last executing test programs:

4m31.036311612s ago: executing program 0 (id=2689):
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2000000, &(0x7f0000000180), 0x1, 0x520, &(0x7f0000000900)="$eJzs3d1rLGcZAPBnNtmer+iu2otaaHuwlZyiZzdpbBu8aCuIdwWl3h9Dsgkhm2zIbupJKJqD9woi2tteeSMI3grS/0BRCnovKkrRUwV7oY7M7OTkZLub5JD9oMnvB2/mnZmdeZ53kn3n85wJ4NK6GRGvRcRURDwfEZVieqkocdAt2ec+uP/WclaSSNM3/p5EUkzLPpYUJXOjWOxqd5D7d3o8bntvf2Op2WzsFOP1zuZ2vb23f3t9c2mtsdbYWliYf2nx5cUXF+eG0s6sXa989S8//sFPv/bKr7747T/e+dut72T5zhTzD9sxbN1tUs62xQPTEbEzimATMFW0pzzpRAAAOJPsGP/TEfG5/Pi/ElP50dzZJCPNDAAAABiW9NWZ+E8SkQIAAAAXVil/BjYp1YpnAWaiVKrVus/wPh7XS81Wu/OF1dbu1kr3WdlqlEur683GXPFMbTXKSTY+n9ePxl94MJ4cPHy94UeVa/n82nKruTK5yx4AAABwqdzoOf//V6V7/n+Ce2NLDgAAABie6lE1rUwyEQAAAGBkqh+Z8s5E8gAAAABG56Pn/wAAAMAF8vXXX89Kmr//uhqx8ube7kbrzdsrjfZGbXN3ubbc2tmurbVaa830SsTmaetrtlrbX4qt3bv1TqPdqbf39u9stna3OnfWj70CGwAAABijTz3z7h+SiDj48rW8ZB7LfkwNWMCzAnBhlB7lw38eXR7A+A3azQMX3/SkEwAmptwdJJPOA5ic0zqAgQ/v/Gb4uQAAAKMx+9n+9/+nj64NABfUI93/By4U9//h8nL/Hy6vsiMAuPRGf/8/TU9dFwAAMFIzeUlKteJe4EyUPky7ohrlZHW92ZiLiE9GxO8r5SvZ+Hy+ZOIfDQAAAAAAAAAAAAAAAAAAAAAAAADAGaVpEikAAABwoUWU/poU7/+arTw303t94LHkw0o+zN8O8MZP7i51Ojvz2fR/FNMjOm8X0194lCsP3jwOAAAAo3J4nn54Hg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/TB/beWD8vxOaWRxn3/KxFR7Rd/Oq7mw6tRjojr/0xi+nChZyKSiJgaQvyDexHxRL/4SZZWVIssjsUvtsq1PIuRx38qTdPv9ot/49zR4XJ7N+t/Xuv3/SvFzXzY//s/XZTzGtz/lR70f1N94mc9zyfOsP4rEfHkez+vD54b8eR0//7nMH4yIP6z/VbZZ6N865v7+4PyS9+JmD3a/3z/eISjWr2zuV1v7+3fXt9cWmusNbYWFuZfWnx58cXFufrqerNR/Owb44dP/fJ/g+K/fy/iet/9X7f/faj9S73tfy6rlAet+ch/37t7/zN5rZL2rCKPf+vZ/r//J47HP7Zps7+Jzxf7gWz+7GH9oFt/2NM/++3TJ7V/ZUD7T/v93+pZ16D98fPf+N6fTtxAAMBYtff2N5aazcbOyCtvp2k6plj5gci42nXuyuMfn1Tbe7/4Xbfyau+smye0Ir0y7j82lXNXenuKX4+/cwIAAIbq6KB/0pkAAAAAAAAAAAAAAAAAAADA5TWO/06sN+bBZJoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCi/wcAAP//rgHbtw==")
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x1)

4m30.989388041s ago: executing program 0 (id=2691):
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x800, &(0x7f0000001000)=ANY=[], 0x1, 0x1c6, &(0x7f00000001c0)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT89LykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCH5z8USFg0mHCyQP2dnNLAkHYxjJGDgYGhbcuZOSHM/GxuCxRakk8whR7lWDpTwuKAUNXJn5aabx0S3WZse+rAdobn8HGeNQV9gkbHJRicFgr+lwH5NKGhoUxjLdNS2wVfijT+SnitNnbKYHC3Z1oKC1CWBhC5EsqTBetJSF7hoaOpaZSSnNCwSSIhya3AUJlh6x7O1QINDEjRpsLAwLCdERa3EHANxhgFo2AUjIJRMApGwSgYBaNgFIyCUTAiACAAAP//Pf2amg==")

4m30.988798755s ago: executing program 0 (id=2693):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0xe20, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x4000101}, 0x1c)

4m30.928030147s ago: executing program 0 (id=2694):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x2000, 0x20)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

4m30.927741321s ago: executing program 0 (id=2695):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xc7, 0x3d, 0x8a, 0x8, 0x2770, 0x9120, 0x6c77, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x91, 0xb0, 0xe2}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

4m30.649184427s ago: executing program 0 (id=2703):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000030000000900010073797a310000000020000000020a01"], 0x9c}}, 0x0)

4m30.58485031s ago: executing program 32 (id=2703):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000030000000900010073797a310000000020000000020a01"], 0x9c}}, 0x0)

1m47.061077975s ago: executing program 3 (id=5866):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)=0x3)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000000", 0x6}], 0x1, 0x0, 0x0)

1m46.969746119s ago: executing program 3 (id=5867):
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x190)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0xdc)
fcntl$setlease(r1, 0x400, 0x0)
fcntl$getflags(r0, 0x401)

1m46.969534908s ago: executing program 3 (id=5868):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000005d40)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d63703836332c0047d359bbc24799f885574eaba64544111af019f727c4d6bd22b6e11240ec816ed65b2c76c8d805185e08111718b5a0e909e51d159eb190e0185bf383c7b14e427bdf2f62283f6d3b4349fe8dfa24c18a9311fc45f06115462fa1728e86ec0d36a85bd203eb3fd422c29ae65d71def8ad9c58fe686aa5b4c600136110728c29677062e368163322c2696537ae1f40c59da4a5aeec7e319bb5c474c9b1ddffacef05fa11cc48b8ca"], 0x1, 0x5ce8, &(0x7f0000005dc0)="$eJzs3U1vHVcZB/Dnvvj6pbSNKlSFiEWaQmkpzXsC5a0pCxawAAllTSLXrQIpoMQgWlnElReIFV8BNt2w6FfgA/QzID4AkWxWXVAGjX1OMh5f5zokvnPt8/tJzswz547vmfw9nns9M/cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/+uHPLvQi4sbv0oITEV+IQUQ/YrGuT0c9cy0/fhgRJ2O7OV6MiMF8RL3+9j/PR1yOiE+fi9jcWluuF188YD+unF+98/mPf/CPP/554+Qv3vn5x+32n37x0id/uhdx4idvfvL5vaez7QAAAFCKqqqqXnqbfyq9v+933SkAYCry8b9K8nK1Wq1Wq9XHr26qxrvXLCJivblO/ZrB6XgAOGLW47Ouu0CH5F+0YUQ803UngJnW67oDHIrNrbXlXsq31zwenN5pz9eC7Mp/vffg/o79ppO0rzGZ1s/XRgzihX36szilPsySnH+/nf+NnfZRetxh5z8t++U/2rn1qTg5/0E7/5bjk39/bP6lyvkPHyv/gfwBAAAAAGCG5b//n+j4/O/8k2/KgTzq/O/pKfUBAAAAAAAAAJ62Jx3/7wHj/wEAAMDMqt+r1/7y3MNl+30WW738ei/i2dbjgcKkm2WWuu4HAAAAAAAAAAAAAJRkuHMN7/VexFxEPLu0VFVV/dXUrh/Xk65/1JW+/VCyrn/JAwDAjk+fa93L34tYiIjr6bP+5paWlqpqYXGpWqoW5/Pr2dH8QrXYeF+bp/Wy+dEBXhAPR1X9zRYa6zVNer88qb39/ernGlWDA3RsOjoMHAAiYudotOmIdMxU1fPR9ascjgb7//Fj/+cguv45BQAAAA5fVVVVL32c96l0zr/fdacAgKnIx//2eQG1Wq1Wq9XHr26qxrvXLCJivblO/ZrBcPwAcMSsx2ddd4EOyb9ow4g42XUngJnW67oDHIrNrbXlXsq31zwepPHd87Ugu/Jf722vl9cfN52kfY3JtH6+NmIQL+zTnxen1IdZkvPvt/O/sdM+So877PynZb/86+080UF/upbzH7Tzbzk++ffH5l+qnP/wsfIfyB8AAAAAAGZY/vv/Ced/8yYDAAAAAAAAwJGzubW2nO97zef/vzzmce7/PJ5y/j35Fynn32/n37ogZ9CYv//2w/z/vbW2/PHqv76UpzOf/9xgVD/3XK8/GKZrfqq5d+NW3I6VOL/n8cNd7Rf2tM/tar84of3SnvZR3b6Y28/Gcvw6bsc7D9rnJ1wYtTChvZrQnvMf2P+LlPMfNr7q/JdSe681rd3/qL9nv29Oxz3Ptb/955W9e9f0bcTgwbY11dt3poP+bP+fPDOK395duXP29zdXV+9ciDTZtfRipMlTlvOfS185/1df3mnPv/eb++v9j0aPnf+s2Ijhvvm/3Jivt/e1KfetCzn/UfrK+ecj0Pj9/yjnv//+/3oH/QEAAAAAAAAAAAAAAIBHqapq+xbRaxFxNd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49f3VSN91aziIi/N9epXzP8Ydw3AwBm2X8j4p9dd4LOyL9g+fP+6ulXuu4MMFV3P/jwlzdv3165c7frngAAAAAAAAAA/688/ufpxvjP29cBtcaN3jX+69tx+siO/9kfDbbHOk8b9FI8evzvM/Ho8b+HE55vbkL7aEL7/IT2hQntY2/0aMj5v5QyzvmfShtW0vivr3bQn67l/M+ksZ5z/l9rPa6Zf/XXo5x/f1f+51bf/825ux98+Mat92++t/Leyq8unL96+dKVy5euXDn37q3bK+d3/u2wx4cr55/HvnYdaFly/jlz+Zcl5//VVMu/LDn/V1It/7Lk/PPrPfmXJeef3/vIvyw5/9dSLf+y5Py/nmr5lyXn/3qq5V+WnP83Ui3/suT830i1/MuS8z+bavmXJed/LtXyL0vOP5/hkn9Zcv75ygb5lyXnfzHV8i9Lzv9SquVflpz/5VTLvyw5/yupln9Zcv5XUy3/suT8v5lq+Zcl5/+tVMu/LDn/N1Mt/7Lk/L+davmXJef/nVTLvyw5/++mWv5lyfl/L9XyL0vO//upln9Zcv5vpVr+ZXn4+f9mzJgxk2e6/s0EAAAAAAAAAAAAALRN43LirrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO/cWI2d53w/83ZO9NgT8D2figG1OBhZ21ydwiMEkIX9KeqAkpE1Lahx7bZz4VO8up6KyKbQlClKR2gt60TSJ0ihSW4GqSE0lGiE1UnvXXDXiJmqlXPgCKgcllVIFtnpnnufxzOx63jVmYOZ9Pp8I/+ydd2aeeeeZ2f1u9B0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAVhs/PvOnQ0VRlP81/lhXFOeXf19T7C7/ubDj/V4hAAAAcK7eavz5dxemL+xewZVajvnXq/79u4uLi4vFF948+fafLy6mCzYUxcjqomhcFv3bL36+2HpM8EwxPjTc8u/hirsfqbh8tOLysYrLV1Vcvrri8vGKy5ecgCXWNH8f07ixaxt/Xdc8pcXFxVjjsmuXudYzQ6uHh+PvchqGGtdZHDtQHCoOFzPF1JLrDDX+VxSvbCzv694i3tdwy32tL4ri1E+f2hfXMBTO8bVF2501tD53b9xdbHjzp0/t+/bc61csNytPw5KVFsXmTeU6ny2K07+uKoaK1emcxHUOt6xz/TLrHGlb51DjeuXfO9d5aoXrjI97PKzzh13WuT587fFriqJYKM54TKdniuFibce9pvM93twR5W2UT+UHi9Gz2icbV7BPyuv85Jr2fdK5J+P53xjOyegZ1tD6dLzx5VVLzvs73Sflo+6HvVre9v3lnY6Pt/5qtW2vlsc8dd2Z98Cyz90yeyDt5ZY9sKlqDwyvGmnsgeHTa97Utgeml1xnuBhq3NfJ67rvgcm5I8cnZ5948pZDR/YenDk4c3R6ase2rdu3bd2+ffLAocMzU80/z+6UDpC1xXDag5vCe03cgzd0HNu6JRe/8e69Dsb75HVQPvbPXF8u6Pzh4gx7vDzm2c3n/jpI3/dbXgejLa+DZd9Tl3kdjK7gdVAec2rzyr5njrb8t9waevVeuK5lD7yf3w/L+3zoxjO/F64P63ruprP9fjiyZA/EhzUUXnvlV9LPe+O3h/OydF9cWV5w3qpifnbmxK2P752bOzFdhPGeuKjluercL2tbHlOxZL8Mn/V+2f23v7z+ymW+vi6cq/Gbuz9X5THbJro/V4139+XPZ9tXtxRhvMve6/O53Hez8nymLNHlfJbHPHvLuf8smHJJy/vfWNX738jYaPP9bySdjbG297+lT81IY2VFceqWlb3/jYX/3uv3v4v75P2vPFcP3dp9D5THPDd5tntgtOv73zVhDoX13BgSw3hL7n+7cflCc5u2PJeV+2Z0dCzsm9F4j+37ZuuS65S3Vt735ql3tm82X9P+XLX93FLDfVOeq7+Y6r5vymNenT7394418a8t7x2rqvbA2Miqcr1jaRM03+8W18Q9cGuxrzhWHC72p+uUz3J5XxNbVrYHVoX/3uv3jsv7ZA+U5+rFLd33QHnMD7a+uz87bQ5fSce0/OzU+fuFM2X+K0dP317naXu3M3+5zk9s6/67ofKY17edbc7ofp5uDl85b5nz1Pn6OdOe3l+8N+fp8rDOw9u7/26qPObiHSvcT7uLonht+rXG77vC73f/Yf4/vtv2e9/lfqf82vRr900+8KOzWT8AAO/c240/F1Y1f9Zs+X+sV/L//wMAAAADIeb+4TAT+R8AAABqI+b+kTAT+R8AAABqI+b+0TCTTPL/I7fvfOmtp4v0aYCLQbw8nob772weFzveC+HfGxZPK7/+sW+NvfSVp1d238NFUfzyvg8te/wjd8Z1NR2P6/xI+9eXuPzqFd3/ww+ePq718xNO7Wzefnw8K90Gsav8yuSWxu1ueGK6MV+9r2jMBxaee6Z5+81/x+NPbm0e/1fhQ0t2Hxhqu/7msJ5rw9wQPlPm/t2nz0M54/VeWn/Vv1z02dP3F683tOmCxsN88Q+btxs/I+qFi5rHx8d9pvX/81e/81J5/OPXLb/+p4eXX//JcLs/CfMXu5rHt57zr7Ss/4/D+uP9xevd+s3vL7v+ly9rHv9y2BdfD7Nz/Xf/2YffWu75ivez+47m9eL9T/3Ptsb14u3F2+9c//jT023no/P2X32zeTu7Hv3ZSOvx8evxfqKH72jf30Ph+W3rkRdF8Z0/KdrOc/HR5vX+qWP98faO37H8+m/uWOfxoasb1z/9eNa1Pa6v/c2WZR9vXM/uv1/X9nheuCecvzcnf1De7skHwn4Ml//vD5u31/lZpi/f0/5+E4//+rrm6zbe3mTH+l/oWP/C1eW5q17/vW821//yXavb1r/7k2E/3ducVes/+NcXtl3/G99uPh8nHps4emx2/tD+lrPa+jpePb5m7Xnnf+CCC8N7aee/9xybe2TmxIapDVNFsWEAPzKw1+v/Zpj/3RwL7/49NP3oZ8199/ynmt+3bvh5898vhK8/HJ7P+P3xa3851rZfO5/3hbua81zXf1NYx0pd9tX/unpFB578/Cvz//hHr3f+XBAfz/FLxhuP78WNlzYuG3q1eXnn+1WV/7yk/XX949GpxvxeOK+L4ZOZN13avL/O24+fTfL8p5uv3/iTXLx+0fF5IutG2h/Hua7/x+HnmO9f3v7+F/fH957u+DTndcVQuYSF8P5QLDQvj0fF8/38qUuXvb/4OTzFwhVns8wzmn1idvLwoaPzj0/OzczOTc4+8eSeI8fmj87taXx26Z4vVl3/9Ot7beP1vX9mx7ai8Wo/1hw99n6v//iD+/bfNnX9/pkDe+cPzD14fObEwX2zs/tm9s9ev/fAgZnHqq5/aP+u6S07t962ZeLgof27bt+5c+vOiUNHj5XLaC6qwo6pL00cPbGncZXZXdt2Tm/fvm1q4six/TO7bpuampivun7je9NEee1HJ07MHN47d+jIzMTsoSdndk3v3LFjS+WnPx45fmB2w+SJ+aOT87MzJyabj2XDXOPL5fe+quuTh9lj4f2uw1D46fxzN+9In49b+taXz3hTzUPafzwt3gifBRW/v1X9O+b+sTCTTPI/AAAA5CDm/vDB/6cvkP8BAACgNmLuXx1mIv8DAABAbcTcPx5mkkn+1//X/9f/1//X/9f/7yX9f/3/bvT/9f8Hef36//r/VOu3/n/M/WuKIsv8DwAAADmIuX9tmIn8DwAAALURc/95YSbyPwAAANRGzP3nh5lkkv/1//X/9f/1//X/9f97Sf9f/78b/X/9/0Fev/6//j/V+q3/H3P/B8JMMsn/AAAAkIOY+y8IM5H/AQAAoDZi7r8wzET+BwAAgNqIuX9dmEkm+V//X/9f/1//X/9f/7+X9P/1/7vR/9f/H+T16//r/1Ot3/r/Mff/vzCTTPI/AAAA5CDm/g+Gmcj/AAAAUBsx918UZiL/AwAAQG3E3H9xmEkm+V//X/9f/1//X/9f/7+X9P/1/7vR/9f/H+T16//r/1Ot3/r/MfdfEmaSSf4HAACAHMTcf2mYifwPAAAAtRFz/2VhJvI/AAAA1EbM/ZeHmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc/8VYSaZ5H8AAADIQcz9V4aZyP8AAABQGzH3fyjMRP4HAACA2oi5f32YSSb5X/9f/1//X/9f/1//v5f0//X/u9H/1/8f5PXr/+v/U63f+v8x9384zCST/A8AAAA5iLn/qjAT+R8AAABqI+b+q8NM5H8AAACojZj7N4SZZJL/9f/1//X/9f/1//X/e0n/X/+/G/1//f9BXr/+v/4/1fqt/x9z/8Ywk0zyPwAAAOQg5v5NYSbyPwAAANRGzP3XhJnI/wAAAFAbMfdfG2aSSf7X/9f/1//X/9f/1//vJf1//f9u9P/1/wd5/fr/+v9U67f+f8z914WZZJL/AQAAIAcx918fZiL/AwAAQG3E3H9DmIn8DwAAALURc//mMJNM8r/+v/6//r/+v/6//n8v6f/r/3ej/6//P8jr1//X/6dav/X/Y+6/Mcwkk/wPAAAAOYi5/6YwE/kfAAAAaiPm/pvDTOR/AAAAqI2Y+yfCTDLJ//r/+v/6//r/+v/6/72k/6//343+v/7/IK9f/1//n2r91v+Puf+WMJNM8j8AAADkIOb+W8NM5H8AAACojZj7J8NM5H8AAACojZj7p8JMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5fzrMJJP8DwAAADmIuX9LmIn8DwAAALURc//WMBP5HwAAAGoj5v5tYSaZ5H/9f/1//X/9f/1//f9e0v/X/+9G/1//f5DXr/+v/0+1fuv/x9y/Pcwkk/wPAAAAOYi5f0eYifwPAAAAtRFz/21hJvI/AAAA1EbM/beHmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc//OMJNM8j8AAADkIOb+j4SZyP8AAABQGzH33xFmIv8DAABAbcTc/9Ewk0zyv/6//r/+v/6//r/+fy/p/+v/d6P/r/8/yOvX/9f/p1q/9f9j7t8VZpJJ/gcAAIAcxNx/Z5iJ/A8AAAC1EXP/XWEm8j8AAADURsz9u8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/+4wk0zyPwAAAOQg5v6PhZnI/wAAAFAbMfd/PMxE/gcAAIDaiLn/E2EmmeR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fcf0+YSSb5HwAAAHIQc/8nw0zkfwAAAKiNmPv/f5iJ/A8AAAC1EXP/vWEmmeR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fc/ythJpnkfwAAAMhBzP33hZnI/wAAAFAbMfd/KsxE/gcAAIDaiLn/V8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/9fCTDLJ/wAAAJCDmPt/PcxE/gcAAIDaiLn/N8JM5H8AAACojZj77w8zyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/t8MM8kk/wMAAEAOYu5/IMxE/gcAAIDaiLn/02Em8j8AAADURsz9nwkzyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/gfDTDLJ/wAAAJCDmPs/G2Yi/wMAAEBtxNz/W2Em8j8AAADURsz9vx1mkkn+1//X/9f/1//X/9f/7yX9f/3/bvT/9f8Hef36//r/VOu3/n/M/Z8LM8kk/wMAAEAOYu7/nTAT+R8AAABqI+b+3w0zkf8BAACgNmLufyjMJJP8r/+v/6//r/+v/6//30v6//r/3ej/6/8P8vr1//X/qdZv/f+Y+z8fZpJJ/gcAAIAcxNz/e2Em8j8AAADURsz9e8JM5H8AAACojZj7Hw4zyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/r1hJpnkfwAAAMhBzP1fCDOR/wEAAKA2Yu7fF2Yi/wMAAEBtxNy/P8wkk/yv/6//r/+v/6//r//fS/r/+v/d6P/r/w/y+vX/9f+p1m/9/5j7Z8JMMsn/AAAAkIOY+w+Emcj/AAAAUBsx9x8MM5H/AQAAoDZi7n8kzCST/K//r/+v/6//r/+v/99L+v/6/93o/+v/D/L69f/1/6nWb/3/mPsPhZlkkv8BAAAgBzH3fzHMRP4HAACA2oi5/0thJvI/AAAA1EbM/YfDTDLJ//r/+v/6//r/+v/6/72k/6//343+v/7/IK9f/1//n2r91v+Puf9ImEkm+R8AAAByEHP/0TAT+R8AAABqI+b+Y2Em8j8AAADURsz9x8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5//fDTDLJ/wAAAJCDmPtPhJnI/wAAAFAbMffPhpnI/wAAAFAbMffPhZlkkv/1//X/9f/1//X/9f97Sf9f/78b/X/9/0Fev/6//j/V+q3/H3P/fJhJJvkfAAAAchBz/6NhJvI/AAAA1EbM/Y+Fmcj/AAAAUBsx9z8eZpJJ/tf/1//X/9f/1//X/+8l/X/9/270//X/B3n9+v/6/1Trt/5/zP1PhJlkkv8BAAAgBzH3PxlmIv8DAABAbcTc/wdh/h/79qwF4NKDYfTGf9u2bdu2bRzbVnGaJOU31aw1M9m7SZv2LZ5i/wMAAMAxcvc/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+58YtTfY/AAAAdJC7/3lxi/0PAAAAx8jd//y4xf4HAACAY+Tuf0Hc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/S+MW5rsfwAAAOggd/+L4hb7HwAAAI6Ru//FcYv9DwAAAMfI3f+SuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/uftfGrc02f8AAADQQe7+l8Ut9j8AAAAcI3f/y+MW+x8AAACOkbv/FXFLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3vzJuabL/AQAAoIPc/a+KW+x/AAAAOEbu/lfHLfY/AAAAHCN3/2vilib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7n9t3NJk/wMAAEAHuftfF7fY/wAAAHCM3P2vj1vsfwAAADhG7v43xC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/xrilyf4HAACADnL3vylusf8BAADgGLn73xy32P8AAABwjNz9b4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/61xS5P9DwAAAB3k7n9b3GL/AwAAwDFy9789brH/AQAA4Bi5+98RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8745Ym+x8AAAA6yN3/rrjF/gcAAIBj5O5/d9xi/wMAAMAxcve/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+98YtTfY/AAAAdJC7/31xi/0PAAAAx8jd//64xf4HAACAY+Tu/0Dc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/R+MW5rsfwAAAOggd/+H4hb7HwAAAI6Ru//DcYv9DwAAAMfI3f+RuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/ufs/Grc02f8AAADQQe7+j8Ut9j8AAAAcI3f/x+MW+x8AAACOkbv/E3FLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3fzJuabL/AQAAoIPc/Z+KW+x/AAAAOEbu/k/HLfY/AAAAHCN3/2filib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7v9s3NJk/wMAAEAHufs/F7fY/wAAAHCM3P2fj1vsfwAAADhG7v4vxC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/xbilyf4HAACADnL3fylusf8BAADgGLn7vxy32P8AAABwjNz9X4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/6txS5P9DwAAAB3k7v9a3GL/AwAAwDFy9389brH/AQAA4Bi5+78RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8345Ym+x8AAAA6yN3/rbjF/gcAAIBj5O7/dtxi/wMAAMAxcvd/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+78YtTfY/AAAAdJC7/3txi/0PAAAAx8jd//24xf4HAACAY+Tu/0Hc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/T+MW5rsfwAAAOggd/+P4hb7HwAAAI6Ru//HcYv9DwAAAMfI3f+TuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/uft/Grc02f8AAADQQe7+n8Ut9j8AAAAcI3f/z+MW+x8AAACOkbv/F3FLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3/zJuabL/AQAAoIPc/b+KW+x/AAAAOEbu/l/HLfY/AAAAHCN3/2/ilib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7v9t3NJk/wMAAEAHuft/F7fY/wAAAHCM3P2/j1vsfwAAADhG7v4/xC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/x7ilyf4HAACADnL3/ylusf8BAADgGLn7/xy32P8AAABwjNz9f4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/69xS5P9DwAAAB3k7v9b3GL/AwAAwDFy9/89brH/AQAA4Bi5+/8RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8/45Ym+x8AAAA6yN3/r7jF/gcAAIBj5O7/d9xi/wMAAMAxcvf/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+/8YtTfY/AAAAdJC7/39xi/0PAAAAx8jd//+4xf4HAACAY+TuvyFuabL/9f/6f/2//l//r/+fSf+v/7+i/9f/7/y//l//z9hq/X/u/hvjlib7HwAAADrI3X9T3GL/AwAAwDFy998ct9j/AAAAcIzc/bfELU32v/5f/6//1//r//X/M+n/9f9X9P/6/53/1//r/xlbrf/P3X9r3NJk/wMAAEAHuftvi1vsfwAAADhG7v7b4xb7HwAAAI6Ru/+OuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/ufvvjFua7H8AAADoIHf/XXGL/Q8AAADHyN1/d9xi/wMAAMAxcvffE7c02f/6f/2//l//r//X/8+k/9f/X9H/6/93/l//r/9nbLX+P3f/vXFLk/0PAAAAHeTuvy9usf8BAADgGLn7749b7H8AAAA4Ru7+B+KWJvtf/6//1//r//X/+v+Z9P/6/yv6f/3/zv/r//X/jK3W/+fufzBuabL/AQAAoIPc/Q/FLfY/AAAAHCN3/8Nxi/0PAAAAx8jd/0jc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/Y/GLU32PwAAAHSQu/+xuMX+BwAAgGPk7n88brH/AQAA4Bi5+5+IW5rsf/2//l//r//X/+v/Z9L/6/+v6P/1/zv/r//X/zO2Wv+fu//JuKXJ/gcAAIAOcvc/FbfY/wAAAHCM3P1Pxy32PwAAABwjd/8zcUuT/a//1//r//X/+n/9/0z6f/3/Ff2//n/n//X/+n/GVuv/c/c/GwAA//9/h0Q1")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x101042, 0x1db)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1)
write$binfmt_script(r0, &(0x7f0000001400), 0x208e24b)

1m46.106609772s ago: executing program 3 (id=5872):
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0)

1m45.876739381s ago: executing program 3 (id=5875):
prctl$PR_SET_THP_DISABLE(0x44, 0x0)

1m45.530972479s ago: executing program 3 (id=5881):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x89fc, &(0x7f0000000900)={'bond0\x00', @random='\x00\x00\x00 \x00'})

1m45.48211596s ago: executing program 33 (id=5881):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x89fc, &(0x7f0000000900)={'bond0\x00', @random='\x00\x00\x00 \x00'})

17.689272164s ago: executing program 2 (id=7587):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000140)=""/186, 0xba}], 0x1, 0x236, 0x0)

17.621438073s ago: executing program 2 (id=7589):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000)=0x5, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

17.566352337s ago: executing program 2 (id=7591):
syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0xa00810, &(0x7f0000000040)=ANY=[], 0x54, 0x1ec, &(0x7f00000002c0)="$eJzs3Etu00AAxvFvErcNBfEUD7FCQkJsqKGtVGVHD8AF2FWtqSpcQJRNIhbkEuzZsuII3IQLJAt2rDCyx4r8CMk4CXFI/j+pzWg638yk0jQzcR0BWFvPk+9GRi2ZtO6BpJcvJHnDZs2apgfgH4rsQ0sRgPXT/F33DADUY3Bot/bfjfTj58fjfvrVctw/DA4btmCkfiZ/yTXfs6eO+14+vy3pcqm1V96/fLH5R8rnr1Qcf7uQ33LO2+f/+GE+f1XSNUnXJd2QdFPSLSnp9naaNZnxTwrj37NNeqUBOYkBAAAAAKYQnz53Zs07dfB0ZG18en51FgajfzrZRpp/NmV+M83vOrQbl9/LVjb+1kvm/YsN+7CV5neO34YnFeYNzEOj2vovvS3ovv5HaxbXvxn+G0IUOeS9JP95eCETgLuLTvf1URgG7xdWkKqm4pfKhczwa1zQL3tlZMG/FpdC/JdxCaaRK3zS5DaRQ5tVKsQvStPGN/M1th9TXKdebhF9SxfznNdpDtedgJXjfzh/5190uk/Ozo9Og9Pgzf5Bu32wv7fb9pNtuT/L4RzAUsvsNAAAAAAAAAAAAAAAwH/qjqS71WOuH+8BAAAAYImMvQ3IzOd2orqfIwAAAAAAAAAAAAAAq+5PAAAA//9zA0G5")
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0)

17.511050976s ago: executing program 2 (id=7593):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f00000000c0)={[{@grpjquota, 0x4a}, {@debug}, {@jqfmt_vfsold}, {@noquota}, {@bsdgroups}, {@usrjquota, 0x22}], [], 0x2c}, 0x84, 0x4c2, &(0x7f0000000980)="$eJzs3DtvHEUcAPD/rh+JSYxNeOYBMQSExcOOnWdBAwIpDRIIhEJpbCcKcRIUGymJLGwQCiXKJwBKJD4BFTQIqEC0IFqEFCE3CRRo0d7tOWff+fyIz0dyv5909uzu7M7Mzoy9M6O9ANrWQP4jidgZEb9GRF95c2mEgfKvmwuz438vzI4nkWVv/JWU4t1YmB2vRK2ct6PYGEwj0o+T2Fsn3enLV86OTU1NXiy2h2fOvTc8ffnK82fOjZ2ePD15fvT48cOHeo4dHT2yKeXszfO654ML+3afePvaq+Mnr73zw1d5frPi+PaaM/rXmUJHzZ6BGFh6L6s8tc6r/9/1VoWTzhZmhHXJW21eXV2l/t8XHXGr8vrilY9amjmgqbIsy7bV7F38XzafVUuS8gnAXSLRpaFNVf7R31jIR6qz49Xj+XZw/cUojYDyct8sPuUjnZHmY/j+8tioWR6IiJPz/3yWf2LZfAoAQDN8kz//PFd+7qh8ykfSeKgq3r3F2lB/RNwXEbsi4v7i+eXBiFLchyPikSVXn1s1/YFl27XPPz/3bLhwa5A//71QrG0tff5LK1H6O4qt3lL5u5JTZ6YmDxb3ZDC6tuXbI7WXXpxW+/blXz5dKf2Bque//JOnX3kWLPLxZ+eyCbqJsZmx2y13xfUPS1N6c7XlTxZXAvKRwe6I2LOB6+f37MwzX+6re7ByixuWv4FNWGfKvoh4ulz/87Gs/LnuIlR/fXLk2NHRI8PbY2ry4HClVdT68aerrxXBmqHE6vXfXHn937PY/su/y0cWVy77k+r12un1p3H1t09WHNNstP13J2+Wwt3FvktjMzMXRyK6k/na/aO3zr001rMkfl7+wQP1+/+uiH8/L87bGxF5I340Ih6LiP1F3h+PiCci4kCD8n//0pPv1qv7tZW/ufLyT9T9+7dS/a8/0HH2u69XSn9t9X+4FBos9kyMzdQu1y+z1gzezr0DAACAO8X+iNgZSTpUTMftjDQdGorYsTiDMj3z7KkL75+fKL8j0B9daWWmq69qPnSkmBvOt/OzRqu28+OHSvPGWZZlPaXtofELU72tLTq0vR0r9P/cH7WvtAB3m3Wto630RhtwR9r4Onq2qfkAtp73taF96f/Qvtbc/5v5JhzQEvX6/1zEzRZkBdhi9fr/Wy3IB7D1jP+hfen/0L5q+3/aknwAW+p23utvFNh1okGcpLM5ia4cSKPxtwD0R6zvgr+nEZuTw45NLWnPGup0e2xGWpGuGqezwRcxvF57w/PoW9Qk0q1tfo0D2yJilda72NjmKoErzc5Yq/8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbI7/AgAA//+7BdPO")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x101)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)

17.461362315s ago: executing program 2 (id=7595):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20101, 0x0)
writev(r0, &(0x7f00000024c0)=[{&(0x7f0000000040)="fdccd38c", 0x4}], 0x1)

17.288557642s ago: executing program 2 (id=7599):
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c10, &(0x7f0000000180)={[{@check_relaxed}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@check_relaxed}, {@mode={'mode', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@map_acorn}, {@map_acorn}, {@check_strict}, {@overriderock}, {@mode={'mode', 0x3d, 0x1}}, {@check_relaxed}, {@map_normal}]}, 0x1, 0xa00, &(0x7f00000003c0)="$eJzs3UtsXFf9B/Dv9SNx3SpJ2/z7L1XbTFKSuq1xbIcmRF2UxJ4kLn4g25EasWhK46AQQ6EBqa2QmkqIFRVIIBawq1jBplI3dIO6gx2sWCChrthXrMLK6M6M49eMx3YdO00/n+h67uN3z/nd58mMr+eEz5eF/SumFhZqwxanL/5hBzLmLnZ29JP3P3ivHN69mT3pzPPFn5KeJJWkK8mjSffI6PTURJuCrieXk3ycFEn2pv66IZdT/CIPLE1/nOJ3Zb0t7dloybSzwBfabp9/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwNypGRgcHh4o9GZu8+HKlLqmsMTI6PVVkYWHtksV16j6q9fpdfNS23qQoh/T0LHb1/ejBpcWPJKkcyeP1qcdrHZKnJ2/f/8iBFx7u6lhcv1U2n8nejRd74623r786Pz/3RuuQhXfq27A9ud1lzlcnx2amxibOnK9WxmamKqdPnhw8fuHcTOXc2Hh15tLMbHWiMjJdPTM7NV3pG3mmMnT69IlKdeDS1MXJ86MD49XFmae+Mjw4eLLy0sA3q2emZ6Ymj780MDNyYWx8fGzyfC2mXFzGnCpPxG+MzVZmq2cmKpWr1+bnTqzKqXP1zi6DhtptSRk03C5oeHB4eGhoeHjo3Ubv2bdnnHz+9POnBge7BlfJmog7dNJyd7mv9WHe5js4bF1Hvf3Pd8czlslczMupNP03ktFMZyoTLZY3LLb/R49X1613efvfaOW7li1+rPxxJE82JntatP8tctm5fzfyVt7O9bya+cxnLm/sekY7++98qpnMWGYylbFM5ExtTqUxp5LTOZmTGcwruZBDmUkl5zKW8VQzk0uZyWyqtTNqJNOp5kxmM5XpVNKXkTyTSoZyOqdzIpVUM5BLmcrFTOZ8RnOmVsrVXKvt9xPr5Hg7aGgjQcPrBK1uzMtzfXPtf/Ve/Z8gG7b9N3HYooVG+7+nfWjfyE4kBAAAAGy7L/01+w4+9Jd/JUWeqH0uf25svPribqcFAAAAbKPa43qPly/d5dgTPbX3/4O7nRYAAACwjYra39gVSXpzqD62+JdQPgQAAACAe0Tt9/9Ppji0NMP7fwAAALjHtP+O/bYRRf/i1/9WrtRfrzQi6lNF77mx8erAyNT4C0M5VvuWgSRPrC2tMym6a39+8GwO16MO99Zfe5dKLOvsKaOGBl4YyrM50tiQvqfKl6f6mkQO1yOfrkc+vTyyMysiT5SRAHCvO7JOe7zR9v/Z9Ncj+h+rNfldjzVpgwe1rABwt7jdx85/G12aNWn/GxFPtmr/v7rO+/8y4qFcPVR/pGAgr+X1zOdK+tN44uBQs1IXeyOoP4bQ3+bTgN7GIwt/P9WR/jWfB/Tc3tblsXMZTn/TTwSWlVss5nCiHtd5Z44BAOy0I+u2wxtr//vbvP/v9UghANxVbvdgv4mRdzYTPPfGjd3eRgBgJa00AAAAAAAAAAAAAAAAAAAAAAAAAAAAbL8NfYH/344l8/NzyRY6C9jySM9mMlx/pCM7lPOuj3Qm2a3aX8ym1yqP8Weo9I/3NVb/9+7v+XtuZJdvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyIIulsNr8j2ZtkMMnxnc/qzrm52wlsl8qeLa1W3MqtvJl9254PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAXXOP7/ztSf72/PitdHcnRJJeTfGu3c9xOt3Y7gTujaB/yvXrg0vf/dyTdWSjSVT/sKbpHRqenJsqiir3l8k/e/+C9cmhf9tpeFcoCyhpWdC7RqGHZnO6Vaz1YW6t3dO7G9R+9/oPK6NnaiXl29tz46MT56a8vBT5SfJhUUh8WLeb7k6N//uWy2Y2OEooPyy1tbnW952r1jq6t9/+brd2i3g24Nj83XNY0W3159sffv/bmskUP5XDyVF/St7Km75RDi5oOr96fKxWfFj8r9uU3uVw7/uXeKBaK8hDtr23/fVevzc8NvPb6/JXbOb2zIqcDOZTkStKz8ZwOtT43a2ddR3dZ62AtqPxxsE1561pW4lCL/fpg7ZTp3dQ2VNpcX232eyOjE00z+tUPH86xTR/pY21qbKr4tPhncSH/yE+X9f/RUR7/o2l6dTYpoha57ExZvmzF5dVRj6xt+fDyBa+sLrPlVckd8PN8O1+7ffw7lt3/G8dqZ+5Hy2psfl0km78ufr9/TYuypNYiHVzVIjXuPq3WaeR5sB7VIs//y3P1MjdxR3muXYt9h67/3xZ9+U9u6v8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4+xVJZ7P5HcnRJAeS7C+nK8nC6pibW6ivo7fYSprbZis5f/4ULTe0uJVbeTP7djojAAAAAAAAAO6Ms6OfvP/Be+VQ+318Z77c0VhSSbqSHCh+3T0yOj010aag7uTy4q/0ezaXw+XyxwNL0x+XU4+2WWl3Hx8AgM+1/wUAAP//p2dujQ==")
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

17.011794124s ago: executing program 34 (id=7599):
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c10, &(0x7f0000000180)={[{@check_relaxed}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@check_relaxed}, {@mode={'mode', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@map_acorn}, {@map_acorn}, {@check_strict}, {@overriderock}, {@mode={'mode', 0x3d, 0x1}}, {@check_relaxed}, {@map_normal}]}, 0x1, 0xa00, &(0x7f00000003c0)="$eJzs3UtsXFf9B/Dv9SNx3SpJ2/z7L1XbTFKSuq1xbIcmRF2UxJ4kLn4g25EasWhK46AQQ6EBqa2QmkqIFRVIIBawq1jBplI3dIO6gx2sWCChrthXrMLK6M6M49eMx3YdO00/n+h67uN3z/nd58mMr+eEz5eF/SumFhZqwxanL/5hBzLmLnZ29JP3P3ivHN69mT3pzPPFn5KeJJWkK8mjSffI6PTURJuCrieXk3ycFEn2pv66IZdT/CIPLE1/nOJ3Zb0t7dloybSzwBfabp9/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwNypGRgcHh4o9GZu8+HKlLqmsMTI6PVVkYWHtksV16j6q9fpdfNS23qQoh/T0LHb1/ejBpcWPJKkcyeP1qcdrHZKnJ2/f/8iBFx7u6lhcv1U2n8nejRd74623r786Pz/3RuuQhXfq27A9ud1lzlcnx2amxibOnK9WxmamKqdPnhw8fuHcTOXc2Hh15tLMbHWiMjJdPTM7NV3pG3mmMnT69IlKdeDS1MXJ86MD49XFmae+Mjw4eLLy0sA3q2emZ6Ymj780MDNyYWx8fGzyfC2mXFzGnCpPxG+MzVZmq2cmKpWr1+bnTqzKqXP1zi6DhtptSRk03C5oeHB4eGhoeHjo3Ubv2bdnnHz+9POnBge7BlfJmog7dNJyd7mv9WHe5js4bF1Hvf3Pd8czlslczMupNP03ktFMZyoTLZY3LLb/R49X1613efvfaOW7li1+rPxxJE82JntatP8tctm5fzfyVt7O9bya+cxnLm/sekY7++98qpnMWGYylbFM5ExtTqUxp5LTOZmTGcwruZBDmUkl5zKW8VQzk0uZyWyqtTNqJNOp5kxmM5XpVNKXkTyTSoZyOqdzIpVUM5BLmcrFTOZ8RnOmVsrVXKvt9xPr5Hg7aGgjQcPrBK1uzMtzfXPtf/Ve/Z8gG7b9N3HYooVG+7+nfWjfyE4kBAAAAGy7L/01+w4+9Jd/JUWeqH0uf25svPribqcFAAAAbKPa43qPly/d5dgTPbX3/4O7nRYAAACwjYra39gVSXpzqD62+JdQPgQAAACAe0Tt9/9Ppji0NMP7fwAAALjHtP+O/bYRRf/i1/9WrtRfrzQi6lNF77mx8erAyNT4C0M5VvuWgSRPrC2tMym6a39+8GwO16MO99Zfe5dKLOvsKaOGBl4YyrM50tiQvqfKl6f6mkQO1yOfrkc+vTyyMysiT5SRAHCvO7JOe7zR9v/Z9Ncj+h+rNfldjzVpgwe1rABwt7jdx85/G12aNWn/GxFPtmr/v7rO+/8y4qFcPVR/pGAgr+X1zOdK+tN44uBQs1IXeyOoP4bQ3+bTgN7GIwt/P9WR/jWfB/Tc3tblsXMZTn/TTwSWlVss5nCiHtd5Z44BAOy0I+u2wxtr//vbvP/v9UghANxVbvdgv4mRdzYTPPfGjd3eRgBgJa00AAAAAAAAAAAAAAAAAAAAAAAAAAAAbL8NfYH/344l8/NzyRY6C9jySM9mMlx/pCM7lPOuj3Qm2a3aX8ym1yqP8Weo9I/3NVb/9+7v+XtuZJdvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyIIulsNr8j2ZtkMMnxnc/qzrm52wlsl8qeLa1W3MqtvJl9254PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAXXOP7/ztSf72/PitdHcnRJJeTfGu3c9xOt3Y7gTujaB/yvXrg0vf/dyTdWSjSVT/sKbpHRqenJsqiir3l8k/e/+C9cmhf9tpeFcoCyhpWdC7RqGHZnO6Vaz1YW6t3dO7G9R+9/oPK6NnaiXl29tz46MT56a8vBT5SfJhUUh8WLeb7k6N//uWy2Y2OEooPyy1tbnW952r1jq6t9/+brd2i3g24Nj83XNY0W3159sffv/bmskUP5XDyVF/St7Km75RDi5oOr96fKxWfFj8r9uU3uVw7/uXeKBaK8hDtr23/fVevzc8NvPb6/JXbOb2zIqcDOZTkStKz8ZwOtT43a2ddR3dZ62AtqPxxsE1561pW4lCL/fpg7ZTp3dQ2VNpcX232eyOjE00z+tUPH86xTR/pY21qbKr4tPhncSH/yE+X9f/RUR7/o2l6dTYpoha57ExZvmzF5dVRj6xt+fDyBa+sLrPlVckd8PN8O1+7ffw7lt3/G8dqZ+5Hy2psfl0km78ufr9/TYuypNYiHVzVIjXuPq3WaeR5sB7VIs//y3P1MjdxR3muXYt9h67/3xZ9+U9u6v8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4+xVJZ7P5HcnRJAeS7C+nK8nC6pibW6ivo7fYSprbZis5f/4ULTe0uJVbeTP7djojAAAAAAAAAO6Ms6OfvP/Be+VQ+318Z77c0VhSSbqSHCh+3T0yOj010aag7uTy4q/0ezaXw+XyxwNL0x+XU4+2WWl3Hx8AgM+1/wUAAP//p2dujQ==")
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

6.928580104s ago: executing program 4 (id=7714):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000300)={r0, &(0x7f0000000980)='H'}, 0x20)

6.871524126s ago: executing program 4 (id=7715):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x20085e, &(0x7f0000000100), 0x1, 0x502, &(0x7f0000000a00)="$eJzs3c9vI1cdAPCvnV9OmjZp6QEQokspLGi1TuJto6oHKCeEUCVEjyBtQ+KNothxFDulCXvY/g9IVOIER/4Azj3xJyC4cYEDEj8iULMSSFPNeLzrzdob7yaxs/HnI41m3ryxv+/t7rzn+W7iF8DYuhYR9yJiOiI+iIiF/Hwh3+Ld9pZe99nR3fXjo7vrhUiS9/9VyOrTc9H1mtQL+XuWIuLH34/4WeHxuM2Dw+21Wq261y7OLrXqu0vNg8ObW/W1zepmdadSWV1ZXX771luVc+vra/Xp9sFE2sBv/yJt1nxe192Pc/T/JDP1IE5qMiJ+eAHBRmEi78/0qBvCMylGxCsR8Xp2/y/ERPa3CQBcZUmyEMlCdxkAuOqKWQ6sUCznuYD5KBbL5XYO79WYK9YazdaNO439nY12rmwxpop3tmrV5TxXuBhThbS8kh0/LFdOlG9FxMsR8cuZ2axcXm/UNkb5wQcAxtgLJ+b//860538A4IorjboBAMDQmf8BYPyY/wFg/Jj/AWD8mP8BYPyY/wFg/Jj/AWCs/Oi999ItOc6//3rjw4P97caHNzeqze1yfX+9vN7Y2y1vNhqb2Xf21E97v1qjsbvyZux/tPid3WZrqXlweLve2N9p3c6+1/t2dWoovQIAnuTl1z79cyEi7r0zm23RtZaDuRqutuJZXjx7fu0Ahm9i1A0ARsZqXzC+zvCMLz0AV0SPJXofUXrkcT+/OkmS5GKbBVyg61+S/4dx1ZX/91PAMGbk/2F8DZr/Py0/ADx/kqQw6Jr/MeiFAMDlJscP9Hm+fyXf/y7/z4Gfbpy84pOLbBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcbp31f8v5WuDzUSyWyxEvRsRiTBXubNWqyxHxUkT8aWZqJi2vjLjNAMBZFf9eyNf/ur7wxvzJ2unC/ZlsHxE///X7v/pordXa+2N6/t8Pzrc+yc9XRtF+AOA0nXk623c9yH92dHe9sw2zPf/4XkSU2vGPj6bj+EH8yZjM9qWYioi5/xTycluhK3dxFvc+jogv9up/IeazHEh75dOT8dPYLw41fvGR+MWsrr1P/yy+8NSRk4VzaD481z5Nx593e91/xbiW7Xvf/6VshDq7fPxL32r9OBsDH8bvjH8Tfca/a4PGePMPP2gfzT5e93HElycjOrGPu8afTvxCn/hvDBj/L1/56uv96pLfRFyP3vG7Yy216rtLzYPDm1v1tc3qZnWnUlldWV1++9ZblaUsR73Ufzb45zs3XupXl/Z/rk/80in9/8aA/f/t/z74ydeeEP9bX+8VvxivPiF+Oid+c8D4a3O/L/WrS+Nv9Ox/R//+3xgw/l//dvjYsuEAwOg0Dw6312q16t4wDzofJIYa1MEVOEj/1VyCZvQ8+O6wYk3HU70qSZ4pVr8R4zyybsBl0L7Xk+peRNwfdWMAAAAAAAAAAAAAAICehvEbS6PuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfX5wEAAP//90HVog==")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x1)

6.76120149s ago: executing program 4 (id=7716):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000eb99710c0000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000000a05000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a32"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0)

6.760902291s ago: executing program 4 (id=7717):
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]})
chdir(&(0x7f00000000c0)='./file0\x00')
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000003, &(0x7f00000001c0)=ANY=[@ANYBLOB="0004335a6ca6dcd044f34129a1bb153dc18db764b2193afebb4507cf8432ca2b997dbee442d13dd0fe47330a4fac7bca55c7c7d58dc4d6df1441247f56fbe83190fff534f4f68f41939d6caa488194c8f7e2d60e6b41b2e3bb73f41c35aca75adf7c2dbf40adfeab6f4727505ded66824115d8c930a851e1845aef030d8116bba1cc8c49090b37b4cebfd81ba61b0b3e8bc849256f5bed13fb90b00ee1e3943d33e6357f6e9b06fee104c346ac228318bd2499dd18f2ef4c1d47d55bd9e3c024cc65387fd261bb1ed6776d75b56e5a5f73011182ce8b91db230418107c0276656c05e4cd"], 0x22, 0x622d, &(0x7f000000e540)="$eJzs3ctvHVcdB/DfffoRmkZdVCVCyG3Do5TmWUKgQNsFLNiwQNmiRK5bRaSAkoDSKiKuvGHBHwFCYokQS1b8AV2wZccfQKQECdRVpxr7HGc8ufZ14vrOdc7nIzkzv3vmes7ke+c+PDP3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQP/7RT8/1IuLKb9INJyK+EIOIfsRSXa9ExNLKibz8MCJeiM3meD4iRgsR9f03/3k24vWI+Ph4xP0Hd1brm8/vsx8//Ou//vSzYz/5519GZ/7/t1uDN3Zb7vbt3//v73cPts0AAABQmqqqql76mH8yfb7vd90pAGAm8ut/leTb1XNXr89Zf9RqtVp9BOumarK7zSIi1pv3qd8zOBwPAEfMenzSdRfokPyLNoyIY113Aphrva47wKG4/+DOai/l22u+HqxstedzQXbkv97bvr5jt+k07XNMZvX42ohBPLdLf5Zm1Id5kvPvt/O/stU+Tssddv6zslv+461Ln4qT8x+08295evLvT8y/VDn/4WPlP5A/AAAAAADMsfz3/xMdH/9dOPim7Mtex39XZtQHAAAAAAAAAPi8HXT8v23G/wMAAIC5VX9Wr/3h+CNN6+0b6o/4l3sRz0xeHihFulhmuet+AAAAAAAAAAAAAEBJhlvn8F7uRYwi4pnl5aqq6p+mdv24Dnr/o6707YeSdf0kDwAAWz4+3rqWvxexGBGX03f9jZaXl6tqcWm5Wq6WFvL72fHCYrXU+Fybp/VtC+N9vCEejqv6ly027tc07fPytPb276vXNa4G++jYbHQYOABExNar0X2vSE+Zqno2un6Xw9Fg/3/62P/Zj64fpwAAAMDhq6qq6qWv8z6Zjvn3u+4UADAT+fW/fVxgUr0Qe7er1Wq1Wq2e77qpmuxus2iPC1i/ZzAcPwAcMevxSdddoEPyL9owIl7ouhPAXOt13QEOxf0Hd1Z7Kd9e8/Ugje+ezwXZkf96b/N++f6TptO0zzGZ1eNrIwbx3C79eX5GfZgnOf9+O/8rW+3jtNxh5z8ru+Vfb+eJDvrTtZz/oJ1/y9OTf39i/qXK+Q8fK/+B/AEAAAAAYI7lv/+fmKvjv+Mn3Zyp9jr+u3JoawUAAAAAAACAw3X/wZ3VfN1rPv7/pQnLuf7z6ZTz78m/SDn/fiv/r7eWGzTm7739MP//Priz+udb//linu43/4U800uPrF56RPTSmnrDND3I1j1qYzQY12sa9fqDYTrnpxq9G9fieqzF2R3L9tP/x8P2czva656ONturwVb7+R3tw+32fP8LO9pH6Uynaim3n47V+GVcj3c22+u2hSnbvzilvZrSnvMf2P+LlPMfNn7q/JdTe681rd37qP/Ift+cTlrPW9e+/Luzh785U23EYHvbmurte6mD/mz+nxwbx69vrt04ffvqrVs3zkWa7Lj1fKTJ5yznP0o/28//L2+15+f95v5676PxY+c/LzZiuCP//GXWdf4vN+br7X2lg/7NWs5/nH5y/u+k9sn7/1HOf/f9/9UO+gMAAAAAAAAAAAAAAAB7qapq8xLRtyLiYrr+p6trMwGA2cqv/1WSb59VPZjx+tTqI1735qw/M60/rearP2r1E9eD7tbfVE32ZrOIiH8071O/Z/jtpF8GAMyzTyPi3113gs7Iv2D5+/7q6amuOwPM1M0PPvz51evX127c7LonAAAAAAAAAMCTyuN/rjTGfz5VVdXd1nI7xn99O1YOOv7nMM9sDzC6y0DVg8ffpr1s9MeDfmO48Rdjt/G/R9tze43/PdxzbQuN3zLZeEr7wpT2xSntEy/0aMj5v9gY7/xURJxsDb9ewviv7THvS5Dzf6nxeK7z/1pruWb+1R+Pcv79HfmfufX+r87c/ODD1669f/W9tffWfnHh3LmzFy5evHTp0pl3r11fO7v1b4c9Plw5/zz2tfNAy5Lzz5nLvyw5/6+kWv5lyfl/NdXyL0vOP7/fk39Zcv75s4/8y5LzfyXV8i9Lzv8bqZZ/WXL+r6Za/mXJ+X8z1fIvS87/tVTLvyw5/9Opln9Zcv5nUr3P/JcOu1/Mxmb+69X2kW/7f1ny/p/PbJB/WXL+51Mt/7Lk/C+kWv5lyfm/nmr5lyXn/61Uy78sOf+LqZZ/WXL+3061/MuS87+UavmXJef/nVTLvyw5/++mWv5lyfm/kWr5lyXn/71Uy78sOf/vp1r+Zcn5/yDV8i9Lzv/NVMu/LA+//9+MGTNm8kzXz0wAAAAAAAAAAAAAQNssTifuehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5jBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYu7cYue76DuBnr944kBgIqZOGZOOYYJxNdn2JL7QuJuHWcE8IhV5iu961WfANr10CjWpHgRIJo6KKtuGhLSDU5qXCqnigFaBUQq0qVYL2gb4gKlQeoiqggFSprYCt5pz//78zs7Mzu971+sw5n4+U/LIzZ+acOXPm7H53850BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaHbngzOfGsiyrPFP/q9NWfaSxn9fN74pv+x113oLAQAAgNX6ef7vF29MFxxcxo2alvmn27/91fn5+fns/UN/MvK5+fl0xXiWjWzIsvy66PIPPjDQvEzwVDY2MNj09WCP1Q/1uH64x/UjPa4f7XH9hh7Xj/W4ftEOWOS64vcx+Z1tzf9zU7FLs5uykfy6rR1u9dTAhsHB+Luc3EB+m/mRY9lsdiKbyaZali+WHciX//qdjXW9NYvrGmxa122NI+QnTxyN2zAQ9vHWlnUt3Gf0ozdk4z/9yRNH/+rcC7d0mj13Q8v9Fdu5bUtjOz8RLim2dSDbkPZJvp0Hs3T9cNj+9udkqGU7B/LbNf67fTtfXOZ2Di1s5rpqf87HssH8v7+T76fh5l/rpf10W7jsf+7Ksuziwma3L7NoXdlgtrHlksGF52esOCIb99E4lF6eDa/oOL1zGcdpY05vbT1O218T8Ti9M9xueIltaH6afvTkaNPz/rP5KzlOo8ajXuq10n4MrvVrpSzHYDwuvpM/6Kc7HoNbw+N/4u6lj8GOx06HYzA97qZjcEuvY3BwdCjf5vQkDOS3WTgGd7QsP5SvaSCfz9/d/RicPHfyzOTcxz5+7+zJI8dnjs+c2rVjx9SuPXv27ds3eWz2xMxU8e8r3NvltzEbTK+BLWHfxdfAa9qWbT5U5784uuj8e6Wvw7Eur8NNbcuu9etwuP3BDazPC3LxMV28Nt7b2OljlwazJV5j+fOzffWvw/S4m16Hw02vw47fUzq8DoeX8TpsLHNm+/J+Zhlu+qfTNiz9vWB1x+CmpmNwsO3nkfZjcK1/HinLMTgWjovvbV/6e8FtYXufnljpzyNDi47B9HDDuadxSfp5f2xfPjodl7c2rrh+NDs/N3P2vsePnDt3dkcWxrp4RdOx0n68bmx6TNmi43Vwxcfrwdnbn761w+Wbwr4au7fxr7Eln6vGMrvv6/5c5d/dOu/Plkt3ZmGssfXen52+mzf252iWff5bTz78jSc+/+CS+7ORNz8xufqfxVMubTr/jixx/o25/xfF+tJdPTU0Mly8fofS3hlpOR+3PlXD+blrIF/3i5PLOx+PhH/W+3x8U5fz8ea2Zdf6fDzS/uDi+Xig1287Vqf9+RwLx8mJqe7n48Yym3eu9Jgc7no+vivMgbD/XxuSQspFTcfOUsdtWtfw8Eh4XMNxDa3H6a6W5UdCNmus69mdV3acbruruK+h9OgWrNdxOt627Fofp+l3X0sdpwO9fvt2Zdqfz7FwXNy0q/tx2ljmud2rP3deF/+z6dw52usYHBkabWzzSDoI8/N9Nn9dPAbvy45mp7MT2XR+7Wh+PA3k65q4f3nH4Gj4Z73PlZu7HIPb2pZd62MwfR9b6tgbGF784NdA+/M5Fo6LZ+7vfgw2lnnj3rX92XVbuCQt0/Sza/vv15b6ndetbbvpah0rw2E7v7W3++9mG8uc2LfSnNl9P90TLrm+w35qf/0u9ZqaztZnP20O2/nCvqX3U2N7Gst8bv8yj6eDWZZd+MgD+e97w99X/vb8d7/a8neXTn/TufCRB3780mP/uJLtB6D//aIYG4vvdU1/mVrO3/8BAACAvhBz/2CYifwPAAAAlRFzf/y/whP5HwAAACoj5v7hMJOa5P/Nb3xh9hcXstTMnw/i9Wk3PFQsFzuuU+Hr8fkFjcsf+PLMf//9heWtezDLsp899Psdl9/8UNyuwnjYzstvar18ka/eu6x1H370Qlpvc3/9C+H+4+NZ7mHQqYI7lWXZ12/8TL6e8Q9cyudzDx3O58MXn36qscyL+4uv4+2ff0Wx/J+H8u/BY0dabv982A8/DHPqbZ33R7zdVy699ra971tYX7zdwJYb8of9zGPF/cb3yfnsU8XycT8vtf3f+PSzX2ks//irO2//hcHO2//sm2Jzv7j//31VsXzzc9D4Ot7uk2H74/q+HLbrvi99s+P2X/5UsfyZNxfLHQ4zrn9b+Hrrm1+Ybd5fjw8caXlc2VuK5eL6p777R/n18f7i/bdv/9ihSy37o/34eO7fivuZbFs+Xh7XE/1d2/ob99N8fMb1P/uHh1v2c6/1X374+Vc17rd9/fe0LXfmI9vz9S/cX+s7Nv3FJz/TcX1xew7+zZmWx3PwPeF1HNb/zGPheAzX/9/l4v7a313h8Htazz9x+S9sutDyeKK3/rRY/+XXH8/nhrHrNl7/kpfecPGOxr7Lsu9sKO6v1/qP/+Xplu3/4s3F/ojXx45++/qXEtd/9qMTp07PnZ+dTnv1iRvz9855e7E9cXtvDOfW9q8PnT73wZmz41PjU1k2Xt230LtiXwrzx8W42H3p+UVn0O2Phufz1j/7+sa7//XT8fJ/f29x+aW3Fd+3XhOW+2y4fFN4/la2/sWeufPm/PU98FzYwvnF7xe8Grdt/a99y1owPP72nwvi8X7mlR/M90Pjuvz7Rnxdr3L7vz9d3M/Xwn6dD+/MvOXmhfU1Lx/fG+HSI8XrfdX7L5zm4vP61+H5fscPi/uP2xUf7/fDzzHf3Nx6vovHx9cuDLbff/4uHhfD+SS7WFwfl4r7+9KLN3fcvPg+JNnFW/Kv/zjdzy0rephLmfvY3OSJ2VPnH588NzN3bnLuYx8/dPL0+VPnDuXv5XnoQ71uv3B+2pifn6Zn9uzO8rPV6WJcZdd6+888enR679Td0zPHjpw/du7RMzNnjx+dmzs6Mz1395Fjx2Y+2uv2s9MHduzcv2vvzonjs9MH9u3fv2v/xOyp043NKDaqhz1TH544dfZQfpO5A7v377j//t1TEydPT88c2Ds1NXG+1+3z700TjVv/3sTZmRNHzs2enJmYm/34zIEd+/fs2dnz3QBPnjk2Nz559vypyfNzM2cni8cyfi6/uPG9r9ftqaa5/yh+nm03ULwRX/aue/ak92dt+PKTS95VsUjbG4i+EN6L5p9fdmbfcr6OuX8kzKQm+R8AAADqIOb+0TAT+R8AAAAqI+b+DWEm8j8AAABURsz9Y2EmNcn/lev/b76wrPXr/1+r/n9xv7HHr/+v/39N+v+PlK3/X5wv9P/Xxmr79/r/Qcn6/1mW6f/r/5d++/X/9f9ZrGz9/5j7r8uyWuZ/AAAAqIOY+zeGmcj/AAAAUBkx918fZiL/AwAAQGXE3P+SMJOa5H/9f/1//X/9f/3/zuvX/+9P+v/d9Wv/3+f/F9aj/5/Vq/9/cS23X/9f/5/Fytb/j7n/pWEmNcn/AAAAUAcx998QZiL/AwAAQGXE3H9jmIn8DwAAAJURc/+mMJOa5H/9f/1//X/9f/3/zuvX/+9P+v/d6f/3oP/v8//1//X/WVNl6//H3P+yMJOa5H8AAACog5j7Xx5mIv8DAABA+Qxf2c1i7n9FmMmi/H+FKwAAAACuuZj7b8raiuA1+fu//r/+f/n7/xvSdfr/+v9ZKfv/Q5n+f3no/3en/9+D/r/+v/6//j9rqmz9/zz3Z2PZK8NMapL/AQAAoA5i7r85zET+BwAAgMqIuf+XwkzkfwAAAKiMmPs3h5nUJP/r/+v/l7//7/P/9f/L3v/3+f9lov/fnf5/D/r/+v/6//r/rKmy9f9j7r8lzKQm+R8AAADqIOb+W8NM5H8AAACojJj7fznMRP4HAACAyoi5/7Ywk5rkf/3/kvf/Y3NU/1//X/9f/1//f1n0/7u7Gv3/hzP9f/3/gv6//r/+P+3K1v+Puf9VYSY1yf8AAABQBzH33x5mIv8DAABAZcTcf0eYifwPAAAAlRFz/3iYSU3yv/5/yfv/RQ9+1Of/6//r/+v/z2/Q/18O/f/ufP5/D1Xv/1/8ZNerr3V/frWu9fbr/+v/s1jZ+v8x998ZZlKT/A8AAAB1EHP/ljAT+R8AAAAqI+b+u8JM5H8AAACojJj7t4aZ1CT/6//3Rf8/0//X/9f/1//3+f/Lo//fnf5/D1Xv//dwrfvz/b79+v/6/yxWtv5/zP2vDjOpSf4HAACAOoi5/+4wE/kfAAAAKiPm/teEmcj/AAAAUBkx928LM6lJ/tf/1//X/9f/1//vvH79//6k/9+d/n8P+v/6//r/+v+sqbL1/2Puf22YSU3yPwAAANRBzP3bw0zkfwAAAKiMmPvvCTOR/wEAAKAyYu6fCDOpSf7X/9f/1//X/9f/77x+/f/+pP/fnf5/D/r/+v/6//r/rKmy9f9j7r83zKQm+R8AAADqIOb++8JM5H8AAACojJj7J8NM5H8AAACojJj7p8JMapL/9f/1//X/9f9X1P+/Y+F+9f8L+v/lov/fnf5/D/r/+v/XvP8/ov9PpZSt/x9z/44wk5rkfwAAAKiDmPt3hpnI/wAAAFAZMffvCjOR/wEAAKAyYu7fHWZSk/yv/6//r/+v/+/z/zuvX/+/P+n/d7f2/f/4EPX/9f/1/33+v/4/i5Wt/x9z//1hJjXJ/wAAAFAHMffvCTOR/wEAAKAyYu7fG2Yi/wMAAEBlxNy/L8ykJvlf/1//X/9f/1//v/P69f/7k/5/dz7/vwf9f/1//X/9f1bpkT9o/qps/f+Y+/eHmdQk/wMAAEAdxNz/ujAT+R8AAAAqI+b+Xwkzkf8BAACgMmLu/9Uwk5rkf/1//X/9f/1//f/O69f/70/6/93p//eg/6//r/+v/8+aKlv/P+b+A2EmvYPfeM8lAAAAgFKIuf/Xwkxq8vd/AAAAqIOY+18fZiL/AwAAQGXE3H8wzKR6+f+xThfq/+v/6//r/+v/d16//n9/0v/vTv+/B/1//f817/+PZvr/+v91Vrb+f8z9bwgzqV7+BwAAgNqKuf+BMBP5HwAAACoj5v4Hw0zkfwAAAKiMmPvfGGZSk/yv/6//r/+v/6//33n9+v/9Sf+/O/3/HvT/V9ufH4gHvf6/z//X/ycrYf8/5v43hZnUJP8DAABAHcTc/+YwE/kfAAAAKiPm/reEmcj/AAAAUBkx9781zKQm+X99+v//0HavBf1//X/9f/1//X/9/7Wm/9+d/n8P+v8+/1//X/+fNVW2/n/M/b8eZlKT/A8AAAB1EHP/Q2Em8j8AAABURsz9bwszkf8BAACgMmLuf3uYSU3yv8//1//X/9f/1//vvH79//6k/99dn/X/f35DuFz/v6D/X+7tX2n/f7jt66vS///BUv3/+Q3tt9f/52ooW/8/5v53hJnUJP8DAABAHcTc/84wE/kfAAAAKiPm/neFmcj/AAAAUBkx9787y7InO+T/kWu0XetF/7+xHQvtZf1//f/8Av1//X/9/76l/99dn/X/ff5/G/3/cm+/z//X/2exsvX/353faix7T5iJv/8DAABAZcTc/3CYifwPAAAAlRFz/yNhJvI/AAAAVEbM/e8NM6lJ/tf/9/n/+v/6//r/ndev/9+f9P+70//vQf9f/79s/f//1P+nv5Wt/x9z/6NhJjXJ/wAAAFAHMfe/L8xE/gcAAIDKiLn/N8JM5H8AAACojJj73x9mUoP8f4f+f9qOqLz9/3H9f/3/Rf3/228oltP/b+//P6j/X2P6/93p//eg/6//X7b+v8//p89d3f5/46Yr6//H3P+BMJPl5/+xZS8JAAAAXBMx9/9mmEkN/v4PAAAAdRFz/2+Fmcj/AAAAUBkx9/92mElN8r/+f7/0/33+f6b/7/P/2x6Pz//X/+9k/fr/8cyj/6//r/8f6f/XvP8/qP/PYle3/9+779/+dcz9vxNmUpP8DwAAAHUQc/9jYSbyPwAAAPSFTv9PdruY+w+Fmcj/AAAAUBkx9x8OM6lJ/tf/1//X/y9p//9Pt/zL9779zsM79P/1//X/V2RdP/+/8eL3+f/6//r/if5/zfv/Pv+fDsrW/4+5/0iYSU3yPwAAANRBzP2/G2Yi/wMAAEBlxNx/NMxE/gcAAIDKiLl/OsykJvlf/1//X/+/pP3/Pv78/7g/9P9brVn/P5509f87Wtf+//sWeuL6/yvt/492vFT/X/+/n7df/1//n8XK1v+PuX8mzKQm+R8AAADqIOT+wWPFXLhC/gcAAIDKiLn/eJiJ/A8AAACVEXP/B8NMapL/9f/1//X/9f99/n/n9Ze2/+/z/7vS/++uPP3/zvT/9f/7efv1//X/Waxs/f+Y+2fDTGqS/wEAAKAOYu7/UJiJ/A8AAACVEXP/h8NM5H8AAACojJj7T4SZ1CT/6//r/+v/5/3/J/X/9f/1/6tB/787/f8e9P/1//X/9f9ZU2Xr/8fcfzLM/2fvPp4sO8s7jt+WRp6ekhfeeeGFXOWlt65ylbWwvbX/AC+88cZVLi9kgwCRNSJHgchBIHIWQQIhkshJIglElgCRcxBZQA2lmed5pnv69LndPbf7nvO+n8/Cj5lhuC0xNein0bfe0sn+BwAAgB7k7r8sbrH/AQAAoBm5+/8vbrH/AQAAoBm5+/8/bulk/+v/9f/N9v//7P3/3T5f/6//b9k6+v/7fg3Q/8+//z/9a4H+f2c/fyK+U/+/9PP1//p/dppa/5+7/35xSyf7HwAAAHqQu//+cYv9DwAAAM3I3X953GL/AwAAwKxcMPJ9ufsfELd0sv/P6f83Fn32/5nx6v9b6v/39/6//l//r/9vxNH2/1fd9yuf9/8b6f9P0/97/1//r/9npabW/+fuf2Dc0sn+BwAAgB7k7n9Q3GL/AwAAQDNy918Rt9j/AAAA0Izc/Q+OWzrZ/97/9/6//l//r/8f/nz9/zyt4/3/4f5/80Cfr/9fXf9/+R0XX3bPTX9z834+X/+v/9f/6/9Zran1/7n7HxK3dLL/AQAAoAe5+x8at9j/AAAA0Izc/Q+LW+x/AAAAaEbu/ofHLZ3sf/2//l//r//X/w9/vv5/nqbT/x/s8/X/3v/X/8/369f/6//ZaWr9f+7+R8Qtnex/AAAA6EHu/kfGLfY/AAAANCN3/5Vxi/0PAAAAzcjdfzJu6WT/6/8Pv///k/5f/x9X/6//1/8fPv3/OP3/Evp//b/+X//PSk2t/8/df1Xc0sn+BwAAgB7k7n9U3GL/AwAAQDNy9z86brH/AQAAoBm5+x8Tt3Sy//X/3v/X/+v/9f/Dn3+w/n/33Fv/fzT0/+P0/0vo/8+zn99c6P/1//p/ttpn/3/vyC/bK+n/c/c/Nm7pZP8DAABAD3L3Py5usf8BAACgGbn7Hx+32P8AAADQjNz9T4hbOtn/+n/9v/5f/3/g/n/nT73T+u7/d6f/Pxr6/3GT6f83jg1+s/5/7v2/9//1//p/tpva+/+5+58Yt3Sy/wEAAKAHufufFLeM7P99/818AAAAYK1y9z85bvH7/wAAADB7WZ3l7n9K3NLJ/j+0/n9z+Wfr//X/+v+Z9/8dv/9/85avT/8/Lfr/cZPp/3eh/9f/z/nr1//r/9lpav1/7v6nxi2d7H8AAADoQe7+q+MW+x8AAACakbv/aXGL/Q8AAADNyN3/9Lilk/0/3P+f/X7v/++N/n/716//H/75sar+P/8T9f+j/f+/zOr9/039/6ro/8cdff9/XP+//T9f/3+I1v31N97/n1j24/X/DJla/5+7/5q4pZP9DwAAAD3I3f+MuMX+BwAAgGbk7n9m3GL/AwAAQDNy9z8rbulk/x/a+/97oP/X/+v/vf8/1/f/F6vu/xfL+v9j+v890v+P8/7/Evp//b/+3/v/rNQa+/9/Gvr+3P3Pjls62f8AAADQg9z9z4lb7H8AAACYh63/7MC5/0BpyN3/3LjF/gcAAIBm5O5/XtzSyf7X/+v/9f/6f/3/8OdPq//3/v9e6f/H6f+X0P8fRj9/rLH+/7rdfvwU+v8r9f9MzLb+/5az376u9/9z9z8/bulk/wMAAEAPcve/IG6x/wEAAKAZuftfGLfY/wAAANCM3P3Xxi2d7P9D7/9P7P7Z+n/9v/5f/6//1/+vmv5/nP5/Cf2/9/+9/6//Z6W29f9brKv/z93/orilk/0PAAAAPcjd/+K4xf4HAACAZuTuvy5usf8BAACgGbn7XxK3dLL/vf+v/9f/6//1/8Ofr/+fJ/3/OP3/Evp//b/+X//PSk2t/8/d/9K4pZP9DwAAAD3I3f+yuMX+BwAAgGbk7n953GL/AwAAQDNy978ibulk/+v/D7f/z2/X/+v/F/p//b/+/0h02/9vDP0v0U679P+3/c/Jf9/+Lfp//b/+X/+v/2cFJtH/nzr7V5e5+18Zt3Sy/wEAAKAHuftfFbfY/wAAANCM3P2vjlvsfwAAAGhG7v7XxC373P9/tdKv6ujo/73/r//X/+v/hz9f/z9P3fb/e+T9/yX0//r/Fvv/ixb6f9ZmEv3/ln+du/+1cYvf/wcAAIBm5O5/Xdxi/wMAAEAzcve/Pm6x/wEAAKAZufvfELd0sv+77P+v/8fFQv+v/99C/6//H/r8g/b/m4th+v+jof8fp/9fQv/fd///rxe22f97/581mlr/n7v/+rilk/0PAAAAPcjd/8a4xf4HAACAZuTuf1PcYv8DAABAM3L3vzlu6WT/d9n/e/9f/x/9/8bizH/P+n/9/9Dne/9/nvT/4/T/i8XihpEvYKj/P3Vc/99L/9/q+//6f9Zoav1/7v63xC2d7H8AAADoQe7+G+IW+x8AAACakbv/xrjF/gcAAIBm5O5/a9zSyf7X/+v/e+7/k/5f/z/0+fr/edL/jzu8/v+S+fT/Y7z/r//X/+v/Wamp9f+5+98Wt3Sy/wEAAKAHuftvilvsfwAAAGhG7v63xy32PwAAADQjd//NcUsn+1//r//X/+v/9f/Dn6//n6fD6/8X+v9W3v8fo//X/+v/9f+s1NT6/9z974hbOtn/AAAA0IPc/e+MW+x/AAAAaEbu/nfFLfY/AAAANCN3/7vjlk72v/5f/6//1//r/4c/X/8/T97/H6f/X0L/r//X/+v/Wamp9f+5+98Tt3Sy/wEAAKAHuftviVvsfwAAAGhG7v73xi32PwAAADQjd//74pZO9r/+X/+/vf9fLPT/+n/9/xlH0P9vLvT/K6f/H6f/X0L/32b/f8Giof7/xK4/Xv/PFE2t/8/d//64pZP9DwAAAD3I3f+BuMX+BwAAgGbk7v9g3GL/AwAAQDNy938obulk/4/2/5fMof8/fs4P1P8vFos7r/D+v/5/5PP1/5Pp/+vPqv5/dfT/4/T/S+j/s5//i9P/spX+3/v/+n/WZmr9f+7+D8ctnex/AAAA6EHu/o/ELfY/AAAANCN3/0fjFvsfAAAAmpG7/2NxSyf73/v/Tfb/5/H+/4z7/3+4drHQ/+v/9f/d0/+P0/8vof9f2s9v7PLXPQv9v/5f/8+AqfX/ufs/Hrd0sv8BAACgB7n7b41b7H8AAABoRu7+2+IW+x8AAACakbv/E3HLLPf/5r5/hP5f/99M/9/Z+/+b+n/9v/5/0FT6/0sv/bfb9f/6/xb7/zH6//Pp//Nngf6ftkyt/8/d/8m4ZZb7HwAAABiSu/9TcYv9DwAAAM3I3f/puMX+BwAAgGbk7v9M3NLJ/t/Z/1+0OFOonjHU/0edpP/fQv+//evX/w///PD+v/5f/3/4ptL/e///YF+//l//P+evf1/9/9/u/PHe/6dFU+v/c/ffHrd0sv8BAACgB7n7Pxu32P8AAADQjNz9n4tb7H8AAABoRu7+O+KWTva/9//1//p//b/+f/jz9f/zpP8fp/9fQv+v/1/b+/8T6v8v1P+zOlPr/3P3fz5uOT38/u4vD/iHCQAAAExI7v4vxC2d/P4/AAAA9CB3/xfjFvsfAAAAmpG7/0txSyf7X/+v/9f/6//1/8Ofr/+fJ/3/OP3/Ev30/5tD37jufv58rfvrb6b/9/4/KzS1/j93/5fjlk72PwAAAPQgd/9X4hb7HwAAAJqRu/+rcYv9DwAAAM3I3X9n3NLJ/tf/6//b7///S/9/zufr//X/LdP/5/+iD9P/L9FP/z9o3f383L9+/b/+n52m1v/n7r8rbulk/wMAAEAPcvd/LW6x/wEAAKAZufu/HrfY/wAAANCM3P3fiFs62f/6/776/41Fj/2/9//1//r/nuj/x+n/l9D/6//1//p/Vmpq/X/u/rs3jnW5/wEAAGCu/uPv//euvf577z79fzcX34xb7H8AAABoRu7+b8Ut9j8AAAA0I3f/t+OWTva//r+v/r/P9//1//p//X9P9P/j9P9L6P/1//p//T8rNbX+P3f/d+KWLcPv2L7/KAEAAIApyd3/3bilk9//BwAAgB7k7v9e3LJj/5/a4z/VDgAAAExN7v7vxy2d/P6//n/i/f/ikPr/+Pfp/8/Q/+v/hz5f/z9P+v9x59n/n9rQ/+v/R+j/9f/6f841tf4/d/8P4pZO9j8AAAA0atvfUcjd/8O4xf4HAACAZuTu/1HcYv8DAABAM3L3/zhu6WT/6/8n3v8f6P3/E/X/ef+/8/7/6s3Bz9f/6/9bpv8f5/3/JfT/+n/9v/6flZpa/5+7/ydxSyf7HwAAAHqQu/+ncYv9DwAAAM3I3f+zuMX+BwAAgGbk7v953NLJ/tf/r6H/v+b4YnGo/f8e3v/X//fR/+/y+e30/3998clb//O/b7xe/89ZR9n/588F/b/+X/9/hv5f/6//51xT6/9z9/8ibulk/wMAAEAPcvffE7fY/wAAANCM3P2/jFvsfwAAAGhG7v5fxS2d7H/9f4vv/8+z/88/12vo/0/Orv/PP+BF7/2/9//1/zt5/3+c/n8J/b/+X/+v/2elptb/5+7/ddzSyf4HAACAHuTu/03ckvt/Y99/6x4AAACYmNz9v41b/P4/AAAANCN3/+/ilk72v/5f/z+V/j95///sj/P+/xn6f/3/fuj/x+n/l9D/6//1//p/Vmpq/X/u/t/HLZ3sfwAAAOhB7v574xb7HwAAAJqRu/8PcYv9DwAAAM3I3f/HuKWT/a//1//r//X/vfX/F8afR/1/m/T/4/T/S+j/9f/6f/0/KzW1/j93/58DAAD//wsgZRY=")

6.575326712s ago: executing program 4 (id=7719):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r0, &(0x7f0000000580)="81", 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c)
setsockopt$inet6_group_source_req(r0, 0x84, 0x2f, 0x0, 0x0)

6.174126857s ago: executing program 4 (id=7723):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0)

5.946165349s ago: executing program 35 (id=7723):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0)

3.290458055s ago: executing program 5 (id=7747):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=@newtaction={0xf58, 0x30, 0x25, 0x0, 0x0, {}, [{0xf44, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x4}, [{}, {}, {}, {0x0, 0x0, 0x4000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x100}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xff}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}], [{}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0xf0, 0x2, 0x0, 0x0, {{0x8}, {0x17, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0x24, 0x4, [{0x1, 0xff, 0x4, 0x6}, {0x6, 0x9, 0x1, 0x3}, {0x8, 0xa, 0x9, 0xe5ad}, {0x2, 0xfd, 0x3, 0x7}]}]}, {0xa4, 0x6, "aef41341fdedc57514e9e6b7c9a7d6c6f2710911ea3f03808c1cd540f74547537bf4bd3de3af39a159c644fdacd41501de3816424920bd50948bb71277cbcb3af35a087dfca43335c1d1f7676239b2932026b5e5e0d02760eb4305f349000de9580b5ad411948e208801ff4e11df28aa70701228e871fa62bd8e1d2b3abd2494e13f35b5933263a1b9ee64b0161ef7cc4e38117db59c3db871f9eb7078642fdf"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}, 0xf58}}, 0x0)

1.605720543s ago: executing program 5 (id=7756):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="009f587a31d53b5cb6077bd11087bb6e13aac56feecaaae0b009cee43814e80646ff2772abedb27f35c706ba7c624afb75f473956061ae41834d27270063fa18a3515f9ac6cd6f15a042b1edcd60bdeb55446beed1014aa13d43d399fb4f716b8a24502a8e3e697642b172841c89aecefe0cfb3c32d7c28955601f41fb90d51951d91a35a5abeb4ffceef5cf6e190ec9eb6f91a0d06882039b54dd4485b823414e06691b0244ca11ac0baeaeec1a96861d358464329c64b77e6ff2e2d8a6bb29268be3e7c46750210270d79e1054add6c2ef3f0373", @ANYRES32, @ANYRESOCT], 0x1, 0x1282, &(0x7f0000002880)="$eJzs3U1rY1UcB+B/pmmbduyLOo52QDzoRhHitAtXborMgFhQqh1QQbhjUy1Nm9KEQkScunIl+DFEXboTxC/QjRvXgiDSjctZiFfSpE7TpB2nNq0Mz7PJ5ZzzO+fce8qFW+7h7r3y5fraSr28kjXiUqEQxc3hKN5NkeJSDEXbTrxw6+dfnn7rnXdfn19YuLGY0s35t2dfTilNPvPDe598++yPjcu3vpv8fjR2p9/f+2Pu192ruzN7f30Tq/W0Wk8btUbK0u1arZHdrlbS8mp9rZzSm9VKVq+kUmeMe/Ur1drmZjNlG8sT45tblXo9ZRvNtFZppkYhNbaaKfswW91I5XI5TYwH/8XS13fzPI/I8+EYiTzP87EYj8vxSEzEZEzFdDwaj8XjcSWeiKvxZDwVM/utDvIjFzt9AAAAAAAAAAAAAAAAAAAAeEjcZ/9/oXf//+hFTxkAAAAAAAAAAAAAAAAAAAAeOkf3/xcjHuD7/wAAAAAAAAAAAAAAAAAAAMBZuM/3/4/s/3/R/n8AAAAAAAAAAAAAAAAAAAAYhFL7ZzGlUsT659tL20vt33b5/EqsRjUqcT2m4s/Y3/3f1j6++drCjetp33S8tH6nk7+zvTTUnZ8dnorpQt/8bDufuvOjMX44PxdTcaX/+HN986V4/rlW/rN2vhxT8dMHUYtqLEcUOme/n/90NqVX31gY685fa7U71tCAlwUAAADOUjn9o/f5fafTqG99u6rzfJ46LQsn/H/gyPN5Ma4VL+qsOVBvfryWVauVrVMejBzfz0h3yVin5anHKkRE1hWfHP9tsdXlaSd/ZgdD5zro8Mltjq7FTOnEDi8dWsEo/g8u5hkc/P7VoZJSDGqs4dafc0/VwQXNqq3757/rMHbyfKCXZaRf1ehJqePvGYUB3o84X/cW/aJnAgAAAAAAAAAAwIPo+/bfWET0vA/4UU/Jwevh3fHeno8f/YtzOEMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ZgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVQAAAP//kh3BBA==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000000900)={0x58f5, 0x4fffe, 0x1, 0x5, 0x14, 0x0, 0x2401})

1.448966403s ago: executing program 5 (id=7757):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x9, 0x1, 0x8002, 0x3, 0xeb020000, 0x519, 0x8, 0x3ff, r2}, &(0x7f0000000240)=0x20)

1.320857518s ago: executing program 5 (id=7758):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000000)={0x2, 0xfffffffe, 0xfffffffe})

1.25104032s ago: executing program 5 (id=7761):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000440)='./file0\x00', 0x2008410, &(0x7f0000001f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES64], 0x1, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x9)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58)
pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000240)={r0, 0x2bf6, 0xff, 0xff})

1.078140175s ago: executing program 1 (id=7764):
syz_io_uring_setup(0x1e1e, 0x0, &(0x7f0000002000), &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
ioprio_set$pid(0x1, r0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
poll(0x0, 0x0, 0x5)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)="18607e51149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r3, 0x2, &(0x7f0000000080)={0x0})
ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000740)={0x0})

338.029969ms ago: executing program 5 (id=7765):
ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000200)="b117c1094e206c98804d43698b727424422169c4f3ef3356c71eea01d438679d29eb27bbb1973f92b2ecd066dca9ddd8e76674590b83c28c74390028a7da8dc1ccc2b24a694cdc6a165f35950d93b6c6ed536db2a2107d36a7f163cb3b1bb3c8cd56e7b17966a8d92227fafc6c6a00c5d6e68e5724eb7be489fd5064a86dd9bb6ae382cd5e97605d27c450145fe7eb683b794df6413a7d94b75306d585fca6496aef35e9fe6384e4375b74711ab94deb3653479e6a5da5529f49f2de550e08d49349dec742fd7f3cce839fa7e637ca35b8e9b02f72268489313e2c18cc06d2ddb165f662d2b0060880ede61691da67b4e101494bc7143fe439664b494faeec6d")
r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x80000)
ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068)

225.405184ms ago: executing program 1 (id=7766):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180008ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

157.51976ms ago: executing program 1 (id=7767):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c0001eb28bd7000fedbdf2507000000", @ANYRES32=r2, @ANYBLOB="80007e0a0a000200aa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x26000411}, 0x810)

80.758005ms ago: executing program 1 (id=7768):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000060c0)={0x20, r1, 0x301, 0x0, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x0)

214.433µs ago: executing program 1 (id=7769):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_ifreq(r0, 0x8943, &(0x7f0000000080)={'dummy0\x00', @ifru_ivalue})

0s ago: executing program 1 (id=7770):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980000000000001800128008000100677265000c00028008000100", @ANYRES32=r3], 0x38}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x0, 0x4100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gre={{0x8}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x34}}, 0x0)

kernel console output (not intermixed with test programs):

 loop3: detected capacity change from 0 to 8
[  336.227615][T18800] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  336.247329][T18800] cramfs: Error -3 while decompressing!
[  336.249325][T18800] cramfs: ffffffff99be4648(1306)->ffff888132e95000(4096)
[  336.256824][T18800] cramfs: bad data blocksize 3221485966
[  336.262972][T18800] cramfs: Error -3 while decompressing!
[  336.265070][T18800] cramfs: ffffffff99be4648(1306)->ffff888132e95000(4096)
[  336.274839][T18804] 9pnet: Found fid 0 not clunked
[  336.361505][ T5847] Bluetooth: hci2: command 0x0406 tx timeout
[  336.480258][T18824] overlayfs: failed to decode file handle (len=7, type=78, flags=0, err=-22)
[  336.515863][T18826] loop3: detected capacity change from 0 to 2048
[  336.523548][T18826] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  336.526381][T14992] udevd[14992]: incorrect nilfs2 checksum on /dev/loop3
[  336.529736][T18826] NILFS (loop3): mounting unchecked fs
[  336.537142][T14992] udevd[14992]: incorrect nilfs2 checksum on /dev/loop3
[  336.546518][T18826] NILFS (loop3): recovery complete
[  336.549475][T18827] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  336.620317][T18829] netlink: 'syz.3.5621': attribute type 29 has an invalid length.
[  336.624442][T18829] netlink: 'syz.3.5621': attribute type 29 has an invalid length.
[  336.880907][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  337.030906][    T9] usb 4-1: Using ep0 maxpacket: 8
[  337.034838][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  337.038356][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  337.042627][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  337.046314][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  337.049606][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  337.052949][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1
[  337.056195][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  337.059463][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  337.063324][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[  337.069194][    T9] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  337.072307][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.074890][    T9] usb 4-1: Product: syz
[  337.076249][    T9] usb 4-1: Manufacturer: syz
[  337.077759][    T9] usb 4-1: SerialNumber: syz
[  337.083085][    T9] usb 4-1: config 0 descriptor??
[  337.085399][T18831] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  337.089628][    T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  337.125780][T16109] udevd[16109]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  337.294811][    T9] usb 4-1: USB disconnect, device number 25
[  337.623580][T18869] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  337.899143][T18882] netlink: 'syz.3.5647': attribute type 1 has an invalid length.
[  337.967066][T18891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5653'.
[  337.969953][T18891] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  338.287797][T18921] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5665'.
[  338.293548][T18921] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5665'.
[  338.789587][T18958] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  339.866794][T18996] gre2: entered promiscuous mode
[  339.868531][T18996] gre2: entered allmulticast mode
[  339.921062][    T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  340.060185][T19028] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  340.073554][    T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  340.076632][    T9] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  340.079986][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  340.090857][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  340.094820][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  340.104776][    T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  340.107744][    T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  340.110589][    T9] usb 4-1: Product: syz
[  340.112880][    T9] usb 4-1: Manufacturer: syz
[  340.121623][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  340.125470][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  340.132213][    T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  340.142025][    T9] cdc_wdm 4-1:1.0: Unknown control protocol
[  340.189287][T19034] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5719'.
[  340.255752][T19038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5721'.
[  342.892422][ T5908] usb 4-1: USB disconnect, device number 26
[  342.954039][T19067] loop3: detected capacity change from 0 to 2048
[  342.973833][T19067] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.986622][T19067] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5733: bg 0: block 408: padding at end of block bitmap is not set
[  343.001545][T19067] EXT4-fs (loop3): Remounting filesystem read-only
[  343.006508][T19067] EXT4-fs warning (device loop3): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed
[  343.031751][T12039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.196293][T19090] loop3: detected capacity change from 0 to 1024
[  344.144125][   T40] hfsplus: b-tree write err: -5, ino 4
[  344.388122][T19122] loop3: detected capacity change from 0 to 1024
[  344.457115][T19128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5759'.
[  344.857992][T19158] netlink: 'syz.1.5773': attribute type 1 has an invalid length.
[  344.860662][T19158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5773'.
[  345.400312][T19176] loop3: detected capacity change from 0 to 512
[  345.429205][T19176] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.435014][T19176] ext4 filesystem being mounted at /794/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  345.461866][T12039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.515314][T19181] sp0: Synchronizing with TNC
[  345.732955][T19190] loop3: detected capacity change from 0 to 32768
[  345.740988][T19190] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5784 (19190)
[  345.760217][T19190] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  345.769172][T19190] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  345.820198][T19196] futex_wake_op: syz.1.5786 tries to shift op by -1; fix this program
[  345.831154][T19190] BTRFS info (device loop3): using free-space-tree
[  345.945958][ T1181] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0xf8bb6bdef03b64ff3b11a2a87ba7a2aeacfdb41cc49a87adad5cc1644d216b29 level 0
[  345.985096][T19190] BTRFS error (device loop3): failed to load root extent
[  345.988187][ T1181] BTRFS warning (device loop3 state C): checksum verify failed on logical 5341184 mirror 1 wanted 0xc53d3c5bb04ba5dfc01f4c277f0b81815915cb99da5074f609a3f7f617cf284a found 0xd34891a64d32c06b063fbbf3d26e09cb4d5acf5ade8dc51c4cd532bb53f895d0 level 0
[  346.022271][T19190] BTRFS error (device loop3 state C): failed to load root free space
[  346.029030][ T1181] BTRFS warning (device loop3 state C): checksum verify failed on logical 5287936 mirror 1 wanted 0x31987782e3a542b4b1826f4a60605b79838e23bf27075900db4b92202c72b2fd found 0xceda3bc49047826ec4468b88ec74a14d6cd3232f25b2c41331ed48993507590e level 0
[  346.080923][   T40] BTRFS warning (device loop3 state C): checksum verify failed on logical 5292032 mirror 1 wanted 0xcbbb23d5b53a3b4892a5068ee5011732ffcd94742b434497e3f11d7ca86a6d23 found 0x6ab87e71a537053373402d980abd70276b583e303a68e0dd0a46bb41cfc306c8 level 0
[  346.142532][T12039] BTRFS info (device loop3 state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  346.188142][T19227] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5793'.
[  346.453135][T19251] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5805'.
[  346.978466][T19269] loop3: detected capacity change from 0 to 4096
[  346.982338][T19269] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  347.187661][T19277] evm: overlay not supported
[  347.328101][   T33] audit: type=1326 audit(1755565054.603:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19254 comm="syz.1.5807" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7fc00000
[  347.471414][ T5851] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  347.653255][ T5851] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  347.657722][ T5851] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  347.661967][ T5851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.666562][ T5851] usb 4-1: config 0 descriptor??
[  347.747916][T19298] RDS: rds_bind could not find a transport for fe88::3, load rds_tcp or rds_rdma?
[  347.919813][T19306] netlink: 'syz.2.5830': attribute type 83 has an invalid length.
[  348.084004][ T5851] lua 0003:1E7D:2C2E.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:2c2e] on usb-dummy_hcd.3-1/input0
[  348.288017][ T5851] usb 4-1: USB disconnect, device number 27
[  348.517500][T19352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5851'.
[  349.040988][    T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  349.192441][    T9] usb 4-1: Using ep0 maxpacket: 32
[  349.197444][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.202411][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.206553][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  349.210424][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.219274][    T9] usb 4-1: config 0 descriptor??
[  349.228600][    T9] hub 4-1:0.0: USB hub found
[  349.428807][    T9] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  349.632060][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  349.634933][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  349.654978][    T9] usb 4-1: USB disconnect, device number 28
[  350.285475][T19378] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  350.405285][T19386] loop3: detected capacity change from 0 to 1024
[  350.435255][T19386] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  350.439200][T19386] ext4 filesystem being mounted at /810/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  350.449905][   T33] audit: type=1804 audit(1755565057.723:310): pid=19386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.5865" name="/newroot/810/file1/file1" dev="loop3" ino=15 res=1 errno=0
[  350.471285][T12039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.700085][T19395] loop3: detected capacity change from 0 to 32768
[  351.591773][T19410] loop3: detected capacity change from 0 to 64
[  351.651846][T19410] loop3: detected capacity change from 64 to 0
[  351.657510][T19410] syz.3.5872: attempt to access beyond end of device
[  351.657510][T19410] loop3: rw=0, sector=7, nr_sectors = 1 limit=0
[  351.663816][T19410] syz.3.5872: attempt to access beyond end of device
[  351.663816][T19410] loop3: rw=0, sector=8, nr_sectors = 1 limit=0
[  351.671957][T19410] syz.3.5872: attempt to access beyond end of device
[  351.671957][T19410] loop3: rw=0, sector=7, nr_sectors = 1 limit=0
[  351.691415][T12039] syz-executor: attempt to access beyond end of device
[  351.691415][T12039] loop3: rw=0, sector=7, nr_sectors = 1 limit=0
[  351.696936][T12039] syz-executor: attempt to access beyond end of device
[  351.696936][T12039] loop3: rw=0, sector=8, nr_sectors = 1 limit=0
[  351.738232][ T3572] kworker/u9:5: attempt to access beyond end of device
[  351.738232][ T3572] loop3: rw=0, sector=1, nr_sectors = 1 limit=0
[  351.746039][ T3572] BFS-fs: find_inode(): Unable to read inode loop3:00000001
[  351.748777][ T3572] kworker/u9:5: attempt to access beyond end of device
[  351.748777][ T3572] loop3: rw=0, sector=1, nr_sectors = 1 limit=0
[  351.758177][ T3572] BFS-fs: find_inode(): Unable to read inode loop3:00000000
[  351.761510][ T3572] kworker/u9:5: attempt to access beyond end of device
[  351.761510][ T3572] loop3: rw=0, sector=1, nr_sectors = 1 limit=0
[  351.766132][ T3572] BFS-fs: find_inode(): Unable to read inode loop3:00000002
[  352.244562][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  352.253679][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  352.256774][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  352.259615][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  352.263779][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  352.297194][T19438] virt_wifi0 speed is unknown, defaulting to 1000
[  352.302609][T19438] wg1 speed is unknown, defaulting to 1000
[  352.387217][T19438] chnl_net:caif_netlink_parms(): no params data found
[  352.428669][T19446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5890'.
[  352.439466][T19446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5890'.
[  352.453148][T19438] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.455612][T19438] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.458254][T19438] bridge_slave_0: entered allmulticast mode
[  352.464434][T19438] bridge_slave_0: entered promiscuous mode
[  352.468249][T19438] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.470730][T19438] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.473930][T19438] bridge_slave_1: entered allmulticast mode
[  352.476703][T19438] bridge_slave_1: entered promiscuous mode
[  352.499079][T19438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.504324][T19438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.525368][T19438] team0: Port device team_slave_0 added
[  352.528665][T19438] team0: Port device team_slave_1 added
[  352.553468][T19438] batman_adv: batadv0: Adding interface: batadv_slave_0
[  352.555933][T19438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.565313][T19438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  352.569923][T19438] batman_adv: batadv0: Adding interface: batadv_slave_1
[  352.572828][T19438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.582272][T19438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  352.611476][T19438] hsr_slave_0: entered promiscuous mode
[  352.616428][T19438] hsr_slave_1: entered promiscuous mode
[  352.618630][T19438] debugfs: 'hsr0' already exists in 'hsr'
[  352.620528][T19438] Cannot create hsr debugfs directory
[  352.769772][T19438] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  352.776567][T19438] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  352.784955][T19438] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  352.792119][T19438] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  352.829527][T19438] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.832105][T19438] bridge0: port 2(bridge_slave_1) entered forwarding state
[  352.836643][T19438] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.839170][T19438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  352.855343][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.856837][T19480] cifs: Unknown parameter 'IT&:"1:ӭ'4,Zz-#F<]%gC
[  352.856837][T19480] SȘȞZ6'
[  352.862975][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.906809][T19438] 8021q: adding VLAN 0 to HW filter on device bond0
[  352.927401][T19438] 8021q: adding VLAN 0 to HW filter on device team0
[  352.933632][ T3572] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.936005][ T3572] bridge0: port 1(bridge_slave_0) entered forwarding state
[  352.942667][ T3572] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.945013][ T3572] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.075740][T19438] 8021q: adding VLAN 0 to HW filter on device batadv0
[  353.198457][T19438] veth0_vlan: entered promiscuous mode
[  353.204678][T19438] veth1_vlan: entered promiscuous mode
[  353.229613][T19438] veth0_macvtap: entered promiscuous mode
[  353.234889][T19438] veth1_macvtap: entered promiscuous mode
[  353.245933][T19438] batman_adv: batadv0: Interface activated: batadv_slave_0
[  353.256760][T19438] batman_adv: batadv0: Interface activated: batadv_slave_1
[  353.266519][T10676] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  353.269452][T10676] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  353.279976][T10676] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  353.290224][T10676] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  353.380020][ T3559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.384521][ T3559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.390707][ T3559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.396327][ T3559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.398890][   T33] audit: type=1326 audit(1755565060.673:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19510 comm="syz.2.5911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  353.409278][   T33] audit: type=1326 audit(1755565060.673:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19510 comm="syz.2.5911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  353.427384][   T33] audit: type=1326 audit(1755565060.673:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19510 comm="syz.2.5911" exe="/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  353.445583][   T33] audit: type=1326 audit(1755565060.673:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19510 comm="syz.2.5911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  353.491897][T19515] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  353.495143][T19515] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  354.281470][ T5847] Bluetooth: hci1: command tx timeout
[  354.339975][T19533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5919'.
[  354.630905][   T47] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  354.794036][   T47] usb 5-1: Using ep0 maxpacket: 16
[  355.009053][T19557] bridge0: entered allmulticast mode
[  355.012545][T19557] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5929'.
[  355.141964][   T47] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  355.145025][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.147558][T19567] lo: entered allmulticast mode
[  355.147652][   T47] usb 5-1: Product: syz
[  355.150757][   T47] usb 5-1: Manufacturer: syz
[  355.152488][   T47] usb 5-1: SerialNumber: syz
[  355.159168][   T47] r8152-cfgselector 5-1: Unknown version 0x0000
[  355.162485][T19567] dvmrp1: entered allmulticast mode
[  355.163024][   T47] r8152-cfgselector 5-1: config 0 descriptor??
[  355.168688][T19566] lo: left allmulticast mode
[  355.292171][T19577] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5939'.
[  355.570999][ T5854] r8152-cfgselector 5-1: USB disconnect, device number 2
[  355.615702][  T793] wg1 speed is unknown, defaulting to 1000
[  356.227239][T19617] loop4: detected capacity change from 0 to 24
[  356.234279][T19617] romfs: Unknown parameter '000000000000000000000040000000000000000001101777777777777777777777'
[  356.371318][ T5847] Bluetooth: hci1: command tx timeout
[  356.480080][T19622] loop4: detected capacity change from 0 to 32768
[  356.496638][T19622] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5960 (19622)
[  356.528698][T19622] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  356.532541][T19622] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  356.535435][T19622] BTRFS info (device loop4): using free-space-tree
[  356.645294][T19438] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  357.094032][   T33] audit: type=1107 audit(1755565064.373:315): pid=19689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  357.514895][T19723] 8021q: adding VLAN 0 to HW filter on device bond6
[  357.518340][T19723] bond0: (slave bond6): Enslaving as an active interface with a down link
[  357.883582][T19745] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6009'.
[  358.161502][T19776] loop4: detected capacity change from 0 to 4096
[  358.198535][T19782] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  358.290528][T19791] virt_wifi0 speed is unknown, defaulting to 1000
[  358.294524][T19791] wg1 speed is unknown, defaulting to 1000
[  358.441903][ T5847] Bluetooth: hci1: command tx timeout
[  358.462409][T19801] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6034'.
[  358.493562][T19804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6035'.
[  358.496605][T19804] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6035'.
[  358.499957][T19804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6035'.
[  358.505210][T19804] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6035'.
[  358.520187][T19804] netlink: 'syz.2.6035': attribute type 10 has an invalid length.
[  358.619274][T19815] loop4: detected capacity change from 0 to 164
[  358.623619][T19815] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  358.628651][T19815] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  359.081325][ T5854] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  359.183719][T19841] netlink: 'syz.2.6052': attribute type 1 has an invalid length.
[  359.232922][ T5854] usb 5-1: unable to get BOS descriptor or descriptor too short
[  359.237445][ T5854] usb 5-1: not running at top speed; connect to a high speed hub
[  359.243556][ T5854] usb 5-1: config 1 has an invalid interface number: 4 but max is 0
[  359.246261][ T5854] usb 5-1: config 1 has no interface number 0
[  359.248455][ T5854] usb 5-1: config 1 interface 4 has no altsetting 0
[  359.254997][ T5854] usb 5-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=1a.d0
[  359.258219][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.473274][ T5854] usb 5-1: Product: syz
[  359.474760][ T5854] usb 5-1: Manufacturer: syz
[  359.476299][ T5854] usb 5-1: SerialNumber: syz
[  359.693571][ T5854] qmi_wwan 5-1:1.4: probe with driver qmi_wwan failed with error -22
[  359.698230][ T5854] usb 5-1: USB disconnect, device number 3
[  359.813275][T19853] PKCS7: Unknown OID: [5] (bad)
[  359.815005][T19853] PKCS7: Only support pkcs7_signedData type
[  359.837282][T19855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6058'.
[  359.840535][T19855] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6058'.
[  359.843992][T19855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6058'.
[  359.847265][T19855] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6058'.
[  360.548380][ T5847] Bluetooth: hci1: command tx timeout
[  360.582262][T19894] netlink: 'syz.1.6076': attribute type 1 has an invalid length.
[  361.220055][T19940] loop4: detected capacity change from 0 to 512
[  361.234570][T19940] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  361.239511][T19940] EXT4-fs (loop4): orphan cleanup on readonly fs
[  361.245703][T19940] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.6098: Block bitmap for bg 0 marked uninitialized
[  361.254539][T19940] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  361.259668][T19940] EXT4-fs (loop4): 1 orphan inode deleted
[  361.263020][T19940] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  362.099568][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.234282][T19980] veth1_to_bond: entered allmulticast mode
[  362.266084][T19980] bond0: (slave bond_slave_1): Releasing backup interface
[  362.299728][T19982] loop4: detected capacity change from 0 to 8
[  362.332622][T19982] SQUASHFS error: zlib decompression failed, data probably corrupt
[  362.335443][T19982] SQUASHFS error: Failed to read block 0x9b: -5
[  362.338576][T19982] SQUASHFS error: Unable to read metadata cache entry [99]
[  362.343589][T19982] SQUASHFS error: Unable to read inode 0x127
[  362.345134][T19980] veth1_to_bond (unregistering): left allmulticast mode
[  362.372523][T19984] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000007
[  362.396234][T19986] loop4: detected capacity change from 0 to 512
[  362.398920][T19986] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  362.493975][T19992] loop4: detected capacity change from 0 to 512
[  362.499098][T19992] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  362.529590][T19992] EXT4-fs (loop4): 1 truncate cleaned up
[  362.532781][T19992] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  362.605437][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.669807][T20008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  362.748480][T20013] loop4: detected capacity change from 0 to 256
[  362.766959][T20013] exfat: Deprecated parameter 'utf8'
[  362.768787][T20013] exfat: Deprecated parameter 'utf8'
[  362.785744][T20013] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x7bac8b1f, utbl_chksum : 0xe619d30d)
[  363.060357][T20027] loop4: detected capacity change from 0 to 32768
[  363.078763][T20027] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.6137 (20027)
[  363.262596][T20027] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  363.266752][T20027] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  363.270556][T20027] BTRFS info (device loop4): using free-space-tree
[  363.363871][T19438] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  363.506418][T20052] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  363.783917][T20056] loop4: detected capacity change from 0 to 40427
[  363.787080][T20056] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  363.789441][T20056] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  363.802023][T20056] F2FS-fs (loop4): build fault injection rate: 8
[  363.804145][T20056] F2FS-fs (loop4): build fault injection type: 0x3bfe8d
[  363.811277][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  363.817202][T20056] F2FS-fs (loop4): invalid crc value
[  363.819022][T20056] F2FS-fs (loop4): Failed to get valid F2FS checkpoint
[  364.088036][T20076] __nla_validate_parse: 9 callbacks suppressed
[  364.088090][T20076] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6147'.
[  365.522411][T20092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6156'.
[  365.684958][T20096] netlink: 'syz.1.6158': attribute type 3 has an invalid length.
[  366.059228][   T47] IPVS: starting estimator thread 0...
[  366.094211][T20105] 9pnet_fd: Insufficient options for proto=fd
[  366.151592][T20103] IPVS: using max 78 ests per chain, 187200 per kthread
[  366.157946][T20109] netlink: 'syz.2.6163': attribute type 46 has an invalid length.
[  366.160659][T20109] netlink: 55 bytes leftover after parsing attributes in process `syz.2.6163'.
[  366.206949][T20113] netlink: 'syz.2.6165': attribute type 1 has an invalid length.
[  366.681630][T20148] loop4: detected capacity change from 0 to 128
[  366.712219][T20148] ERROR: Domain '<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /usr/sbin/sshd /usr/sbin/sshd /bin/sh /syz-executor /syz-executor /newroot/75/file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  367.059787][T20163] loop4: detected capacity change from 0 to 32768
[  367.104032][T20163] (syz.4.6190,20163,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #66: rec_len is too small for name_len - offset=132, inode=71, rec_len=16, name_len=13
[  367.114532][T20163] (syz.4.6190,20163,1):ocfs2_init_global_system_inodes:465 ERROR: status = -22
[  367.117676][T20163] (syz.4.6190,20163,1):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs?
[  367.117693][T20163] (syz.4.6190,20163,1):ocfs2_init_global_system_inodes:476 ERROR: status = -22
[  367.125935][T20163] (syz.4.6190,20163,1):ocfs2_initialize_super:2198 ERROR: status = -22
[  367.129161][T20163] (syz.4.6190,20163,1):ocfs2_fill_super:1177 ERROR: status = -22
[  367.233965][T20169] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[  367.561144][ T5851] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  367.697643][   T33] audit: type=1326 audit(1755565074.973:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.731583][   T33] audit: type=1326 audit(1755565074.973:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.744531][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  367.749105][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  367.754049][ T5851] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  367.757848][   T33] audit: type=1326 audit(1755565074.973:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.767573][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.771494][   T33] audit: type=1326 audit(1755565074.973:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.779138][ T5851] usb 5-1: config 0 descriptor??
[  367.794952][   T33] audit: type=1326 audit(1755565074.973:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.811207][   T33] audit: type=1326 audit(1755565074.973:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.819155][   T33] audit: type=1326 audit(1755565074.973:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.833992][   T33] audit: type=1326 audit(1755565074.973:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.846118][   T33] audit: type=1326 audit(1755565074.973:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  367.854312][   T33] audit: type=1326 audit(1755565074.973:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20153 comm="syz.2.6186" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7fc00000
[  368.098982][T20193] batman_adv: batadv0: Adding interface: dummy0
[  368.104157][T20193] batman_adv: batadv0: Interface activated: dummy0
[  368.138422][T20193] batadv0: mtu less than device minimum
[  368.141389][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.145602][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.149460][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.153430][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.157255][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.161201][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.165027][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.168970][T20193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  368.202868][ T5851] pyra 0003:1E7D:2CF6.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  368.824122][T20233] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609)
[  368.827524][T20233] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[  369.209560][ T5851] pyra 0003:1E7D:2CF6.0011: couldn't init struct pyra_device
[  369.216617][ T5851] pyra 0003:1E7D:2CF6.0011: couldn't install mouse
[  369.224669][ T5851] pyra 0003:1E7D:2CF6.0011: probe with driver pyra failed with error -71
[  369.231341][ T5851] usb 5-1: USB disconnect, device number 4
[  369.400147][T20243] netlink: 84 bytes leftover after parsing attributes in process `syz.2.6225'.
[  369.689347][T20274] netlink: 51 bytes leftover after parsing attributes in process `syz.1.6238'.
[  369.986458][T20288] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6244'.
[  369.998662][T20288] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  370.396355][T20313] loop4: detected capacity change from 0 to 256
[  370.406656][T20313] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  370.480064][T20322] overlayfs: failed to clone upperpath
[  370.710662][T20343] netlink: 424 bytes leftover after parsing attributes in process `syz.1.6270'.
[  370.715460][T20343] netlink: 'syz.1.6270': attribute type 1 has an invalid length.
[  371.873335][T20388] netlink: 'syz.4.6286': attribute type 2 has an invalid length.
[  372.317014][T20406] netlink: 'syz.4.6294': attribute type 5 has an invalid length.
[  372.344466][T20409] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  373.457451][T20450] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode broadcast(3)
[  373.584450][T20466] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6321'.
[  373.588018][T20466] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6321'.
[  373.627984][T20471] netlink: 'syz.2.6323': attribute type 12 has an invalid length.
[  373.896669][T20489] netlink: 'syz.1.6332': attribute type 64 has an invalid length.
[  374.118837][T20497] loop4: detected capacity change from 0 to 32768
[  374.137440][T20497] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.6336 (20497)
[  374.155193][T20497] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  374.158557][T20497] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  374.162393][T20497] BTRFS info (device loop4): disk space caching is enabled
[  374.164950][T20497] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  374.271344][T20497] BTRFS info (device loop4): rebuilding free space tree
[  374.292035][T20497] BTRFS info (device loop4): disabling free space tree
[  374.294563][T20497] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  374.297752][T20497] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  374.351194][T20497] BTRFS info (device loop4): balance: start -f
[  374.354442][T20497] BTRFS info (device loop4): balance: ended with status: 0
[  374.378990][T19438] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  374.574914][T20535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6346'.
[  374.654901][T20546] syz.4.6351 uses old SIOCAX25GETINFO
[  374.990683][T20567] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6360'.
[  374.997414][T20567] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6360'.
[  375.169676][T20556] loop4: detected capacity change from 0 to 131072
[  375.173167][T20556] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name
[  375.208033][T20556] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  375.211470][T20556] F2FS-fs (loop4): Mounted with checkpoint version = 1b41e955
[  375.405577][T20576] xt_socket: unknown flags 0xd0
[  375.678753][T20588] loop4: detected capacity change from 0 to 2048
[  375.723313][T14992] GPT:first_usable_lbas don't match.
[  375.725123][T14992] GPT:34 != 290
[  375.726310][T14992] GPT: Use GNU Parted to correct GPT errors.
[  375.728374][T14992]  loop4: p1 p2 p3
[  375.817199][T20588] GPT:first_usable_lbas don't match.
[  375.819064][T20588] GPT:34 != 290
[  375.820278][T20588] GPT: Use GNU Parted to correct GPT errors.
[  375.822703][T20588]  loop4: p1 p2 p3
[  376.093955][T15587] udevd[15587]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  376.094601][T16114] udevd[16114]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  376.103409][T14992] udevd[14992]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  376.113645][T14992] udevd[14992]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  376.137378][T14992] udevd[14992]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  376.137825][T15587] udevd[15587]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  376.329536][T20612] loop4: detected capacity change from 0 to 256
[  376.350612][T20612] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  377.141648][T20638] loop4: detected capacity change from 0 to 256
[  377.155652][T20638] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  377.159043][T20638] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  377.166041][T20638] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  377.306067][T20646] loop4: detected capacity change from 0 to 1024
[  377.349841][  T797] hfsplus: b-tree write err: -5, ino 4
[  377.462562][T20652] loop4: detected capacity change from 0 to 2048
[  377.469078][T20652] EXT4-fs (loop4): bad geometry: first data block 0 is beyond end of filesystem (0)
[  377.534899][T20654] netlink: 'syz.4.6401': attribute type 2 has an invalid length.
[  377.841151][ T5854] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  377.949480][T20687] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6416'.
[  377.965689][T20687] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6416'.
[  377.990911][ T5854] usb 5-1: Using ep0 maxpacket: 32
[  377.995232][ T5854] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  377.998269][ T5854] usb 5-1: New USB device strings: Mfr=115, Product=0, SerialNumber=0
[  378.010905][ T5854] usb 5-1: Manufacturer: syz
[  378.021520][ T5854] usb 5-1: config 0 descriptor??
[  378.123879][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  378.126101][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  378.236009][ T5854] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  378.245414][ T5854] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  378.249211][ T5854] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  378.254638][ T5854] usb 5-1: media controller created
[  378.277543][ T5854] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  378.438572][ T5854] az6027: usb out operation failed. (-71)
[  378.450348][ T5854] az6027: usb out operation failed. (-71)
[  378.452660][ T5854] stb0899_attach: Driver disabled by Kconfig
[  378.454965][ T5854] az6027: no front-end attached
[  378.454965][ T5854] 
[  378.457726][ T5854] az6027: usb out operation failed. (-71)
[  378.459734][ T5854] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  378.465070][ T5854] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input17
[  378.470370][ T5854] dvb-usb: schedule remote query interval to 400 msecs.
[  378.474215][ T5854] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  378.478888][ T5854] usb 5-1: USB disconnect, device number 5
[  379.328306][T20710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6425'.
[  379.333837][T20710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6425'.
[  379.345896][ T5854] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  379.374063][T20713] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6426'.
[  380.487978][T20770] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6453'.
[  380.801924][ T5851] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  380.972723][ T5851] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  380.976609][ T5851] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  380.980196][ T5851] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  380.984035][ T5851] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  380.987036][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.991699][T20782] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  381.256828][T20808] netlink: 'syz.2.6467': attribute type 9 has an invalid length.
[  381.259469][T20808] netlink: 147436 bytes leftover after parsing attributes in process `syz.2.6467'.
[  382.016496][ T5851] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  382.020194][ T5851] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input18
[  382.054909][ T5851] usb 5-1: USB disconnect, device number 6
[  382.057030][    C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  382.070022][T20824] sctp: [Deprecated]: syz.1.6473 (pid 20824) Use of int in maxseg socket option.
[  382.070022][T20824] Use struct sctp_assoc_value instead
[  382.591321][T20875] loop4: detected capacity change from 0 to 512
[  382.595479][T20875] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  382.623820][T20875] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  382.628361][T20875] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  382.656488][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.934600][T20897] netlink: 'syz.4.6506': attribute type 10 has an invalid length.
[  382.937396][T20897] netlink: 55 bytes leftover after parsing attributes in process `syz.4.6506'.
[  383.468401][T20945] 9pnet_fd: Insufficient options for proto=fd
[  383.519073][T20949] netlink: 'syz.2.6531': attribute type 11 has an invalid length.
[  383.557888][T20951] netlink: 'syz.2.6532': attribute type 21 has an invalid length.
[  383.560663][T20951] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6532'.
[  383.682975][ T5854] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  383.832830][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  383.835920][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  383.843795][ T5854] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  383.846641][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.849255][ T5854] usb 5-1: Product: syz
[  383.850662][ T5854] usb 5-1: Manufacturer: syz
[  383.860826][ T5854] usb 5-1: SerialNumber: syz
[  383.871568][ T5854] usb 5-1: config 0 descriptor??
[  383.875435][ T5854] iguanair 5-1:0.0: probe with driver iguanair failed with error -12
[  384.078176][   T47] usb 5-1: USB disconnect, device number 7
[  384.950878][ T5854] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  385.101053][ T5854] usb 5-1: Using ep0 maxpacket: 8
[  385.106019][ T5854] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  385.109618][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  385.113243][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  385.116554][ T5854] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  385.119796][ T5854] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[  385.136443][ T5854] usb 5-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8
[  385.140011][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.146448][ T5854] usb 5-1: Product: syz
[  385.148229][ T5854] usb 5-1: Manufacturer: syz
[  385.149814][ T5854] usb 5-1: SerialNumber: syz
[  385.153181][ T5854] usb 5-1: config 0 descriptor??
[  385.159095][ T5854] redrat3 5-1:0.0: Couldn't find all endpoints
[  385.407551][ T5851] usb 5-1: USB disconnect, device number 8
[  385.999866][T21008] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6556'.
[  386.094036][T21021] loop4: detected capacity change from 0 to 1024
[  386.205519][T21028] loop4: detected capacity change from 0 to 2048
[  386.234060][T21028] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  386.238284][T21028] ext4 filesystem being mounted at /206/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  386.254362][T21028] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6566: bg 0: block 345: padding at end of block bitmap is not set
[  386.287583][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.991080][T21056] overlayfs: failed to clone upperpath
[  387.052888][ T5847] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  387.472510][T21069] loop4: detected capacity change from 0 to 512
[  387.617775][T21069] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  387.702760][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.764220][T21077] loop4: detected capacity change from 0 to 1024
[  387.778536][ T3559] hfsplus: b-tree write err: -5, ino 4
[  387.784317][   T33] kauditd_printk_skb: 5 callbacks suppressed
[  387.784326][   T33] audit: type=1800 audit(1755565095.063:331): pid=21077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6584" name="file1" dev="loop4" ino=20 res=0 errno=0
[  388.433893][T21122] lo speed is unknown, defaulting to 1000
[  388.438598][T21122] lo speed is unknown, defaulting to 1000
[  388.446602][T21122] lo speed is unknown, defaulting to 1000
[  388.557218][T21137] netlink: 892 bytes leftover after parsing attributes in process `syz.1.6611'.
[  388.585211][T21122] infiniband sz1: set active
[  388.586951][T21122] infiniband sz1: added lo
[  388.649812][T21122] RDS/IB: sz1: added
[  388.653823][T21122] smc: adding ib device sz1 with port count 1
[  388.655959][T21122] smc:    ib device sz1 port 1 has pnetid 
[  388.658134][  T793] lo speed is unknown, defaulting to 1000
[  388.661933][T21122] lo speed is unknown, defaulting to 1000
[  388.667414][   T47] lo speed is unknown, defaulting to 1000
[  388.962989][T21122] lo speed is unknown, defaulting to 1000
[  389.068668][T21122] lo speed is unknown, defaulting to 1000
[  389.164333][T21122] lo speed is unknown, defaulting to 1000
[  389.986556][T21184] net_ratelimit: 15 callbacks suppressed
[  389.986571][T21184] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  390.045621][T21188] netlink: 'syz.2.6636': attribute type 3 has an invalid length.
[  390.521459][ T5851] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  390.683336][ T5851] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.687157][ T5851] usb 5-1: config 0 interface 0 has no altsetting 0
[  390.689520][ T5851] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  390.694238][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.705424][ T5851] usb 5-1: config 0 descriptor??
[  390.768468][T21235] tmpfs: Group quota block hardlimit too large.
[  391.186981][ T5851] input: HID 054c:03d5 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:054C:03D5.0012/input/input20
[  391.217400][ T5851] sony 0003:054C:03D5.0012: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.4-1/input0
[  391.262280][T21245] netlink: 'syz.1.6662': attribute type 11 has an invalid length.
[  391.351739][ T5854] usb 5-1: USB disconnect, device number 9
[  391.717546][T21255] netlink: 'syz.2.6667': attribute type 1 has an invalid length.
[  392.320864][ T5854] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  392.471090][ T5854] usb 5-1: Using ep0 maxpacket: 16
[  392.491038][ T5854] usb 5-1: unable to get BOS descriptor or descriptor too short
[  392.496482][ T5854] usb 5-1: unable to read config index 0 descriptor/start: -71
[  392.502136][ T5854] usb 5-1: can't read configurations, error -71
[  392.515284][T21285] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6681'.
[  392.521888][T21286] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0
[  392.576466][T21290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6683'.
[  392.825832][T21304] netlink: 'syz.2.6690': attribute type 16 has an invalid length.
[  392.828455][T21304] netlink: 'syz.2.6690': attribute type 17 has an invalid length.
[  392.859576][T21304] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  393.791011][ T5854] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  393.953361][ T5854] usb 5-1: config 8 has an invalid interface number: 177 but max is 0
[  393.959734][ T5854] usb 5-1: config 8 has no interface number 0
[  393.964617][ T5854] usb 5-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  393.968376][ T5854] usb 5-1: config 8 interface 177 has no altsetting 0
[  393.970855][ T5854] usb 5-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  393.973991][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.979632][T21325] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  394.060359][   T33] audit: type=1326 audit(1755565101.333:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.2.6714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  394.068184][   T33] audit: type=1326 audit(1755565101.333:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.2.6714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  394.075730][   T33] audit: type=1326 audit(1755565101.333:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.2.6714" exe="/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  394.085239][   T33] audit: type=1326 audit(1755565101.333:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.2.6714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x7ffc0000
[  394.190157][ T5854] usb 5-1: string descriptor 0 read error: -71
[  394.198339][    C0] ir_toy 5-1:8.177: out urb status: -71
[  394.278294][T21375] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  394.287502][T21375] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  394.426461][T21380] netlink: 'syz.1.6724': attribute type 5 has an invalid length.
[  394.520324][T21387] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6727'.
[  394.702926][ T5854] ir_toy 5-1:8.177: could not write reset command: -110
[  394.705878][ T5854] ir_toy 5-1:8.177: probe with driver ir_toy failed with error -110
[  394.722367][ T5854] usb 5-1: USB disconnect, device number 11
[  394.733063][T21402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6734'.
[  394.740235][T21402] erspan0: entered promiscuous mode
[  394.744373][T21402] macvtap1: entered promiscuous mode
[  394.746370][T21402] macvtap1: entered allmulticast mode
[  394.748242][T21402] erspan0: entered allmulticast mode
[  394.755301][T21402] erspan0: left allmulticast mode
[  394.757114][T21402] erspan0: left promiscuous mode
[  394.791629][T21404] netlink: 'syz.4.6735': attribute type 11 has an invalid length.
[  394.988237][T21412] loop4: detected capacity change from 0 to 512
[  394.996734][T21412] EXT4-fs (loop4): blocks per group (255) and clusters per group (8192) inconsistent
[  395.134164][T21412] loop4: detected capacity change from 0 to 40427
[  395.137905][T21412] F2FS-fs (loop4): Image doesn't support compression
[  395.140199][T21412] F2FS-fs (loop4): build fault injection rate: 690
[  395.142465][T21412] F2FS-fs (loop4): build fault injection type: 0x4
[  395.145790][T21412] F2FS-fs (loop4): invalid crc value
[  395.188414][T21412] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  395.200817][T21412] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  395.208166][T21418] netlink: 'syz.2.6741': attribute type 12 has an invalid length.
[  395.225360][   T33] audit: type=1800 audit(1755565102.503:336): pid=21412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6739" name="bus" dev="loop4" ino=10 res=0 errno=0
[  395.249460][T19438] syz-executor: attempt to access beyond end of device
[  395.249460][T19438] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  395.255869][T19438] CPU: 0 UID: 0 PID: 19438 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  395.255881][T19438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  395.255885][T19438] Call Trace:
[  395.255889][T19438]  <TASK>
[  395.255892][T19438]  dump_stack_lvl+0x189/0x250
[  395.255908][T19438]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.255917][T19438]  ? __pfx_queue_work_on+0x10/0x10
[  395.255925][T19438]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  395.255934][T19438]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  395.255947][T19438]  f2fs_handle_critical_error+0x37c/0x540
[  395.255960][T19438]  f2fs_write_end_io+0x886/0xb60
[  395.255979][T19438]  __submit_merged_bio+0x27a/0x6a0
[  395.255990][T19438]  __submit_merged_write_cond+0x255/0x530
[  395.256002][T19438]  f2fs_write_data_pages+0x261d/0x3000
[  395.256027][T19438]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  395.256055][T19438]  ? __mod_zone_page_state+0xd7/0x140
[  395.256070][T19438]  ? folios_put_refs+0x560/0x640
[  395.256084][T19438]  ? __lock_acquire+0xab9/0xd20
[  395.256098][T19438]  ? do_raw_spin_lock+0x121/0x290
[  395.256111][T19438]  ? do_raw_spin_unlock+0x4d/0x240
[  395.256120][T19438]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  395.256129][T19438]  do_writepages+0x32e/0x550
[  395.256143][T19438]  ? do_raw_spin_unlock+0x4d/0x240
[  395.256153][T19438]  filemap_fdatawrite+0x199/0x240
[  395.256163][T19438]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  395.256194][T19438]  ? do_raw_spin_unlock+0x4d/0x240
[  395.256203][T19438]  f2fs_sync_dirty_inodes+0x31f/0x830
[  395.256220][T19438]  f2fs_write_checkpoint+0x95a/0x1df0
[  395.256240][T19438]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  395.256269][T19438]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  395.256277][T19438]  ? kfree+0x196/0x450
[  395.256287][T19438]  ? kill_f2fs_super+0x298/0x6c0
[  395.256299][T19438]  kill_f2fs_super+0x2c3/0x6c0
[  395.256311][T19438]  ? __pfx_kill_f2fs_super+0x10/0x10
[  395.256319][T19438]  ? radix_tree_delete_item+0x2b6/0x400
[  395.256331][T19438]  ? shrinker_free+0x2ce/0x3e0
[  395.256340][T19438]  deactivate_locked_super+0xbc/0x130
[  395.256350][T19438]  cleanup_mnt+0x425/0x4c0
[  395.256359][T19438]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.256369][T19438]  task_work_run+0x1d4/0x260
[  395.256380][T19438]  ? __pfx_task_work_run+0x10/0x10
[  395.256387][T19438]  ? __x64_sys_umount+0x122/0x160
[  395.256398][T19438]  ? exit_to_user_mode_loop+0x40/0x110
[  395.256410][T19438]  exit_to_user_mode_loop+0xec/0x110
[  395.256420][T19438]  do_syscall_64+0x2bd/0x3b0
[  395.256427][T19438]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.256435][T19438]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.256441][T19438]  ? exc_page_fault+0x9f/0xf0
[  395.256450][T19438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.256457][T19438] RIP: 0033:0x7f5cf278ff17
[  395.256465][T19438] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  395.256471][T19438] RSP: 002b:00007fff4ebd0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  395.256480][T19438] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5cf278ff17
[  395.256485][T19438] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4ebd00f0
[  395.256489][T19438] RBP: 00007fff4ebd00f0 R08: 0000000000000000 R09: 0000000000000000
[  395.256493][T19438] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff4ebd1180
[  395.256497][T19438] R13: 00007f5cf2811c05 R14: 0000000000060793 R15: 00007fff4ebd11c0
[  395.256510][T19438]  </TASK>
[  395.256513][T19438] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  395.566708][T21442] netlink: 'syz.4.6743': attribute type 2 has an invalid length.
[  395.572508][T21442] netlink: 'syz.4.6743': attribute type 1 has an invalid length.
[  395.593673][T21444] netlink: 'syz.1.6754': attribute type 30 has an invalid length.
[  395.596317][T21444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6754'.
[  395.599843][T21444] (unnamed net_device) (uninitialized): option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4)
[  395.632380][T21448] netlink: 'syz.1.6756': attribute type 4 has an invalid length.
[  395.645720][T21448] netlink: 'syz.1.6756': attribute type 4 has an invalid length.
[  395.720109][T21446] loop4: detected capacity change from 0 to 32768
[  395.728805][T21446] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section ext: field too small (8 < 88)
[  395.728805][T21446] ext (size 8):
[  395.728805][T21446] Recovery passes required:      
[  395.728805][T21446] Errors to silently fix:        
[  395.728805][T21446] Btrees with missing data:      
[  395.728805][T21446] 
[  395.739107][T21446] bcachefs: bch2_fs_get_tree() error: invalid_sb_ext
[  396.051056][   T47] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  396.162926][T21490] geneve1: entered promiscuous mode
[  396.165406][T21490] macsec1: entered promiscuous mode
[  396.167289][T21490] macsec1: entered allmulticast mode
[  396.169037][T21490] geneve1: entered allmulticast mode
[  396.173759][T21490] geneve1: left allmulticast mode
[  396.175717][T21490] geneve1: left promiscuous mode
[  396.203622][   T47] usb 5-1: config 0 has an invalid interface number: 71 but max is 0
[  396.206316][   T47] usb 5-1: config 0 has no interface number 0
[  396.208560][   T47] usb 5-1: config 0 interface 71 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 1024
[  396.212590][   T47] usb 5-1: config 0 interface 71 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1023
[  396.217632][   T47] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0012, bcdDevice=cc.c0
[  396.220669][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.224370][   T47] usb 5-1: Product: syz
[  396.225789][   T47] usb 5-1: Manufacturer: syz
[  396.227287][   T47] usb 5-1: SerialNumber: syz
[  396.230612][   T47] usb 5-1: config 0 descriptor??
[  396.235006][T21456] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  396.238051][T21456] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  396.243784][   T47] kvaser_usb 5-1:0.71: error -ENODEV: Cannot get usb endpoint(s)
[  396.454618][T21456] loop4: detected capacity change from 0 to 1024
[  396.491376][T21456] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  396.523181][T21456] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  396.600850][T21510] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  396.665772][   T33] audit: type=1326 audit(1755565103.943:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21515 comm="syz.1.6787" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  396.683510][   T33] audit: type=1326 audit(1755565103.953:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21515 comm="syz.1.6787" exe="/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  396.704037][   T33] audit: type=1326 audit(1755565103.953:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21515 comm="syz.1.6787" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  396.731074][   T33] audit: type=1326 audit(1755565103.953:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21515 comm="syz.1.6787" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  396.738246][   T33] audit: type=1326 audit(1755565103.953:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21515 comm="syz.1.6787" exe="/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  396.779062][T21523] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  397.043018][T21532] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6794'.
[  397.344266][ T5851] usb 5-1: USB disconnect, device number 12
[  397.897366][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.540571][T21576] loop4: detected capacity change from 0 to 256
[  398.549996][T21576] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  398.559132][T21576] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[  398.570984][T21576] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  398.573715][T21576] UDF-fs: Scanning with blocksize 512 failed
[  398.578486][T21576] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  398.604659][T21576] UDF-fs: warning (device loop4): udf_fill_super: No fileset found
[  398.870101][T21585] loop4: detected capacity change from 0 to 32768
[  398.874794][T21585] XFS: noikeep mount option is deprecated.
[  398.894878][T21585] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  398.946656][T21585] XFS (loop4): Ending clean mount
[  399.049208][T19438] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  399.077405][T21598] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6821'.
[  399.105398][T21600] netlink: 76 bytes leftover after parsing attributes in process `syz.2.6822'.
[  399.108470][T21600] nbd: must specify at least one socket
[  399.226653][T21611] Invalid source name
[  399.228245][T21611] UBIFS error (pid: 21611): cannot open "./file0", error -22
[  399.511114][  T793] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  399.670985][  T793] usb 5-1: Using ep0 maxpacket: 8
[  399.675602][  T793] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.679904][  T793] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  399.687362][  T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  399.692049][  T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  399.696191][  T793] usb 5-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=9b.f7
[  399.700019][  T793] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.705488][  T793] usb 5-1: config 0 descriptor??
[  399.717298][  T793] metro_usb 5-1:0.0: Metrologic USB to Serial converter detected
[  399.723749][  T793] usb 5-1: Metrologic USB to Serial converter now attached to ttyUSB0
[  399.827150][T21621] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6830'.
[  399.830123][T21621] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  399.917520][  T793] usb 5-1: USB disconnect, device number 13
[  399.921967][  T793] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0
[  399.926228][  T793] metro_usb 5-1:0.0: device disconnected
[  400.654914][T21651] loop4: detected capacity change from 0 to 128
[  401.034863][T21686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6861'.
[  401.086746][T21690] loop4: detected capacity change from 0 to 1024
[  401.127486][T21690] hfsplus: bad catalog entry type
[  401.150537][ T1181] hfsplus: b-tree write err: -5, ino 4
[  401.164970][T21696] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095
[  401.471081][   T33] kauditd_printk_skb: 2 callbacks suppressed
[  401.471093][   T33] audit: type=1800 audit(1755565108.743:344): pid=21717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.6876" name="nullb0" dev="tmpfs" ino=10424 res=0 errno=0
[  401.523163][T21722] overlayfs: failed to clone upperpath
[  401.632602][T21733] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6884'.
[  401.719633][T21745] unknown channel width for channel at 909000KHz?
[  401.811508][  T793] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  401.830183][T21757] netlink: 388 bytes leftover after parsing attributes in process `syz.1.6896'.
[  401.962296][  T793] usb 5-1: Using ep0 maxpacket: 8
[  401.968050][  T793] usb 5-1: config 0 has an invalid interface number: 38 but max is 0
[  401.970710][  T793] usb 5-1: config 0 has no interface number 0
[  401.978705][  T793] usb 5-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=7e.a5
[  401.983272][  T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.985927][  T793] usb 5-1: Product: syz
[  401.997877][  T793] usb 5-1: Manufacturer: syz
[  401.999400][  T793] usb 5-1: SerialNumber: syz
[  402.004571][  T793] usb 5-1: config 0 descriptor??
[  402.008122][  T793] gspca_main: pac7311-2.14.0 probing 093a:2601
[  402.218048][  T793] gspca_pac7311: reg_w() failed index 0xff, value 0x01, error -71
[  402.224560][  T793] pac7311 5-1:0.38: probe with driver pac7311 failed with error -71
[  402.233281][  T793] usb 5-1: USB disconnect, device number 14
[  402.342428][T21793] netlink: 'syz.2.6914': attribute type 11 has an invalid length.
[  402.878570][T21813] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.6924'.
[  403.396747][T21836] PKCS7: Unknown OID: [4] 0.0
[  403.398589][T21836] PKCS7: Only support pkcs7_signedData type
[  403.585514][T21840] PKCS8: Unsupported PKCS#8 version
[  404.214388][T21860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6945'.
[  404.729989][T21876] overlayfs: failed to clone upperpath
[  405.379529][T21911] loop4: detected capacity change from 0 to 512
[  405.389077][T21911] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  405.392948][T21911] EXT4-fs (loop4): mount failed
[  405.613257][T21928] netlink: 'syz.1.6977': attribute type 74 has an invalid length.
[  405.651482][  T793] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  406.012144][  T793] usb 5-1: Using ep0 maxpacket: 32
[  406.020288][  T793] usb 5-1: unable to get BOS descriptor or descriptor too short
[  406.024597][  T793] usb 5-1: config 4 has an invalid interface number: 10 but max is 0
[  406.027342][  T793] usb 5-1: config 4 has no interface number 0
[  406.029465][  T793] usb 5-1: config 4 interface 10 has no altsetting 0
[  406.034530][  T793] usb 5-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=b6.15
[  406.037609][  T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.040438][  T793] usb 5-1: Product: syz
[  406.042437][  T793] usb 5-1: Manufacturer: syz
[  406.044042][  T793] usb 5-1: SerialNumber: syz
[  406.259347][  T793] radio-si470x 5-1:4.10: could not find interrupt in endpoint
[  406.262691][  T793] radio-si470x 5-1:4.10: probe with driver radio-si470x failed with error -5
[  406.265975][  T793] usbhid 5-1:4.10: couldn't find an input interrupt endpoint
[  406.270438][  T793] usb 5-1: USB disconnect, device number 15
[  407.031007][  T793] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  407.183931][  T793] usb 5-1: config 0 has an invalid interface number: 139 but max is 0
[  407.186821][  T793] usb 5-1: config 0 has no interface number 0
[  407.188994][  T793] usb 5-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  407.193451][  T793] usb 5-1: config 0 interface 139 altsetting 0 has an invalid endpoint descriptor of length 2, skipping
[  407.197131][  T793] usb 5-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  407.205827][  T793] usb 5-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6
[  407.208805][  T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.211984][  T793] usb 5-1: Product: syz
[  407.213428][  T793] usb 5-1: Manufacturer: syz
[  407.215066][  T793] usb 5-1: SerialNumber: syz
[  407.218053][  T793] usb 5-1: config 0 descriptor??
[  407.220309][T21946] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  407.485027][T21946] loop4: detected capacity change from 0 to 8192
[  407.514238][T15587]  loop4: p1 p4
[  407.515562][T15587] loop4: partition table partially beyond EOD, truncated
[  407.518094][T15587] loop4: p1 start 524288 is beyond EOD, truncated
[  407.521977][T15587] loop4: p4 start 16777216 is beyond EOD, truncated
[  407.528685][T21946]  loop4: p1 p4
[  407.529973][T21946] loop4: partition table partially beyond EOD, truncated
[  407.541081][T21946] loop4: p1 start 524288 is beyond EOD, truncated
[  407.543333][T21946] loop4: p4 start 16777216 is beyond EOD, truncated
[  407.552914][  T793] mct_u232 5-1:0.139: MCT U232 converter detected
[  407.559237][  T793] mct_u232 ttyUSB0: expected endpoint missing
[  407.566428][  T793] usb 5-1: USB disconnect, device number 16
[  407.569996][  T793] mct_u232 5-1:0.139: device disconnected
[  407.844519][T22004] netlink: 44 bytes leftover after parsing attributes in process `syz.2.7013'.
[  407.850489][T22004] netlink: 'syz.2.7013': attribute type 6 has an invalid length.
[  407.855078][T22004] netlink: 'syz.2.7013': attribute type 5 has an invalid length.
[  407.857767][T22004] netlink: 'syz.2.7013': attribute type 4 has an invalid length.
[  408.308163][T22031] loop4: detected capacity change from 0 to 64
[  408.581308][ T5851] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  408.912354][ T5851] usb 5-1: config 0 has an invalid interface number: 242 but max is 0
[  408.915196][ T5851] usb 5-1: config 0 has no interface number 0
[  408.917265][ T5851] usb 5-1: config 0 interface 242 has no altsetting 0
[  408.923498][ T5851] usb 5-1: New USB device found, idVendor=2c7c, idProduct=0125, bcdDevice=51.ba
[  408.926663][ T5851] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.929243][ T5851] usb 5-1: Product: syz
[  408.930643][ T5851] usb 5-1: Manufacturer: syz
[  408.932546][ T5851] usb 5-1: SerialNumber: syz
[  408.936177][ T5851] usb 5-1: config 0 descriptor??
[  409.146586][ T5851] qmi_wwan 5-1:0.242: bogus CDC Union: master=0, slave=1
[  409.150026][ T5851] qmi_wwan 5-1:0.242: probe with driver qmi_wwan failed with error -22
[  409.155110][ T5851] usb 5-1: USB disconnect, device number 17
[  409.693763][T22053] bridge3: entered allmulticast mode
[  409.757925][T22059] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7039'.
[  411.105494][T22080] loop4: detected capacity change from 0 to 4096
[  411.108815][T22080] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  411.127211][T22080] ntfs3(loop4): Failed to load $Extend (-22).
[  411.129435][T22080] ntfs3(loop4): Failed to initialize $Extend.
[  411.730257][T22097] loop4: detected capacity change from 0 to 1024
[  411.778904][T22097] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  411.847968][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.010573][T22118] vlan0: entered promiscuous mode
[  412.048642][T22122] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7065'.
[  412.172438][T22132] delete_channel: no stack
[  412.558889][T22151] loop4: detected capacity change from 0 to 4096
[  412.562705][T22151] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  412.565857][T22151] NILFS (loop4): mounting unchecked fs
[  412.567844][T22151] NILFS (loop4): recovery required for readonly filesystem
[  412.570254][T22151] NILFS (loop4): write access will be enabled during recovery
[  412.588578][T22151] NILFS (loop4): invalid segment: Inconsistency found
[  412.591443][T22151] NILFS (loop4): unable to fall back to spare super block
[  412.594561][T22151] NILFS (loop4): error -22 while searching super root
[  412.843888][T22165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7085'.
[  412.848415][T22165] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7085'.
[  413.080911][ T5851] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  413.234127][ T5851] usb 5-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[  413.238482][ T5851] usb 5-1: config 16 interface 0 has no altsetting 0
[  413.240693][ T5851] usb 5-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[  413.246152][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.456904][ T5851] usb 5-1: string descriptor 0 read error: -71
[  413.467720][ T5851] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  413.470664][ T5851] imon 5-1:16.0: unable to initialize intf0, err -19
[  413.476383][ T5851] imon:imon_probe: failed to initialize context!
[  413.478782][ T5851] imon 5-1:16.0: unable to register, err -19
[  413.490346][ T5851] usb 5-1: USB disconnect, device number 18
[  414.108960][T22218] sctp: [Deprecated]: syz.1.7112 (pid 22218) Use of struct sctp_assoc_value in delayed_ack socket option.
[  414.108960][T22218] Use struct sctp_sack_info instead
[  414.337222][T22224] virt_wifi0 speed is unknown, defaulting to 1000
[  414.343298][T22224] wg1 speed is unknown, defaulting to 1000
[  414.347285][T22224] lo speed is unknown, defaulting to 1000
[  414.544120][   T33] audit: type=1326 audit(1755565121.753:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22223 comm="syz.2.7114" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f95de98ebe9 code=0x0
[  414.851013][ T5851] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  415.002549][ T5851] usb 5-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[  415.005665][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.010189][ T5851] usb 5-1: config 0 descriptor??
[  415.486752][ T5851] nti 0003:0757:0A00.0013: unknown main item tag 0x0
[  415.490181][ T5851] nti 0003:0757:0A00.0013: unknown main item tag 0x0
[  415.492674][ T5851] nti 0003:0757:0A00.0013: unknown main item tag 0x0
[  415.494942][ T5851] nti 0003:0757:0A00.0013: unknown main item tag 0x0
[  415.497194][ T5851] nti 0003:0757:0A00.0013: unknown main item tag 0x0
[  415.501218][ T5851] nti 0003:0757:0A00.0013: hidraw0: USB HID v0.00 Device [HID 0757:0a00] on usb-dummy_hcd.4-1/input0
[  415.747253][ T5851] usb 5-1: USB disconnect, device number 19
[  416.413632][T22295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7145'.
[  416.584646][T22313] loop4: detected capacity change from 0 to 16
[  416.599829][T22313] erofs (device loop4): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  416.604207][T22313] erofs (device loop4): mounted with root inode @ nid 36.
[  416.988946][T22322] : entered promiscuous mode
[  417.218354][T22342] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7167'.
[  417.403776][T22356] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7173'.
[  417.491936][T22360] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7175'.
[  417.543227][T22360] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7175'.
[  417.546242][T22360] nbd: device at index 64 is going down
[  418.234216][T22406] netlink: 'syz.1.7195': attribute type 1 has an invalid length.
[  418.908194][ T5854] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  419.075032][ T5854] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  419.078034][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.090944][ T5854] usb 5-1: Product: syz
[  419.095042][ T5854] usb 5-1: Manufacturer: syz
[  419.096606][ T5854] usb 5-1: SerialNumber: syz
[  419.104951][ T5854] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  419.137981][    T9] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  419.347687][T22416] random: crng reseeded on system resumption
[  419.370950][ T5854] usb 5-1: USB disconnect, device number 20
[  420.143421][T22490] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7236'.
[  420.201068][    T9] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  420.203546][    T9] ath9k_htc: Failed to initialize the device
[  420.207053][T22495] netlink: 72 bytes leftover after parsing attributes in process `syz.1.7238'.
[  420.216078][ T5854] usb 5-1: ath9k_htc: USB layer deinitialized
[  420.358209][T22507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7244'.
[  420.365733][T22507] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.368397][T22507] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.395063][ T5875] bond0: (slave bridge0): link status definitely down, disabling slave
[  420.549046][T22530] netlink: 146840 bytes leftover after parsing attributes in process `syz.1.7255'.
[  420.576456][T22532] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7256'.
[  420.771147][   T47] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  420.924380][   T47] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  420.927903][   T47] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  420.932924][   T47] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  420.935949][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.938645][   T47] usb 5-1: Product: syz
[  420.940092][   T47] usb 5-1: Manufacturer: syz
[  420.941917][   T47] usb 5-1: SerialNumber: syz
[  421.151479][   T47] usb 5-1: 0:2 : does not exist
[  421.156661][   T47] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  421.172225][   T47] usb 5-1: USB disconnect, device number 21
[  421.194003][T14992] udevd[14992]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  421.383561][T22543] netlink: 'syz.2.7261': attribute type 1 has an invalid length.
[  421.936905][T22564] loop4: detected capacity change from 0 to 32768
[  421.955731][T22564] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  421.967410][T22564] XFS (loop4): Ending clean mount
[  421.973465][T22564] XFS (loop4): Quotacheck needed: Please wait.
[  422.018254][T22564] XFS (loop4): Quotacheck: Done.
[  422.049194][T19438] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  422.237340][    T9] lo speed is unknown, defaulting to 1000
[  423.186767][T22598] __nla_validate_parse: 2 callbacks suppressed
[  423.186780][T22598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7283'.
[  423.198195][T22600] netlink: 'syz.2.7284': attribute type 9 has an invalid length.
[  423.373982][T22615] netlink: 212 bytes leftover after parsing attributes in process `syz.2.7292'.
[  423.490361][T22629] loop4: detected capacity change from 0 to 128
[  423.524016][T22629] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  423.557543][T22633] netlink: 51 bytes leftover after parsing attributes in process `syz.2.7300'.
[  423.580283][T22629] hpfs: hpfs_map_sector(): read error
[  424.075782][T22657] cgroup: noprefix used incorrectly
[  424.687378][T22690] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7326'.
[  425.131141][T22712] C: renamed from team_slave_0 (while UP)
[  425.146354][T22712] netlink: 'syz.1.7337': attribute type 3 has an invalid length.
[  425.148969][T22712] netlink: 152 bytes leftover after parsing attributes in process `syz.1.7337'.
[  425.172215][T22712] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  425.292403][T22699] syz.4.7326 (22699): drop_caches: 2
[  425.864520][T22749] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7355'.
[  426.346836][T22791] tmpfs: Cannot change global quota limit on remount
[  426.775141][T22822] loop4: detected capacity change from 0 to 512
[  426.795004][T22822] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.7390: bad orphan inode 17
[  426.801295][T22822] ext4_test_bit(bit=16, block=4) = 1
[  426.804655][T22822] is_bad_inode(inode)=0
[  426.806034][T22822] NEXT_ORPHAN(inode)=0
[  426.807417][T22822] max_ino=32
[  426.808566][T22822] i_nlink=1
[  426.810419][T22822] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  426.847317][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.917622][T22833] loop4: detected capacity change from 0 to 4096
[  426.934470][T22833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.980710][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  427.308862][T22847] loop4: detected capacity change from 0 to 32768
[  427.320242][T22847] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  427.346115][T22847] XFS (loop4): Ending clean mount
[  427.378072][T19438] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  427.871878][ T5854] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  428.088825][ T5854] usb 5-1: Using ep0 maxpacket: 16
[  428.098402][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  428.267752][ T5854] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  428.274495][ T5854] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  428.277423][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.282212][ T5854] usb 5-1: config 0 descriptor??
[  428.698817][ T5854] HID 045e:07da: Invalid code 65791 type 1
[  428.707247][ T5854] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0014/input/input22
[  428.716796][ T5854] microsoft 0003:045E:07DA.0014: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  429.038668][T22909] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  429.040827][   T33] audit: type=1804 audit(1755565136.313:346): pid=22909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.7425" name="file0" dev="tmpfs" ino=13645 res=1 errno=0
[  429.042669][T22909] ref_ctr increment failed for inode: 0x354d offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801b77eb80
[  429.306521][T22925] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7433'.
[  429.502289][   T47] usb 5-1: USB disconnect, device number 22
[  430.049009][T22955] CIFS mount error: No usable UNC path provided in device string!
[  430.049009][T22955] 
[  430.052712][T22955] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  430.618434][T22973] batadv0: mtu less than device minimum
[  430.620954][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.625311][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.629235][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.633335][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.637248][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.641215][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.645130][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.649078][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.653122][T22973] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  430.706712][   T33] audit: type=1326 audit(1755565137.983:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  430.718206][   T33] audit: type=1326 audit(1755565137.983:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  430.727090][   T33] audit: type=1326 audit(1755565137.983:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  430.734384][   T33] audit: type=1326 audit(1755565137.983:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  430.742700][   T33] audit: type=1326 audit(1755565137.983:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  430.749577][   T33] audit: type=1326 audit(1755565137.983:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  430.757415][   T33] audit: type=1326 audit(1755565137.983:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  430.767321][   T33] audit: type=1326 audit(1755565138.043:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22974 comm="syz.1.7455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff69638ebe9 code=0x7ffc0000
[  432.334788][T23024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7476'.
[  433.061363][T23041] loop4: detected capacity change from 0 to 1024
[  433.065366][T23041] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  433.087928][T23041] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  433.106743][T23041] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.7483: missing EA_INODE flag
[  433.117906][T23041] EXT4-fs (loop4): Remounting filesystem read-only
[  433.139588][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  433.277220][T23055] loop4: detected capacity change from 0 to 512
[  433.321811][T23055] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  433.339038][T23055] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[  433.342383][T23063] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7492'.
[  433.346174][T23055] System zones: 1-12
[  433.347869][T23055] EXT4-fs (loop4): orphan cleanup on readonly fs
[  433.355645][T23055] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.7488: invalid indirect mapped block 12 (level 1)
[  433.366403][T23055] EXT4-fs (loop4): Remounting filesystem read-only
[  433.369089][T23055] EXT4-fs (loop4): 1 truncate cleaned up
[  433.373053][T23055] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  433.377887][T23063] 8021q: adding VLAN 0 to HW filter on device bond7
[  433.400355][T23055] EXT4-fs warning (device loop4): dx_probe:791: inode #2: lblock 0: comm syz.4.7488: error -117 reading directory block
[  433.415660][T23055] EXT4-fs warning (device loop4): dx_probe:791: inode #2: lblock 0: comm syz.4.7488: error -117 reading directory block
[  433.446822][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  433.930963][ T5854] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  434.080938][ T5854] usb 5-1: Using ep0 maxpacket: 16
[  434.084494][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  434.088079][ T5854] usb 5-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00
[  434.091237][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.096491][ T5854] usb 5-1: config 0 descriptor??
[  434.515673][ T5854] kye 0003:0458:0087.0015: reserved main item tag 0xd
[  434.518595][ T5854] kye 0003:0458:0087.0015: unexpected long global item
[  434.522199][ T5854] kye 0003:0458:0087.0015: parse failed
[  434.524301][ T5854] kye 0003:0458:0087.0015: probe with driver kye failed with error -22
[  434.714967][ T5854] usb 5-1: USB disconnect, device number 23
[  435.545351][T23124] loop4: detected capacity change from 0 to 512
[  435.577299][T23124] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  435.582899][T23124] ext4 filesystem being mounted at /415/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  435.654909][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  435.989916][T23139] loop4: detected capacity change from 0 to 40427
[  436.076846][T23139] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  436.082807][T23139] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  436.114992][T19438] syz-executor: attempt to access beyond end of device
[  436.114992][T19438] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  436.131826][T19438] CPU: 0 UID: 0 PID: 19438 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  436.131841][T19438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  436.131846][T19438] Call Trace:
[  436.131850][T19438]  <TASK>
[  436.131854][T19438]  dump_stack_lvl+0x189/0x250
[  436.131871][T19438]  ? __pfx_dump_stack_lvl+0x10/0x10
[  436.131879][T19438]  ? __pfx_queue_work_on+0x10/0x10
[  436.131888][T19438]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  436.131899][T19438]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  436.131911][T19438]  f2fs_handle_critical_error+0x37c/0x540
[  436.131925][T19438]  f2fs_write_end_io+0x886/0xb60
[  436.131943][T19438]  __submit_merged_bio+0x27a/0x6a0
[  436.131955][T19438]  __submit_merged_write_cond+0x255/0x530
[  436.131966][T19438]  f2fs_write_data_pages+0x261d/0x3000
[  436.131974][T19438]  ? __lock_acquire+0xab9/0xd20
[  436.131999][T19438]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  436.132025][T19438]  ? __pfx_stack_trace_save+0x10/0x10
[  436.132041][T19438]  ? kthread_stop+0x194/0x5c0
[  436.132048][T19438]  ? kill_f2fs_super+0x137/0x6c0
[  436.132056][T19438]  ? deactivate_locked_super+0xbc/0x130
[  436.132069][T19438]  ? __lock_acquire+0xab9/0xd20
[  436.132084][T19438]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  436.132093][T19438]  do_writepages+0x32e/0x550
[  436.132108][T19438]  ? do_raw_spin_unlock+0x4d/0x240
[  436.132118][T19438]  filemap_fdatawrite+0x199/0x240
[  436.132129][T19438]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  436.132155][T19438]  ? do_raw_spin_unlock+0x4d/0x240
[  436.132165][T19438]  f2fs_sync_dirty_inodes+0x31f/0x830
[  436.132181][T19438]  f2fs_write_checkpoint+0x95a/0x1df0
[  436.132199][T19438]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  436.132227][T19438]  ? kill_f2fs_super+0x298/0x6c0
[  436.132238][T19438]  kill_f2fs_super+0x2c3/0x6c0
[  436.132250][T19438]  ? __pfx_kill_f2fs_super+0x10/0x10
[  436.132258][T19438]  ? radix_tree_delete_item+0x2b6/0x400
[  436.132269][T19438]  ? shrinker_free+0x2ce/0x3e0
[  436.132278][T19438]  deactivate_locked_super+0xbc/0x130
[  436.132287][T19438]  cleanup_mnt+0x425/0x4c0
[  436.132297][T19438]  ? lockdep_hardirqs_on+0x9c/0x150
[  436.132308][T19438]  task_work_run+0x1d4/0x260
[  436.132319][T19438]  ? __pfx_task_work_run+0x10/0x10
[  436.132327][T19438]  ? __x64_sys_umount+0x122/0x160
[  436.132337][T19438]  ? exit_to_user_mode_loop+0x40/0x110
[  436.132348][T19438]  exit_to_user_mode_loop+0xec/0x110
[  436.132358][T19438]  do_syscall_64+0x2bd/0x3b0
[  436.132365][T19438]  ? lockdep_hardirqs_on+0x9c/0x150
[  436.132373][T19438]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.132380][T19438]  ? exc_page_fault+0x9f/0xf0
[  436.132388][T19438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.132396][T19438] RIP: 0033:0x7f5cf278ff17
[  436.132405][T19438] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  436.132411][T19438] RSP: 002b:00007fff4ebd0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  436.132421][T19438] RAX: 0000000000000000 RBX: 00007f5cf2811c05 RCX: 00007f5cf278ff17
[  436.132425][T19438] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4ebd00f0
[  436.132429][T19438] RBP: 00007fff4ebd00f0 R08: 0000000000000000 R09: 0000000000000000
[  436.132433][T19438] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff4ebd1180
[  436.132445][T19438] R13: 00007f5cf2811c05 R14: 000000000006a72b R15: 00007fff4ebd11c0
[  436.132456][T19438]  </TASK>
[  436.132460][T19438] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  436.563776][T23157] netlink: 'syz.2.7533': attribute type 4 has an invalid length.
[  436.675475][T23153] loop4: detected capacity change from 0 to 32768
[  436.717806][T23153] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  436.734596][T23153] XFS (loop4): totally zeroed log
[  436.741845][T23153] XFS (loop4): Corruption warning: Metadata has LSN (1:384) ahead of current LSN (1:0). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  436.747289][T23153] XFS (loop4): log mount/recovery failed: error -22
[  436.756822][T23153] XFS (loop4): log mount failed
[  437.290177][T23189] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  437.472034][T23191] loop4: detected capacity change from 0 to 32768
[  437.479825][T23191] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.7545 (23191)
[  437.498162][T23191] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  437.501764][T23191] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  437.504627][T23191] BTRFS info (device loop4): using free-space-tree
[  437.569550][T19438] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  437.942172][T23223] netlink: 384 bytes leftover after parsing attributes in process `syz.2.7553'.
[  438.022008][T23227] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.7555'.
[  438.032695][T23227] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.7555'.
[  438.077736][T23217] loop4: detected capacity change from 0 to 32768
[  438.117449][T23217] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  438.145728][T23217] XFS (loop4): Ending clean mount
[  438.166587][T23217] XFS (loop4): Quotacheck needed: Please wait.
[  438.239353][T23217] XFS (loop4): Quotacheck: Done.
[  438.297110][T19438] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  438.598587][T23253] loop4: detected capacity change from 0 to 1024
[  438.627249][T23253] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  438.631655][T23253] ext4 filesystem being mounted at /426/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  438.786940][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  438.848539][T23261] Bluetooth: MGMT ver 1.23
[  439.450616][T23282] netlink: 'syz.1.7575': attribute type 1 has an invalid length.
[  439.457468][T23282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7575'.
[  439.520044][T23280] loop4: detected capacity change from 0 to 32768
[  439.535704][T23280] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  439.565550][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  439.567629][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  439.580667][T23280] XFS (loop4): Ending clean mount
[  439.597197][T23280] XFS (loop4): Quotacheck needed: Please wait.
[  439.654812][T23280] XFS (loop4): Quotacheck: Done.
[  439.701201][T19438] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  439.809646][T23306] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7583'.
[  440.010205][T23324] loop4: detected capacity change from 0 to 1024
[  440.043333][T23324] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  440.047477][T23324] ext4 filesystem being mounted at /435/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  440.090279][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  440.526394][T12042] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  440.530063][T12042] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.535840][T12042] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  440.695345][T12042] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  440.698809][T12042] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.702263][T12042] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  440.804594][T12042] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  440.808132][T12042] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.812063][T12042] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  440.820065][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  440.829660][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  440.836586][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  440.844537][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  440.847995][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  440.867286][T23353] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7606'.
[  440.891911][T23353] team0: Device macsec1 is already an upper device of the team interface
[  440.943561][T12042] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  440.947059][T12042] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.950574][T12042] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  440.990564][T23348] virt_wifi0 speed is unknown, defaulting to 1000
[  441.003626][T23348] wg1 speed is unknown, defaulting to 1000
[  441.020334][T23348] lo speed is unknown, defaulting to 1000
[  441.115307][   T33] audit: type=1400 audit(1755565148.393:355): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5D15F47DB2D pid=23358 comm="syz.4.7609"
[  441.462245][T23368] loop4: detected capacity change from 0 to 32768
[  441.471691][T23368] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.7613 (23368)
[  441.506603][T23368] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  441.509901][T23368] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  441.520934][T23368] BTRFS info (device loop4): using free-space-tree
[  441.736873][T19438] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  442.221692][T12042] dvmrp1 (unregistering): left allmulticast mode
[  442.277113][T23422] loop4: detected capacity change from 0 to 64
[  442.277459][T12042] bond1 (unregistering): (slave geneve2): Releasing backup interface
[  442.306761][T23422] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  442.309576][T23422] BFS-fs: bfs_fill_super(): Inode 0x00000003 corrupted on loop4
[  442.396720][T12042] bridge0 (unregistering): left promiscuous mode
[  442.451372][T12042] bridge0 (unregistering): left allmulticast mode
[  442.649824][T12042] bond1 (unregistering): Released all slaves
[  442.809583][ T5854] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  442.880929][T12042] bond2 (unregistering): Released all slaves
[  442.887712][T12042] bond3 (unregistering): Released all slaves
[  442.899084][T12042] bond0 (unregistering): Released all slaves
[  442.925275][ T5239] Bluetooth: hci0: command tx timeout
[  443.013637][ T5854] usb 5-1: Using ep0 maxpacket: 16
[  443.019647][ T5854] usb 5-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc
[  443.023577][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.026326][ T5854] usb 5-1: Product: syz
[  443.027747][ T5854] usb 5-1: Manufacturer: syz
[  443.029316][ T5854] usb 5-1: SerialNumber: syz
[  443.042518][T12042] : left promiscuous mode
[  443.058428][ T5854] usb 5-1: config 0 descriptor??
[  443.082541][ T5854] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  443.224971][T12042] tipc: Disabling bearer <udp:syz0>
[  443.227021][T12042] tipc: Left network mode
[  443.257637][T23348] chnl_net:caif_netlink_parms(): no params data found
[  443.272105][ T5851] usb 5-1: USB disconnect, device number 24
[  443.373567][T23461] netlink: 44 bytes leftover after parsing attributes in process `syz.1.7640'.
[  443.463044][T23470] netlink: 'syz.1.7642': attribute type 2 has an invalid length.
[  443.465709][T23470] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7642'.
[  443.469081][T23348] bridge0: port 1(bridge_slave_0) entered blocking state
[  443.473276][T23348] bridge0: port 1(bridge_slave_0) entered disabled state
[  443.481215][T23348] bridge_slave_0: entered allmulticast mode
[  443.484306][T23348] bridge_slave_0: entered promiscuous mode
[  443.492595][T23348] bridge0: port 2(bridge_slave_1) entered blocking state
[  443.502716][T23348] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.505408][T23348] bridge_slave_1: entered allmulticast mode
[  443.509060][T23348] bridge_slave_1: entered promiscuous mode
[  443.569899][T23348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  443.578019][T23348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  443.608981][T23348] team0: Port device team_slave_0 added
[  443.640303][T23348] team0: Port device team_slave_1 added
[  443.714106][T23348] batman_adv: batadv0: Adding interface: batadv_slave_0
[  443.717771][T23348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.730289][T23348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  443.742185][T23348] batman_adv: batadv0: Adding interface: batadv_slave_1
[  443.744567][T23348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.754461][T23348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  443.765808][T12042] batadv0: left promiscuous mode
[  443.773800][T12042] hsr_slave_0: left promiscuous mode
[  443.776073][T12042] hsr_slave_1: left promiscuous mode
[  443.808532][T23484] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7649'.
[  443.810316][T12042] veth1_macvtap: left promiscuous mode
[  443.816671][T12042] veth0_macvtap: left promiscuous mode
[  443.818752][T12042] veth1_vlan: left promiscuous mode
[  443.820572][T12042] veth0_vlan: left promiscuous mode
[  445.001839][ T5239] Bluetooth: hci0: command tx timeout
[  445.345355][T23484] team1: entered promiscuous mode
[  445.347528][T23484] team1: entered allmulticast mode
[  445.412017][T23348] hsr_slave_0: entered promiscuous mode
[  445.417251][T23348] hsr_slave_1: entered promiscuous mode
[  445.631391][T23488] loop4: detected capacity change from 0 to 32768
[  445.635534][T23488] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.7651 (23488)
[  445.688770][T23488] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  445.696739][T23488] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  445.699619][T23488] BTRFS info (device loop4): using free-space-tree
[  445.748906][T12042] IPVS: stop unused estimator thread 0...
[  445.835559][T19438] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  445.894551][T23348] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  445.924918][T23348] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  445.939367][T23348] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  445.991940][T23348] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  446.126410][T23348] 8021q: adding VLAN 0 to HW filter on device bond0
[  446.163519][T23348] 8021q: adding VLAN 0 to HW filter on device team0
[  446.295751][ T1181] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.298046][ T1181] bridge0: port 1(bridge_slave_0) entered forwarding state
[  446.308421][ T1181] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.310848][ T1181] bridge0: port 2(bridge_slave_1) entered forwarding state
[  446.376149][T23348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  446.438687][T23538] syz.4.7657: attempt to access beyond end of device
[  446.438687][T23538] loop4: rw=0, sector=0, nr_sectors = 1 limit=0
[  446.603534][T23348] 8021q: adding VLAN 0 to HW filter on device batadv0
[  446.716390][T23565] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.7664'.
[  446.719379][T23565] netlink: 6320 bytes leftover after parsing attributes in process `syz.4.7664'.
[  446.840279][T23348] veth0_vlan: entered promiscuous mode
[  446.900333][T23348] veth1_vlan: entered promiscuous mode
[  446.932243][T23348] veth0_macvtap: entered promiscuous mode
[  446.936248][T23348] veth1_macvtap: entered promiscuous mode
[  446.965891][T23348] batman_adv: batadv0: Interface activated: batadv_slave_0
[  446.975915][T23348] batman_adv: batadv0: Interface activated: batadv_slave_1
[  447.002698][ T5859] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  447.006493][ T5859] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  447.013181][T23586] loop4: detected capacity change from 0 to 1024
[  447.016646][ T5859] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  447.023154][T23586] EXT4-fs: Ignoring removed nobh option
[  447.025065][T23586] EXT4-fs: inline encryption not supported
[  447.048490][ T5859] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  447.062649][T23586] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  447.083789][ T5239] Bluetooth: hci0: command tx timeout
[  447.121315][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  447.175862][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  447.178487][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  447.219627][T23599] loop4: detected capacity change from 0 to 512
[  447.232133][T23599] EXT4-fs: Ignoring removed oldalloc option
[  447.245832][T23599] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  447.253411][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  447.257957][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  447.264094][T23599] EXT4-fs (loop4): 1 truncate cleaned up
[  447.266726][T23599] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  447.310103][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  447.383294][T23609] macsec1: entered promiscuous mode
[  447.679524][T23637] loop4: detected capacity change from 0 to 512
[  447.697863][T23637] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  447.709050][T23637] EXT4-fs (loop4): warning: maximal mount count reached, running e2fsck is recommended
[  447.716794][T23637] EXT4-fs error (device loop4): ext4_orphan_get:1392: comm syz.4.7688: inode #15: comm syz.4.7688: iget: illegal inode #
[  447.722804][T23637] EXT4-fs (loop4): Remounting filesystem read-only
[  447.725718][T23637] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  447.747386][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  447.782302][T23644] overlayfs: failed to clone upperpath
[  447.807641][T23647] loop4: detected capacity change from 0 to 512
[  447.821786][T23647] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002]
[  447.824496][T23647] System zones: 1-12
[  447.826798][T23647] EXT4-fs error (device loop4): dx_probe:791: inode #2: comm syz.4.7690: Directory hole found for htree index block 0
[  447.838788][ T5894] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  447.860192][T23647] EXT4-fs (loop4): Remounting filesystem read-only
[  447.867980][T23647] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117
[  447.871542][T23647] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  447.875141][T23647] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  447.894389][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.001802][ T5894] usb 6-1: Using ep0 maxpacket: 8
[  448.009991][ T5894] usb 6-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  448.014797][ T5894] usb 6-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  448.019180][ T5894] usb 6-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  448.024817][ T5894] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  448.027865][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.030539][ T5894] usb 6-1: Product: syz
[  448.034177][ T5894] usb 6-1: Manufacturer: syz
[  448.035698][ T5894] usb 6-1: SerialNumber: syz
[  448.073391][T23657] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7694'.
[  448.248295][T23662] misc userio: Invalid payload size
[  448.255823][T23662] misc userio: The device must be registered before sending interrupts
[  448.281034][ T5894] adutux 6-1:168.0: interrupt endpoints not found
[  448.299024][ T5894] usb 6-1: USB disconnect, device number 2
[  448.627817][T23670] net_ratelimit: 10 callbacks suppressed
[  448.627889][T23670] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  449.171152][ T5239] Bluetooth: hci0: command tx timeout
[  449.669946][ T5894] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  449.852327][ T5894] usb 6-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  449.860045][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.869426][ T5894] usb 6-1: Product: syz
[  449.876328][ T5894] usb 6-1: Manufacturer: syz
[  449.882756][ T5894] usb 6-1: SerialNumber: syz
[  449.938035][ T5894] usb 6-1: config 0 descriptor??
[  449.943993][ T5894] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  450.632025][ T5894] gspca_sunplus: reg_r err -71
[  450.636921][ T5894] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  450.649104][ T5894] usb 6-1: USB disconnect, device number 3
[  450.678870][T23714] loop4: detected capacity change from 0 to 512
[  450.720013][T23714] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  450.724615][T23714] ext4 filesystem being mounted at /484/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  450.753872][T19438] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.972511][T23720] loop4: detected capacity change from 0 to 32768
[  450.976635][T23720] jfs_mount: dbMount failed w/rc = -22
[  450.979216][T23720] Mount JFS Failure: -22
[  450.980679][T23720] jfs_mount failed w/return code = -22
[  451.441868][ T5854] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  451.543350][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.631488][ T5854] usb 6-1: Using ep0 maxpacket: 16
[  451.636538][ T5854] usb 6-1: config 2 has an invalid interface number: 14 but max is 0
[  451.639175][ T5854] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  451.643860][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.653269][ T5854] usb 6-1: config 2 has no interface number 0
[  451.655352][ T5854] usb 6-1: config 2 interface 14 altsetting 9 has an invalid endpoint descriptor of length 6, skipping
[  451.658965][ T5854] usb 6-1: config 2 interface 14 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  451.665997][ T5854] usb 6-1: config 2 interface 14 has no altsetting 0
[  451.670100][ T5854] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=77.73
[  451.676941][ T5854] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.679584][ T5854] usb 6-1: Product: syz
[  451.683205][ T5854] usb 6-1: Manufacturer: syz
[  451.689123][ T5854] usb 6-1: SerialNumber: syz
[  451.717881][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.767549][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  451.774726][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  451.780804][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  451.787001][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  451.793122][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  451.835918][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.865920][T23733] virt_wifi0 speed is unknown, defaulting to 1000
[  451.870839][T23733] wg1 speed is unknown, defaulting to 1000
[  451.873913][T23733] lo speed is unknown, defaulting to 1000
[  451.920142][ T5854] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  452.038262][ T5854] snd-usb-audio 6-1:2.14: probe with driver snd-usb-audio failed with error -2
[  452.049223][ T5854] usb 6-1: USB disconnect, device number 4
[  452.072714][T16109] udevd[16109]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:2.14/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  452.105705][   T13] bridge_slave_1: left allmulticast mode
[  452.108620][   T13] bridge_slave_1: left promiscuous mode
[  452.114023][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.134063][   T13] bridge_slave_0: left allmulticast mode
[  452.137315][   T13] bridge_slave_0: left promiscuous mode
[  452.147376][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.778385][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  452.785737][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  452.790019][   T13] bond0 (unregistering): Released all slaves
[  453.070050][T23733] chnl_net:caif_netlink_parms(): no params data found
[  453.229008][T23733] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.231777][T23733] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.234268][T23733] bridge_slave_0: entered allmulticast mode
[  453.237152][T23733] bridge_slave_0: entered promiscuous mode
[  453.284637][T23733] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.287414][T23733] bridge0: port 2(bridge_slave_1) entered disabled state
[  453.290023][T23733] bridge_slave_1: entered allmulticast mode
[  453.293635][T23733] bridge_slave_1: entered promiscuous mode
[  453.345016][T23733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  453.349745][T23733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  453.405511][T23733] team0: Port device team_slave_0 added
[  453.409162][T23733] team0: Port device team_slave_1 added
[  453.469080][T23733] batman_adv: batadv0: Adding interface: batadv_slave_0
[  453.487076][T23733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  453.495902][T23733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  453.509923][   T13] hsr_slave_0: left promiscuous mode
[  453.516233][   T13] hsr_slave_1: left promiscuous mode
[  453.518330][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  453.520880][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  453.523676][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  453.526026][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  453.544510][   T13] veth1_macvtap: left promiscuous mode
[  453.546532][   T13] veth0_macvtap: left promiscuous mode
[  453.548839][   T13] veth1_vlan: left promiscuous mode
[  453.720275][T23794] loop5: detected capacity change from 0 to 32768
[  453.776157][T23794] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  453.883935][ T5847] Bluetooth: hci1: command tx timeout
[  453.889949][T23348] ocfs2: Unmounting device (7,5) on (node local)
[  454.472407][   T13] team0 (unregistering): Port device team_slave_1 removed
[  454.573346][   T13] team0 (unregistering): Port device team_slave_0 removed
[  455.747069][   T36] smc: removing ib device sz1
[  455.767287][T23733] batman_adv: batadv0: Adding interface: batadv_slave_1
[  455.770167][T23733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  455.781475][T23733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  455.839462][  T793] lo speed is unknown, defaulting to 1000
[  455.842511][  T793] sz1: Port: 1 Link DOWN
[  455.876031][T23810] netlink: 196 bytes leftover after parsing attributes in process `syz.5.7747'.
[  455.891456][T23810] netlink: 196 bytes leftover after parsing attributes in process `syz.5.7747'.
[  455.895171][T23810] netlink: 19 bytes leftover after parsing attributes in process `syz.5.7747'.
[  455.967473][ T5847] Bluetooth: hci1: command tx timeout
[  455.984535][T23838] loop5: detected capacity change from 0 to 8192
[  456.045919][T23733] hsr_slave_0: entered promiscuous mode
[  456.049644][T23733] hsr_slave_1: entered promiscuous mode
[  456.062829][T23733] debugfs: 'hsr0' already exists in 'hsr'
[  456.064751][T23733] Cannot create hsr debugfs directory
[  456.972559][T23848] loop5: detected capacity change from 0 to 40427
[  456.975849][T23848] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  456.978565][T23848] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  457.076809][T23848] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  457.115879][T23848] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  457.119663][T23848] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  457.176738][T23848] syz.5.7761: attempt to access beyond end of device
[  457.176738][T23848] loop5: rw=2049, sector=45096, nr_sectors = 88 limit=40427
[  457.191254][   T13] IPVS: stop unused estimator thread 0...
[  457.199069][T23733] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  457.207677][T23733] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  457.215520][T23733] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  457.223694][T23733] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  457.372329][T23733] 8021q: adding VLAN 0 to HW filter on device bond0
[  457.387211][T23733] 8021q: adding VLAN 0 to HW filter on device team0
[  457.393824][ T3559] bridge0: port 1(bridge_slave_0) entered blocking state
[  457.396292][ T3559] bridge0: port 1(bridge_slave_0) entered forwarding state
[  457.420339][ T3559] bridge0: port 2(bridge_slave_1) entered blocking state
[  457.422821][ T3559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  457.594972][T23896] 
[  457.595867][T23896] =====================================================
[  457.598182][T23896] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  457.600677][T23896] 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 Not tainted
[  457.603622][T23896] -----------------------------------------------------
[  457.606201][T23896] syz.5.7765/23896 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  457.608807][T23896] ffff88810e1ad2b8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0
[  457.611708][T23896] 
[  457.611708][T23896] and this task is already holding:
[  457.611983][T23733] 8021q: adding VLAN 0 to HW filter on device batadv0
[  457.614046][T23896] ffff8880365f7028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[  457.614087][T23896] which would create a new lock dependency:
[  457.614090][T23896]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[  457.624448][T23896] 
[  457.624448][T23896] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  457.627551][T23896]  (&dev->event_lock#2){..-.}-{3:3}
[  457.627570][T23896] 
[  457.627570][T23896] ... which became SOFTIRQ-irq-safe at:
[  457.631937][T23896]   lock_acquire+0x126/0x360
[  457.633542][T23896]   _raw_spin_lock_irqsave+0xa7/0xf0
[  457.635308][T23896]   input_event+0x76/0xe0
[  457.636754][T23896]   hidinput_report_event+0xa1/0x100
[  457.638553][T23896]   hid_report_raw_event+0x148b/0x16d0
[  457.640356][T23896]   hid_input_report+0x43e/0x520
[  457.642000][T23896]   hid_irq_in+0x47e/0x6d0
[  457.643451][T23896]   __usb_hcd_giveback_urb+0x41a/0x690
[  457.645167][T23896]   dummy_timer+0x862/0x4550
[  457.646754][T23896]   __hrtimer_run_queues+0x52c/0xc60
[  457.648574][T23896]   hrtimer_run_softirq+0x187/0x2b0
[  457.650241][T23896]   handle_softirqs+0x286/0x870
[  457.651824][T23896]   __irq_exit_rcu+0xca/0x1f0
[  457.653302][T23896]   irq_exit_rcu+0x9/0x30
[  457.654671][T23896]   sysvec_apic_timer_interrupt+0xa6/0xc0
[  457.656519][T23896]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  457.658476][T23896]   debug_smp_processor_id+0x0/0x20
[  457.660177][T23896]   rcu_is_watching+0x15/0xb0
[  457.661771][T23896]   lock_acquire+0x5f/0x360
[  457.663240][T23896]   unwind_next_frame+0xc2/0x2390
[  457.664923][T23896]   arch_stack_walk+0x11c/0x150
[  457.666599][T23896]   stack_trace_save+0x9c/0xe0
[  457.668193][T23896]   kasan_save_track+0x3e/0x80
[  457.669799][T23896]   __kasan_slab_alloc+0x6c/0x80
[  457.671459][T23896]   kmem_cache_alloc_node_noprof+0x1c2/0x3d0
[  457.673452][T23896]   __alloc_skb+0x112/0x2d0
[  457.674964][T23896]   tcp_stream_alloc_skb+0x3d/0x340
[  457.676716][T23896]   tcp_sendmsg_locked+0xf38/0x5620
[  457.678531][T23896]   tcp_sendmsg+0x2f/0x50
[  457.679986][T23896]   __sock_sendmsg+0x19c/0x270
[  457.681629][T23896]   sock_write_iter+0x258/0x330
[  457.683221][T23896]   vfs_write+0x54b/0xa90
[  457.684463][T23733] veth0_vlan: entered promiscuous mode
[  457.684649][T23896]   ksys_write+0x145/0x250
[  457.687941][T23896]   do_syscall_64+0xfa/0x3b0
[  457.688771][T23733] veth1_vlan: entered promiscuous mode
[  457.689517][T23896]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.693309][T23896] 
[  457.693309][T23896] to a SOFTIRQ-irq-unsafe lock:
[  457.695609][T23896]  (tasklist_lock){.+.+}-{3:3}
[  457.695629][T23896] 
[  457.695629][T23896] ... which became SOFTIRQ-irq-unsafe at:
[  457.699909][T23896] ...
[  457.699915][T23896]   lock_acquire+0x126/0x360
[  457.702330][T23896]   _raw_read_lock+0x36/0x50
[  457.703874][T23896]   __do_wait+0xde/0x740
[  457.705262][T23896]   do_wait+0x1f8/0x520
[  457.706631][T23896]   kernel_wait+0xab/0x170
[  457.708151][T23896]   call_usermodehelper_exec_work+0xbe/0x230
[  457.710185][T23896]   process_scheduled_works+0xae1/0x17b0
[  457.712067][T23896]   worker_thread+0x8a0/0xda0
[  457.713643][T23896]   kthread+0x711/0x8a0
[  457.715023][T23896]   ret_from_fork+0x3fc/0x770
[  457.716594][T23896]   ret_from_fork_asm+0x1a/0x30
[  457.718193][T23896] 
[  457.718193][T23896] other info that might help us debug this:
[  457.718193][T23896] 
[  457.721525][T23896] Chain exists of:
[  457.721525][T23896]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[  457.721525][T23896] 
[  457.725941][T23896]  Possible interrupt unsafe locking scenario:
[  457.725941][T23896] 
[  457.728656][T23896]        CPU0                    CPU1
[  457.730373][T23896]        ----                    ----
[  457.732137][T23896]   lock(tasklist_lock);
[  457.733621][T23896]                                local_irq_disable();
[  457.735791][T23896]                                lock(&dev->event_lock#2);
[  457.738113][T23896]                                lock(&client->buffer_lock);
[  457.740565][T23896]   <Interrupt>
[  457.741761][T23896]     lock(&dev->event_lock#2);
[  457.743401][T23896] 
[  457.743401][T23896]  *** DEADLOCK ***
[  457.743401][T23896] 
[  457.746067][T23896] 7 locks held by syz.5.7765/23896:
[  457.747784][T23896]  #0: ffff88801e83f118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480
[  457.750842][T23896]  #1: ffff88801cfcd230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[  457.754077][T23896]  #2: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340
[  457.757177][T23896]  #3: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890
[  457.760274][T23896]  #4: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340
[  457.763244][T23896]  #5: ffff8880365f7028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[  457.766545][T23896]  #6: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0
[  457.769441][T23896] 
[  457.769441][T23896] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  457.772733][T23896]  -> (&dev->event_lock#2){..-.}-{3:3} {
[  457.774654][T23896]     IN-SOFTIRQ-W at:
[  457.776026][T23896]                       lock_acquire+0x126/0x360
[  457.778093][T23896]                       _raw_spin_lock_irqsave+0xa7/0xf0
[  457.780535][T23896]                       input_event+0x76/0xe0
[  457.782622][T23896]                       hidinput_report_event+0xa1/0x100
[  457.784949][T23896]                       hid_report_raw_event+0x148b/0x16d0
[  457.787389][T23896]                       hid_input_report+0x43e/0x520
[  457.789610][T23896]                       hid_irq_in+0x47e/0x6d0
[  457.791679][T23896]                       __usb_hcd_giveback_urb+0x41a/0x690
[  457.794121][T23896]                       dummy_timer+0x862/0x4550
[  457.796212][T23896]                       __hrtimer_run_queues+0x52c/0xc60
[  457.798550][T23896]                       hrtimer_run_softirq+0x187/0x2b0
[  457.800714][T23896]                       handle_softirqs+0x286/0x870
[  457.802804][T23896]                       __irq_exit_rcu+0xca/0x1f0
[  457.804858][T23896]                       irq_exit_rcu+0x9/0x30
[  457.806824][T23896]                       sysvec_apic_timer_interrupt+0xa6/0xc0
[  457.809447][T23896]                       asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  457.812051][T23896]                       debug_smp_processor_id+0x0/0x20
[  457.814336][T23896]                       rcu_is_watching+0x15/0xb0
[  457.816432][T23896]                       lock_acquire+0x5f/0x360
[  457.818481][T23896]                       unwind_next_frame+0xc2/0x2390
[  457.820846][T23896]                       arch_stack_walk+0x11c/0x150
[  457.823045][T23896]                       stack_trace_save+0x9c/0xe0
[  457.825199][T23896]                       kasan_save_track+0x3e/0x80
[  457.827389][T23896]                       __kasan_slab_alloc+0x6c/0x80
[  457.829578][T23896]                       kmem_cache_alloc_node_noprof+0x1c2/0x3d0
[  457.832006][T23896]                       __alloc_skb+0x112/0x2d0
[  457.834040][T23896]                       tcp_stream_alloc_skb+0x3d/0x340
[  457.836267][T23896]                       tcp_sendmsg_locked+0xf38/0x5620
[  457.838505][T23896]                       tcp_sendmsg+0x2f/0x50
[  457.840495][T23896]                       __sock_sendmsg+0x19c/0x270
[  457.842599][T23896]                       sock_write_iter+0x258/0x330
[  457.844728][T23896]                       vfs_write+0x54b/0xa90
[  457.846720][T23896]                       ksys_write+0x145/0x250
[  457.848809][T23896]                       do_syscall_64+0xfa/0x3b0
[  457.850879][T23896]                       entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.853404][T23896]     INITIAL USE at:
[  457.854788][T23896]                      lock_acquire+0x126/0x360
[  457.856833][T23896]                      _raw_spin_lock_irqsave+0xa7/0xf0
[  457.859091][T23896]                      input_inject_event+0xa5/0x340
[  457.861283][T23896]                      kbd_led_trigger_activate+0xbc/0x100
[  457.863683][T23896]                      led_trigger_set+0x52d/0x950
[  457.865791][T23896]                      led_trigger_set_default+0x260/0x2a0
[  457.868080][T23896]                      led_classdev_register_ext+0x73d/0x930
[  457.870475][T23896]                      input_leds_connect+0x517/0x790
[  457.872676][T23896]                      input_register_device+0xd0e/0x1140
[  457.874938][T23896]                      atkbd_connect+0x72e/0xa00
[  457.877069][T23896]                      serio_driver_probe+0x82/0xd0
[  457.879197][T23896]                      really_probe+0x26d/0x9e0
[  457.881201][T23896]                      __driver_probe_device+0x18c/0x2f0
[  457.883500][T23896]                      driver_probe_device+0x4f/0x430
[  457.885719][T23896]                      __driver_attach+0x452/0x700
[  457.887836][T23896]                      bus_for_each_dev+0x233/0x2b0
[  457.889998][T23896]                      serio_handle_event+0x1f9/0x8d0
[  457.892199][T23896]                      process_scheduled_works+0xae1/0x17b0
[  457.894619][T23896]                      worker_thread+0x8a0/0xda0
[  457.896631][T23896]                      kthread+0x711/0x8a0
[  457.898499][T23896]                      ret_from_fork+0x3fc/0x770
[  457.900541][T23896]                      ret_from_fork_asm+0x1a/0x30
[  457.902599][T23896]   }
[  457.903457][T23896]   ... key      at: [<ffffffff99e230a0>] input_allocate_device.__key.5+0x0/0x20
[  457.906459][T23896] -> (&client->buffer_lock){....}-{3:3} {
[  457.908258][T23896]    INITIAL USE at:
[  457.909570][T23896]                    lock_acquire+0x126/0x360
[  457.911473][T23896]                    _raw_spin_lock+0x2e/0x40
[  457.913474][T23896]                    evdev_pass_values+0xb9/0xbd0
[  457.915603][T23896]                    evdev_events+0x1e6/0x340
[  457.917596][T23896]                    input_pass_values+0x288/0x890
[  457.919667][T23896]                    input_event_dispose+0x330/0x6b0
[  457.921798][T23896]                    input_inject_event+0x1dd/0x340
[  457.923911][T23896]                    evdev_write+0x2fc/0x480
[  457.925790][T23896]                    vfs_write+0x27e/0xa90
[  457.927723][T23896]                    ksys_write+0x145/0x250
[  457.929726][T23896]                    do_syscall_64+0xfa/0x3b0
[  457.931816][T23896]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.934186][T23896]  }
[  457.935033][T23896]  ... key      at: [<ffffffff99e23340>] evdev_open.__key.25+0x0/0x20
[  457.937654][T23896]  ... acquired at:
[  457.938875][T23896]    lock_acquire+0x126/0x360
[  457.940393][T23896]    _raw_spin_lock+0x2e/0x40
[  457.941926][T23896]    evdev_pass_values+0xb9/0xbd0
[  457.943534][T23896]    evdev_events+0x1e6/0x340
[  457.945034][T23896]    input_pass_values+0x288/0x890
[  457.946700][T23896]    input_event_dispose+0x330/0x6b0
[  457.948436][T23896]    input_inject_event+0x1dd/0x340
[  457.950217][T23896]    evdev_write+0x2fc/0x480
[  457.951805][T23896]    vfs_write+0x27e/0xa90
[  457.953315][T23896]    ksys_write+0x145/0x250
[  457.954829][T23896]    do_syscall_64+0xfa/0x3b0
[  457.956377][T23896]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.958330][T23896] 
[  457.959168][T23896] 
[  457.959168][T23896] the dependencies between the lock to be acquired
[  457.959174][T23896]  and SOFTIRQ-irq-unsafe lock:
[  457.963619][T23896]   -> (tasklist_lock){.+.+}-{3:3} {
[  457.965333][T23896]      HARDIRQ-ON-R at:
[  457.966772][T23896]                         lock_acquire+0x126/0x360
[  457.968920][T23896]                         _raw_read_lock+0x36/0x50
[  457.971208][T23896]                         __do_wait+0xde/0x740
[  457.973395][T23896]                         do_wait+0x1f8/0x520
[  457.975325][T23896]                         kernel_wait+0xab/0x170
[  457.977433][T23896]                         call_usermodehelper_exec_work+0xbe/0x230
[  457.979958][T23896]                         process_scheduled_works+0xae1/0x17b0
[  457.982369][T23896]                         worker_thread+0x8a0/0xda0
[  457.984519][T23896]                         kthread+0x711/0x8a0
[  457.986566][T23896]                         ret_from_fork+0x3fc/0x770
[  457.988714][T23896]                         ret_from_fork_asm+0x1a/0x30
[  457.990841][T23896]      SOFTIRQ-ON-R at:
[  457.992149][T23896]                         lock_acquire+0x126/0x360
[  457.994244][T23896]                         _raw_read_lock+0x36/0x50
[  457.996329][T23896]                         __do_wait+0xde/0x740
[  457.998294][T23896]                         do_wait+0x1f8/0x520
[  458.000235][T23896]                         kernel_wait+0xab/0x170
[  458.002270][T23896]                         call_usermodehelper_exec_work+0xbe/0x230
[  458.004741][T23896]                         process_scheduled_works+0xae1/0x17b0
[  458.007124][T23896]                         worker_thread+0x8a0/0xda0
[  458.009222][T23896]                         kthread+0x711/0x8a0
[  458.011147][T23896]                         ret_from_fork+0x3fc/0x770
[  458.013225][T23896]                         ret_from_fork_asm+0x1a/0x30
[  458.015395][T23896]      INITIAL USE at:
[  458.016730][T23896]                        lock_acquire+0x126/0x360
[  458.018718][T23896]                        _raw_write_lock_irq+0xa2/0xf0
[  458.020834][T23896]                        copy_process+0x224f/0x3c00
[  458.023111][T23896]                        kernel_clone+0x21e/0x840
[  458.025192][T23896]                        user_mode_thread+0xdd/0x140
[  458.027379][T23896]                        rest_init+0x23/0x300
[  458.029480][T23896]                        start_kernel+0x3a9/0x410
[  458.031481][T23896]                        x86_64_start_reservations+0x24/0x30
[  458.033927][T23896]                        x86_64_start_kernel+0x143/0x1c0
[  458.036321][T23896]                        common_startup_64+0x13e/0x147
[  458.038605][T23896]      INITIAL READ USE at:
[  458.040190][T23896]                             lock_acquire+0x126/0x360
[  458.042451][T23896]                             _raw_read_lock+0x36/0x50
[  458.044937][T23896]                             __do_wait+0xde/0x740
[  458.046998][T23896]                             do_wait+0x1f8/0x520
[  458.049088][T23896]                             kernel_wait+0xab/0x170
[  458.051188][T23896]                             call_usermodehelper_exec_work+0xbe/0x230
[  458.053808][T23896]                             process_scheduled_works+0xae1/0x17b0
[  458.056307][T23896]                             worker_thread+0x8a0/0xda0
[  458.058494][T23896]                             kthread+0x711/0x8a0
[  458.060518][T23896]                             ret_from_fork+0x3fc/0x770
[  458.062703][T23896]                             ret_from_fork_asm+0x1a/0x30
[  458.064927][T23896]    }
[  458.065815][T23896]    ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[  458.068379][T23896]    ... acquired at:
[  458.069679][T23896]    lock_acquire+0x126/0x360
[  458.071168][T23896]    _raw_read_lock+0x36/0x50
[  458.072683][T23896]    send_sigurg+0x12b/0x420
[  458.074150][T23896]    sk_send_sigurg+0x6c/0x2e0
[  458.075692][T23896]    queue_oob+0x420/0x4f0
[  458.077126][T23896]    unix_stream_sendmsg+0xc3f/0xdf0
[  458.078789][T23896]    __sock_sendmsg+0x21c/0x270
[  458.080436][T23896]    ____sys_sendmsg+0x52d/0x830
[  458.082066][T23896]    ___sys_sendmsg+0x21f/0x2a0
[  458.083643][T23896]    __sys_sendmmsg+0x227/0x430
[  458.085185][T23896]    __x64_sys_sendmmsg+0xa0/0xc0
[  458.086803][T23896]    do_syscall_64+0xfa/0x3b0
[  458.088287][T23896]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.090186][T23896] 
[  458.090957][T23896]  -> (&f_owner->lock){....}-{3:3} {
[  458.092616][T23896]     INITIAL USE at:
[  458.093913][T23896]                      lock_acquire+0x126/0x360
[  458.095944][T23896]                      _raw_write_lock_irq+0xa2/0xf0
[  458.098131][T23896]                      __f_setown+0x67/0x370
[  458.100092][T23896]                      generic_setlease+0xd60/0x1240
[  458.102268][T23896]                      fcntl_setlease+0x3a2/0x4c0
[  458.104368][T23896]                      do_fcntl+0x6a9/0x1910
[  458.106256][T23896]                      __se_sys_fcntl+0xc8/0x150
[  458.108242][T23896]                      do_syscall_64+0xfa/0x3b0
[  458.110196][T23896]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.112625][T23896]     INITIAL READ USE at:
[  458.114098][T23896]                           lock_acquire+0x126/0x360
[  458.116244][T23896]                           _raw_read_lock_irqsave+0xaf/0x100
[  458.118675][T23896]                           send_sigio+0x38/0x370
[  458.120817][T23896]                           kill_fasync+0x24d/0x4d0
[  458.122967][T23896]                           lease_break_callback+0x26/0x30
[  458.125290][T23896]                           __break_lease+0x6a5/0x1620
[  458.127452][T23896]                           do_dentry_open+0x8b7/0x13f0
[  458.129665][T23896]                           vfs_open+0x3b/0x340
[  458.131652][T23896]                           dentry_open+0x61/0xa0
[  458.133695][T23896]                           do_mq_open+0x59e/0x780
[  458.135759][T23896]                           __x64_sys_mq_open+0x16a/0x1c0
[  458.137967][T23896]                           do_syscall_64+0xfa/0x3b0
[  458.140089][T23896]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.142666][T23896]   }
[  458.143521][T23896]   ... key      at: [<ffffffff99b23f80>] file_f_owner_allocate.__key+0x0/0x20
[  458.146302][T23896]   ... acquired at:
[  458.147597][T23896]    lock_acquire+0x126/0x360
[  458.149148][T23896]    _raw_read_lock_irqsave+0xaf/0x100
[  458.150945][T23896]    send_sigio+0x38/0x370
[  458.152333][T23896]    kill_fasync+0x24d/0x4d0
[  458.153806][T23896]    lease_break_callback+0x26/0x30
[  458.155451][T23896]    __break_lease+0x6a5/0x1620
[  458.157016][T23896]    do_dentry_open+0x8b7/0x13f0
[  458.158618][T23896]    vfs_open+0x3b/0x340
[  458.159974][T23896]    dentry_open+0x61/0xa0
[  458.161397][T23896]    do_mq_open+0x59e/0x780
[  458.162888][T23896]    __x64_sys_mq_open+0x16a/0x1c0
[  458.164531][T23896]    do_syscall_64+0xfa/0x3b0
[  458.166035][T23896]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.168029][T23896] 
[  458.168840][T23896] -> (&new->fa_lock){....}-{3:3} {
[  458.170539][T23896]    INITIAL USE at:
[  458.171829][T23896]                    lock_acquire+0x126/0x360
[  458.173830][T23896]                    _raw_write_lock_irq+0xa2/0xf0
[  458.175952][T23896]                    fasync_remove_entry+0xf1/0x1c0
[  458.178152][T23896]                    lease_modify+0x1ca/0x3c0
[  458.180082][T23896]                    locks_remove_file+0x4bf/0xea0
[  458.182167][T23896]                    __fput+0x3ab/0xa70
[  458.184046][T23896]                    task_work_run+0x1d4/0x260
[  458.186042][T23896]                    exit_to_user_mode_loop+0xec/0x110
[  458.188225][T23896]                    do_syscall_64+0x2bd/0x3b0
[  458.190180][T23896]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.192546][T23896]    INITIAL READ USE at:
[  458.193941][T23896]                         lock_acquire+0x126/0x360
[  458.196064][T23896]                         _raw_read_lock_irqsave+0xaf/0x100
[  458.198368][T23896]                         kill_fasync+0x199/0x4d0
[  458.200454][T23896]                         lease_break_callback+0x26/0x30
[  458.202641][T23896]                         __break_lease+0x6a5/0x1620
[  458.204759][T23896]                         do_dentry_open+0x8b7/0x13f0
[  458.206928][T23896]                         vfs_open+0x3b/0x340
[  458.208914][T23896]                         dentry_open+0x61/0xa0
[  458.210920][T23896]                         do_mq_open+0x59e/0x780
[  458.212959][T23896]                         __x64_sys_mq_open+0x16a/0x1c0
[  458.215154][T23896]                         do_syscall_64+0xfa/0x3b0
[  458.217223][T23896]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.219715][T23896]  }
[  458.220545][T23896]  ... key      at: [<ffffffff99b23fa0>] fasync_insert_entry.__key+0x0/0x20
[  458.223298][T23896]  ... acquired at:
[  458.224543][T23896]    lock_acquire+0x126/0x360
[  458.226067][T23896]    _raw_read_lock_irqsave+0xaf/0x100
[  458.227818][T23896]    kill_fasync+0x199/0x4d0
[  458.229309][T23896]    evdev_pass_values+0x627/0xbd0
[  458.230960][T23896]    evdev_events+0x1e6/0x340
[  458.232473][T23896]    input_pass_values+0x288/0x890
[  458.234109][T23896]    input_event_dispose+0x330/0x6b0
[  458.235790][T23896]    input_inject_event+0x1dd/0x340
[  458.237397][T23896]    evdev_write+0x2fc/0x480
[  458.238877][T23896]    vfs_write+0x27e/0xa90
[  458.240280][T23896]    ksys_write+0x145/0x250
[  458.241741][T23896]    do_syscall_64+0xfa/0x3b0
[  458.243241][T23896]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.245163][T23896] 
[  458.245971][T23896] 
[  458.245971][T23896] stack backtrace:
[  458.247859][T23896] CPU: 1 UID: 0 PID: 23896 Comm: syz.5.7765 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  458.247870][T23896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  458.247876][T23896] Call Trace:
[  458.247881][T23896]  <TASK>
[  458.247887][T23896]  dump_stack_lvl+0x189/0x250
[  458.247898][T23896]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.247905][T23896]  ? __pfx__printk+0x10/0x10
[  458.247916][T23896]  validate_chain+0x1f05/0x2140
[  458.247928][T23896]  __lock_acquire+0xab9/0xd20
[  458.247939][T23896]  ? kill_fasync+0x199/0x4d0
[  458.247946][T23896]  lock_acquire+0x126/0x360
[  458.247955][T23896]  ? kill_fasync+0x199/0x4d0
[  458.247964][T23896]  _raw_read_lock_irqsave+0xaf/0x100
[  458.247972][T23896]  ? kill_fasync+0x199/0x4d0
[  458.247979][T23896]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[  458.247985][T23896]  ? do_raw_spin_lock+0x121/0x290
[  458.247994][T23896]  kill_fasync+0x199/0x4d0
[  458.248001][T23896]  ? kill_fasync+0x53/0x4d0
[  458.248007][T23896]  evdev_pass_values+0x627/0xbd0
[  458.248016][T23896]  ? evdev_pass_values+0x5e1/0xbd0
[  458.248025][T23896]  evdev_events+0x1e6/0x340
[  458.248032][T23896]  ? evdev_events+0x79/0x340
[  458.248039][T23896]  ? input_pass_values+0x8d/0x890
[  458.248047][T23896]  input_pass_values+0x288/0x890
[  458.248055][T23896]  ? input_handle_event+0x70c/0xf30
[  458.248062][T23896]  input_event_dispose+0x330/0x6b0
[  458.248069][T23896]  input_inject_event+0x1dd/0x340
[  458.248075][T23896]  ? input_inject_event+0xb6/0x340
[  458.248081][T23896]  evdev_write+0x2fc/0x480
[  458.248090][T23896]  ? __pfx_evdev_write+0x10/0x10
[  458.248098][T23896]  ? bpf_lsm_file_permission+0x9/0x20
[  458.248107][T23896]  ? security_file_permission+0x75/0x290
[  458.248116][T23896]  ? rw_verify_area+0x255/0x4d0
[  458.248124][T23896]  ? __lock_acquire+0xab9/0xd20
[  458.248132][T23896]  ? __pfx_evdev_write+0x10/0x10
[  458.248140][T23896]  vfs_write+0x27e/0xa90
[  458.248149][T23896]  ? __pfx_vfs_write+0x10/0x10
[  458.248157][T23896]  ? __fget_files+0x2a/0x420
[  458.248168][T23896]  ? __fget_files+0x2a/0x420
[  458.248176][T23896]  ? __fget_files+0x3a0/0x420
[  458.248185][T23896]  ? __fget_files+0x2a/0x420
[  458.248195][T23896]  ksys_write+0x145/0x250
[  458.248203][T23896]  ? __pfx_ksys_write+0x10/0x10
[  458.248210][T23896]  ? rcu_is_watching+0x15/0xb0
[  458.248217][T23896]  ? do_syscall_64+0xbe/0x3b0
[  458.248226][T23896]  do_syscall_64+0xfa/0x3b0
[  458.248234][T23896]  ? lockdep_hardirqs_on+0x9c/0x150
[  458.248242][T23896]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.248248][T23896]  ? exc_page_fault+0x9f/0xf0
[  458.248255][T23896]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.248262][T23896] RIP: 0033:0x7fcdc878ebe9
[  458.248282][T23896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.248288][T23896] RSP: 002b:00007fcdc9526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  458.248296][T23896] RAX: ffffffffffffffda RBX: 00007fcdc89b5fa0 RCX: 00007fcdc878ebe9
[  458.248301][T23896] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004
[  458.248306][T23896] RBP: 00007fcdc8811e19 R08: 0000000000000000 R09: 0000000000000000
[  458.248310][T23896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  458.248314][T23896] R13: 00007fcdc89b6038 R14: 00007fcdc89b5fa0 R15: 00007ffc565ec888
[  458.248321][T23896]  </TASK>
[  458.255346][T23733] veth0_macvtap: entered promiscuous mode
[  458.256237][    C1] vkms_vblank_simulate: vblank timer overrun
[  458.261078][T23733] veth1_macvtap: entered promiscuous mode
[  458.283130][ T5847] Bluetooth: hci1: command tx timeout
[  458.794348][T12042] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.835018][T12042] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.937142][T12042] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.024041][T12042] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.149262][T12042] bridge_slave_1: left allmulticast mode
[  459.152978][T12042] bridge_slave_1: left promiscuous mode
[  459.155787][T12042] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.160503][T12042] bridge_slave_0: left allmulticast mode
[  459.163332][T12042] bridge_slave_0: left promiscuous mode
[  459.165849][T12042] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.226958][T12042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  459.231922][T12042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  459.235494][T12042] bond0 (unregistering): Released all slaves
[  459.397784][T12042] hsr_slave_0: left promiscuous mode
[  459.399866][T12042] hsr_slave_1: left promiscuous mode
[  459.403970][T12042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  459.408852][T12042] batman_adv: batadv0: Removing interface: batadv_slave_0
[  459.413122][T12042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  459.415750][T12042] batman_adv: batadv0: Removing interface: batadv_slave_1
[  459.421447][T12042] veth1_macvtap: left promiscuous mode
[  459.423591][T12042] veth0_macvtap: left promiscuous mode
[  459.425806][T12042] veth1_vlan: left promiscuous mode
[  459.427879][T12042] veth0_vlan: left promiscuous mode
[  459.524497][    C1] vkms_vblank_simulate: vblank timer overrun
[  459.619109][T12042] team0 (unregistering): Port device team_slave_1 removed
[  459.655748][T12042] team0 (unregistering): Port device team_slave_0 removed
[  460.167904][T12042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  460.172551][T12042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.176190][T12042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 42323 - 0
[  460.224888][T12042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  460.228497][T12042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.232776][T12042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 42323 - 0
[  460.266654][T12042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  460.271185][T12042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.274676][T12042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 42323 - 0
[  460.372955][T12042] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode
[  460.376108][T12042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  460.379543][T12042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.383483][T12042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 42323 - 0
[  460.464103][T12042] bridge_slave_1: left allmulticast mode
[  460.466100][T12042] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.469616][T12042] bridge_slave_0: left allmulticast mode
[  460.473760][T12042] bridge_slave_0: left promiscuous mode
[  460.475787][T12042] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.595591][T12042] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  461.081273][T12042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  461.085279][T12042] bond0 (unregistering): (slave bond6): Releasing backup interface
[  461.088168][T12042] bond0 (unregistering): Released all slaves
[  461.325716][T12042] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[  461.329520][T12042] bond1 (unregistering): Released all slaves
[  461.577544][T12042] bond2 (unregistering): Released all slaves
[  461.582138][T12042] bond3 (unregistering): Released all slaves
[  461.817509][T12042] bond4 (unregistering): Released all slaves
[  461.821687][T12042] bond5 (unregistering): Released all slaves
[  462.065433][T12042] bond6 (unregistering): Released all slaves
[  462.311563][T12042] bond7 (unregistering): Released all slaves
[  462.316905][  T793] wg1 speed is unknown, defaulting to 1000
[  462.318991][  T793] syz0: Port: 1 Link DOWN
[  462.462952][T12042] IPVS: stopping master sync thread 21286 ...
[  462.640723][T12042] dummy0: left promiscuous mode
[  462.645779][T12042] hsr_slave_0: left promiscuous mode
[  462.647936][T12042] hsr_slave_1: left promiscuous mode
[  462.649941][T12042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  462.653256][T12042] batadv0: mtu less than device minimum
[  462.655296][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.659649][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.663875][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.667562][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.671064][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.674567][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.677972][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.681447][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.684895][T12042] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  462.694737][T12042] batman_adv: batadv0: Removing interface: batadv_slave_0
[  462.697850][T12042] batman_adv: batadv0: Interface deactivated: dummy0
[  462.699950][T12042] batman_adv: batadv0: Removing interface: dummy0
[  462.703958][T12042] veth1_macvtap: left promiscuous mode
[  462.705746][T12042] veth0_macvtap: left promiscuous mode
[  462.707500][T12042] veth1_vlan: left promiscuous mode
[  462.709204][T12042] veth0_vlan: left promiscuous mode
[  462.729193][T12042] pim6reg9 (unregistering): left allmulticast mode
[  462.834091][T12042] team0 (unregistering): Port device team_slave_1 removed
[  462.871828][T12042] team0 (unregistering): Port device C removed

VM DIAGNOSIS:
22:59:56  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000000 RBX=ffffea0000efb840 RCX=ffffffff81fb1ebd RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=00fff60000020808 RSP=ffffc900074ff858
R8 =ffffea0000efb847 R9 =1ffffd40001df708 R10=dffffc0000000000 R11=fffff940001df709
R12=00000000ffffffff R13=0000000000000001 R14=00fff60000020808 R15=0000000000020000
RIP=ffffffff81bfb0b0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f1634f06380 ffffffff 00c00000
GS =0000 ffff8880b8623000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f163513d458 CR3=0000000023136000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff00000000 0000000000000000 XMM01=01010100ffffffff ffffffffffffffff
XMM02=6c5f5f0045544156 4952505f4342494c XMM03=0000000000000000 000000000042494c
XMM04=6362696c5f5f0045 5441564952505f43 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000033 RBX=0000000000000033 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000012fa RDI=00000000000012fb RBP=00000000000003f8 RSP=ffffc90006967010
R8 =ffff88801f248237 R9 =1ffff11003e49046 R10=dffffc0000000000 R11=ffffffff854e7660
R12=dffffc0000000000 R13=ffffffff99af28ca R14=ffffffff99de7520 R15=0000000000000000
RIP=ffffffff854e76dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fcdc95266c0 ffffffff 00c00000
GS =0000 ffff8881a3c23000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2fd21ff8 CR3=0000000117d64000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffffffffffffff XMM01=2323232323232323 2323232323232323
XMM02=0000000000000000 0000000000000023 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=ffffffffffffffff ffffffffffffffff XMM05=00007fcdc8987478 00007fcdc89874c0
XMM06=00007fcdc89874b8 00007fcdc89874b0 XMM07=00007fcdc89874a8 00007fcdc89874a0
XMM08=35ca37e6a79f83ce 3c7ffd42c7de4993 XMM09=0000000000000000 00007fcdc8812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
