][   T13]  ? __switch_to+0xc79/0x1410
[  656.440776][   T13]  ? __pfx_kthread+0x10/0x10
[  656.440799][   T13]  ret_from_fork_asm+0x1a/0x30
[  656.440829][   T13]  </TASK>
[  656.440836][   T13] 
[  656.440842][   T13] The buggy address belongs to the physical page:
[  656.440862][   T13] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888077877640 pfn:0x77877
[  656.440881][   T13] flags: 0x80000000000000(node=0|zone=1)
[  656.440907][   T13] raw: 0080000000000000 ffffea0001822748 ffffea000146d7c8 0000000000000000
[  656.440923][   T13] raw: ffff888077877640 0000000000000000 00000000ffffffff 0000000000000000
[  656.440933][   T13] page dumped because: kasan: bad access detected
[  656.440945][   T13] page_owner tracks the page as freed
[  656.440952][   T13] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xdc0(GFP_KERNEL|__GFP_ZERO), pid 16201, tgid 16199 (syz.3.3934), ts 656063390243, free_ts 656439487061
[  656.440981][   T13]  post_alloc_hook+0x231/0x280
[  656.441004][   T13]  get_page_from_freelist+0x27d6/0x2850
[  656.441031][   T13]  __alloc_frozen_pages_noprof+0x18d/0x380
[  656.441057][   T13]  alloc_pages_mpol+0xd1/0x380
[  656.441081][   T13]  alloc_pages_noprof+0xd2/0x2f0
[  656.441104][   T13]  lmLogInit+0x357/0x1a00
[  656.441126][   T13]  lmLogOpen+0x4e1/0xfa0
[  656.441147][   T13]  jfs_mount_rw+0xee/0x670
[  656.441168][   T13]  jfs_fill_super+0x754/0xd80
[  656.441184][   T13]  get_tree_bdev_flags+0x431/0x4f0
[  656.441215][   T13]  vfs_get_tree+0x92/0x2a0
[  656.441237][   T13]  do_new_mount+0x341/0xd30
[  656.441254][   T13]  __se_sys_mount+0x31d/0x420
[  656.441271][   T13]  do_syscall_64+0x15f/0xf80
[  656.441293][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.441307][   T13] page last free pid 5830 tgid 5830 stack trace:
[  656.441317][   T13]  __free_frozen_pages+0xf9b/0x10f0
[  656.441337][   T13]  lmLogShutdown+0x44e/0x850
[  656.441357][   T13]  lmLogClose+0x28a/0x520
[  656.441380][   T13]  jfs_umount+0x2fb/0x3d0
[  656.441402][   T13]  jfs_put_super+0x8c/0x190
[  656.441419][   T13]  generic_shutdown_super+0x13d/0x2d0
[  656.441440][   T13]  kill_block_super+0x44/0x90
[  656.441462][   T13]  deactivate_locked_super+0xbc/0x130
[  656.441482][   T13]  cleanup_mnt+0x437/0x4d0
[  656.441503][   T13]  task_work_run+0x1d9/0x270
[  656.441526][   T13]  exit_to_user_mode_loop+0xed/0x480
[  656.441545][   T13]  do_syscall_64+0x33e/0xf80
[  656.441566][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.441579][   T13] 
[  656.441584][   T13] Memory state around the buggy address:
[  656.441593][   T13]  ffff888077876f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  656.441606][   T13]  ffff888077876f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  656.441618][   T13] >ffff888077877000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  656.441627][   T13]                    ^
[  656.441635][   T13]  ffff888077877080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  656.441648][   T13]  ffff888077877100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  656.441656][   T13] ==================================================================
[  656.443685][   T13] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  656.443708][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  656.443734][   T13] Tainted: [L]=SOFTLOCKUP
[  656.443741][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  656.443753][   T13] Workqueue: loop3 loop_workfn
[  656.443779][   T13] Call Trace:
[  656.443786][   T13]  <TASK>
[  656.443794][   T13]  vpanic+0x56c/0xa60
[  656.443819][   T13]  ? __pfx_vpanic+0x10/0x10
[  656.443849][   T13]  panic+0xc5/0xd0
[  656.443868][   T13]  ? __pfx_panic+0x10/0x10
[  656.443888][   T13]  ? preempt_schedule_thunk+0x16/0x30
[  656.443917][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.443944][   T13]  ? preempt_schedule_thunk+0x16/0x30
[  656.443971][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.443998][   T13]  check_panic_on_warn+0x89/0xb0
[  656.444024][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.444050][   T13]  end_report+0x73/0x170
[  656.444073][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.444098][   T13]  kasan_report+0x128/0x150
[  656.444123][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.444154][   T13]  kasan_check_range+0x264/0x2c0
[  656.444179][   T13]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.444213][   T13]  __asan_memcpy+0x29/0x70
[  656.444234][   T13]  copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  656.444271][   T13]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[  656.444298][   T13]  ? rcu_is_watching+0x15/0xb0
[  656.444326][   T13]  ? shmem_write_begin+0x1ce/0x320
[  656.444355][   T13]  generic_perform_write+0x5b1/0x8b0
[  656.444382][   T13]  ? __pfx_generic_perform_write+0x10/0x10
[  656.444401][   T13]  ? __mark_inode_dirty+0x4cf/0x13b0
[  656.444426][   T13]  ? preempt_count_add+0x91/0x190
[  656.444445][   T13]  ? mnt_put_write_access_file+0xbf/0x100
[  656.444470][   T13]  ? file_update_time_flags+0x406/0x4b0
[  656.444496][   T13]  shmem_file_write_iter+0xfb/0x120
[  656.444516][   T13]  lo_rw_aio+0xc80/0xf00
[  656.444542][   T13]  ? __pfx_lo_rw_aio+0x10/0x10
[  656.444566][   T13]  ? kthread_associate_blkcg+0x490/0x600
[  656.444590][   T13]  ? rt_spin_unlock+0x160/0x200
[  656.444613][   T13]  loop_process_work+0x637/0x11b0
[  656.444639][   T13]  ? __pfx_loop_process_work+0x10/0x10
[  656.444660][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  656.444682][   T13]  ? look_up_lock_class+0x57/0x110
[  656.444709][   T13]  ? register_lock_class+0x31/0x2e0
[  656.444734][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  656.444759][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  656.444783][   T13]  ? do_raw_spin_unlock+0xf5/0x210
[  656.444805][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.444824][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.444847][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.444863][   T13]  ? process_scheduled_works+0xa69/0x1910
[  656.444883][   T13]  process_scheduled_works+0xb68/0x1910
[  656.444915][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  656.444937][   T13]  ? assign_work+0x3d5/0x5e0
[  656.444957][   T13]  worker_thread+0xa90/0x1040
[  656.444989][   T13]  kthread+0x388/0x470
[  656.445012][   T13]  ? __pfx_worker_thread+0x10/0x10
[  656.445030][   T13]  ? __pfx_kthread+0x10/0x10
[  656.445053][   T13]  ret_from_fork+0x514/0xb70
[  656.445074][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  656.445093][   T13]  ? __switch_to+0xc79/0x1410
[  656.445119][   T13]  ? __pfx_kthread+0x10/0x10
[  656.445141][   T13]  ret_from_fork_asm+0x1a/0x30
[  656.445171][   T13]  </TASK>
[  656.445881][   T13] Kernel Offset: disabled