last executing test programs:

2.701862772s ago: executing program 1 (id=378):
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x200000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})

2.590688688s ago: executing program 2 (id=383):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x1ff, 0x5c, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50)

2.590110008s ago: executing program 2 (id=384):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
exit(0x9)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
unshare(0x2c020400)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0xc, 0x0, 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f0000000500)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r2, 0x351e, 0x483, 0x0, 0x0, 0x0)

1.75940313s ago: executing program 1 (id=387):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x6000000)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020)

1.631477892s ago: executing program 1 (id=390):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4400000010001fff2bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000098120100240012800b00010062726964676500001400028005002c000600010005002b000200000030f0374f"], 0x44}}, 0x4000)

1.46040495s ago: executing program 2 (id=393):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x4, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x7, 0x1, 0x3})

1.36126092s ago: executing program 1 (id=395):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r3)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000000906010200000c0000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe8000000000000000000000000000bb060004404e1f00000500070088"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c00000003060101000000000000000001000000050001000700"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000)

1.300025161s ago: executing program 2 (id=397):
r0 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
io_uring_setup(0x6d0d, &(0x7f0000000180)={0x0, 0x65f, 0x0, 0x10000001})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='\t'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x82d3a, 0x0, 0x0, 0x0, 0x0)

1.299062006s ago: executing program 1 (id=398):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_mount_image$udf(&(0x7f0000000500), &(0x7f00000000c0)='./file3\x00', 0x0, &(0x7f0000000700)=ANY=[], 0x3, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c0000000a000000000000000000000b02000000000000000300000d000000000300000003000000000000000300000004000000030000000000000000000005000000000000"], 0x0, 0x5e, 0x0, 0x1}, 0x28)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x3e, 0x10b, 0xfffffffc, 0x25dfdbfd, {0x4, 0x7c}, [@nested={0x8, 0x136, 0x0, 0x1, [@typed={0x4, 0x2, 0x0, 0x0, @binary}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
write$UHID_INPUT(r3, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006)
r4 = fanotify_init(0x200, 0x0)
ptrace$peeksig(0x4209, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x2}, &(0x7f0000000140)=[{}, {}])
fanotify_mark(r4, 0x39, 0x1a, r0, 0x0)
fanotify_mark(r4, 0x1, 0x4800003e, r0, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, 0x0, 0x4, 0x0, 0x0, 0x90eb, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc4c85513, &(0x7f0000000540)={{0x4, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x400, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x200, 0x20000, 0x40000000000, 0x801, 0x40, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x3, 0x0, 0x100000001]})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)

1.20058127s ago: executing program 2 (id=400):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x437, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40800}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x3, 0x84}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0xad7}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000015}, 0x0)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000540)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x78]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@nossd}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x37, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, 0x0)
write$bt_hci(r1, &(0x7f0000000080)=ANY=[], 0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000640)={{0x1, 0x1, 0x18, <r4=>r2}, './file1\x00'})
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40186e8d, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r5, 0x3, 0x0)
getdents64(r5, 0x0, 0x22)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="87200000fe000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000440)={0x2, 0x2, 0x7435}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000680)=[0xffffffffffffffff, r3, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, r5, 0x1], &(0x7f00000006c0)=[{0x1, 0x4, 0x2, 0xab72e454178b3e40}, {0x2, 0x2, 0x7, 0x7}, {0x2, 0x3, 0x3, 0x3}, {0x3, 0x2, 0x9}, {0x5, 0x1, 0x1, 0x1}, {0x3, 0x1, 0xa, 0x2}], 0x10, 0x300}, 0x94)
mkdir(&(0x7f0000000100)='./bus\x00', 0xff)
r6 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r6, 0x80044940, &(0x7f0000001fc0)={0x0, ""/256, <r7=>0x0, <r8=>0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, <r9=>0x0, <r10=>0x0, <r11=>0x0})
syz_mount_image$msdos(&(0x7f00000003c0), &(0x7f0000000340)='.\x00', 0x126a4b5, &(0x7f00000021c0)=ANY=[@ANYRES16=r11, @ANYRES64=r9, @ANYRES8=r0, @ANYRES16=r11, @ANYRESDEC=r10, @ANYRES16=r8, @ANYRES16, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRESHEX=0x0, @ANYRES32=r7], 0x5, 0x0, &(0x7f0000000000))
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001280)=ANY=[@ANYBLOB='D'], 0x4c}}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)

751.417309ms ago: executing program 1 (id=406):
syz_mount_image$jfs(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x1010006, &(0x7f00000002c0)={[{@quota}, {@noquota}, {@nointegrity}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp863'}}, {@noquota}, {@gid}, {@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@uid={'uid', 0x3d, 0xee01}}]}, 0x24, 0x61b6, &(0x7f00000075c0)="$eJzs3cuOHFcZB/Cv+jYXE8fKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgixJIVD5AFW3Y8AJZsJFAWKIVq5pxxTaV7esb2dHW7fj9pXPX1qZo+5X9XX6aq+gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/8wY/PFRFx5VfphhMRn4t+RC9iparXImJl7UR9nRdiuzmej4jhUkS1/vY/z0a8HhEfH4+4/+DOenXz+QP24/t//scffnLsR3//0/DMf/9yq//GpOVu3/7tf/5699G3FwAAALqoLMuySB/zT0bEIH22BwCefvn1v0zy7eq5qzfnrD9qtVqtXsC6rhzvbr2IiM36OtV7BofjAWDBbMYnbXeBFsm/0wYRcaztTgBzrWi7AxyJ+w/urBcp36L+erC2057PBdmT/2axe33HpOk0zXNMZvX42op+PDehPysz6sM8yfn3mvlf2WkfpeWOOv9ZmZT/aOfSp87J+feb+Tc8Pfn3xubfVTn/waHy78sfAAAAAADmWP77/4mWj/8uPf6mHMh+x3/XZtQHAAAAAAAAAHjSDjv+36Ax/t8u4/8BAADA3Ko+q1d+d/zhbZO+i626/XIR8UxjeaBj0sUyq233AwAAAAAAAAAAAAC6ZLBzDu/lImIYEc+srpZlWf3UNevDetz1F13Xtx+6rO0neQAA2PHx8ca1/EXEckRcTt/1N1xdXS3L5ZXVcrVcWcrvZ0dLy+VK7XNtnla3LY0O8IZ4MCqrX7ZcW69u2uflae3N31fd16jsH6Bjs9Fi4AAQETuvRvcnvSL9z+vVYirLZ6PlNzksiH32fxaU/Z+DaPtxCgAAABy9sizLIn2d98l0zL/XdqcAgJnIr//N4wJqtVqtVqufvrquHO9uvYiIzfo61XsGw/EDwILZjE/a7gItkn+nDSLihbY7Acy1ou0OcCTuP7izXqR8i/rrQRrfPZ8Lsif/zWJ7vbz+uOk0zXNMZvX42op+PDehP8/PqA/zJOffa+Z/Zad9lJZ7/PzLPX8mbOsco0n5V9t5ooX+tC3n32/m33DU+/+sbEVvbP5dlfMfHCr/vvwBAAAAAGCO5b//n5ir47+jR92cqfY7/rs2do2j6wsAAAAAAAAAPCn3H9xZz9e95uP/XxiznOs/n045/0L+nZTz7zXy/2pjuX5t/t7bD/P/94M763+89a/P5+lB81/KM0V6ZBXpEVGkeyoGafo4W/dZW8P+qLqnYdHrD9I5P+Xw3bgW12Mjzu5Ztpf+Px62n9vTXvV0uN1e9nfaz+9pH+y25/Uv7GkfprOLypXcfjrW4+dxPd7Zbq/alqZs//KU9nJKe86/b//vpJz/oPZT5b+a2ovGtHLvo95n9vv6dNz9vHXti785e/SbM9VW9He3ra7avpda6M/2/8mxUfzy5saN07ev3rp141ykyZ5bz0eaPGE5/2H62X3+f3mnPT/v1/fXex+NDp3/vNiKwcT8X67NV9v7yoz71oac/yj95PzfSe3j9/9Fzn/y/v9qC/0BAAAAAAAAAAAAAACA/ZRluX2J6FsRcTFd/9PWtZkAwGzl1/8yybfPqu7P+P7U6gWviznrz0zrT8v56o9avYh1XTnem/UiIv5WX6d6z/Drcb8MAJhnn0bEP9vuBK2Rf4fl7/urpqfa7gwwUzc/+PCnV69f37hxs+2eAAAAAAAAAACPKo//uVYb//lUWZZ3G8vtGf/17Vh73PE/B3lmd4DRCQNV9w+/TfvZ6o36vdpw4y/GpPG/h7tz+43/PZhyf8Mp7aMp7UtT2pentI+90KMm5/9ibbzzUxFxsjH8ehfGf22Oed8FOf+Xao/nKv+vNJar51/+fpHz7+3J/8yt939x5uYHH7527f2r7228t/GzC+fOnb1w8eKlS5fOvHvt+sbZnX9b7PHRyvnnsa+dB9otOf+cufy7Jef/pVTLv1ty/l9Otfy7Jeef3+/Jv1ty/vmzj/y7Jef/Sqrl3y05/6+lWv7dkvN/NdXy75ac/9dTLf9uyfm/lmr5d0vO/3Sq5d8tOf8zqT5g/itH3S9mI+efj3DZ/7sl55/PbJB/t+T8z6da/t2S87+Qavl3S87/9VTLv1ty/t9Itfy7Jed/MdXy75ac/zdTLf9uyflfSrX8uyXn/61Uy79bcv7fTrX8uyXn/0aq5d8tOf/vpFr+3ZLz/26q5d8tOf/vpVr+3ZLzfzPV8u+Wh9//b8aMGTN5pu1nJgAAAAAAAAAAAACgaRanE7e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkaus74f+Jl989qBxEDI38nfwMYxISSb7NpO/EKbYsJrw1sJhEJfsF3v2iz4Da9dAo1k00CJhFFRRdtw0RYQanNTkQsuaAUoF6gVUiVoL+gNokLlIqoCCkiVaAXZas55nmdnZmdndu3x+sw5n4+U/LIzZ+acOXPm7H53850BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNWtr5//dCPLsuY/+b+2ZtkLmv+9eWprftlrrvUWAgAAAFfqV/m/n7shXXBwDTdqWeafX/7dry0tLS1l7xv98/HPLy2lK6aybHxTluXXRU/96P2N1mWCx7LJxkjL1yN9Vj/a5/qxPteP97l+os/1m/pcP9nn+hU7YIXNxe9j8jvbmf/n1mKXZjdm4/l1O7vc6rHGppGR+LucXCO/zdL4sWwhO5HNZ7NtyxfLNvLlv3Frc11vyeK6RlrWtb15hPzs0aNxGxphH+9sW9fyfUY/eV029fOfPXr0b889e3O32Xc3tN1fsZ137Ghu5yfDJcW2NrJNaZ/E7Rxp2c7tXZ6T0bbtbOS3a/5353Y+t8btHF3ezA3V+ZxPZiP5f38v309jrb/WS/tpe7jsF7dlWXZxebM7l1mxrmwk29J2ycjy8zNZHJHN+2geSi/OxtZ1nN66huO0Oed2th+nna+J+PzfGm43tso2tD5NP/nERMvz/sulyzlOo+ajXu210nkMDvq1UpZjMB4X38sf9ONdj8Gd4fE/evvqx2DXY6fLMZged8sxuKPfMTgyMZpvc3oSGvltlo/BXW3Lj+ZrauTzmdt7H4Mz506emVn82MfvXjh55Pj88flTe3btmt2zd+/+/ftnji2cmJ8t/n2Ze7v8tmQj6TWwI+y7+Bp4VceyrYfq0pcmVpx/L/d1ONnjdbi1Y9lBvw7HOh9cY2NekCuP6eK18Z7mTp+8NJKt8hrLn587r/x1mB53y+twrOV12PV7SpfX4dgaXofNZc7cubafWcZa/um2Dat/L7iyY3BryzHY+fNI5zE46J9HynIMTobj4gd3rv69YHvY3sen1/vzyOiKYzA93HDuaV6Sft6f3J+PbsflLc0rrpvIzi/On73nkSPnzp3dlYWxIV7Scqx0Hq9bWh5TtuJ4HVn38Xpw4eWP39Ll8q1hX03e3fzX5KrPVXOZe+/p/Vzl392678+2S3dnYQzYRu/Pbt/Nm/tzIsu+8O1PPPTNR7/w+lX3ZzNvfnLmyn8WT7m05fw7vsr5N+b+54v1pbt6bHR8rHj9jqa9M952Pm5/qsbyc1cjX/dzM2s7H4+Hfzb6fHxjj/Pxto5lB30+Hu98cPF83Oj3244r0/l8Tobj5MRs7/Nxc5ltu9d7TI71PB/fFmYj7P9Xh6SQclHLsbPacZvWNTY2Hh7XWFxD+3G6p2358ZDNmut6cnf4oTBt5dqO0ztuK5YfbbldtFHH6VTHsoM+TtPvvlY7Thv9fvt2eTqfz8lwXNy4p/dx2lzm6Xuv/Ny5Of5ny7lzot8xOD460dzm8XQQ5uf7bGlzPAbvyY5mp7MT2Vx+7UR+PDXydU3ft7Zz5UT4Z6PPldt6HIN3dCw76GMwfR9b7dhrjK188APQ+XxOhuPiift6H4PNZd6wb7A/u94RLknLtPzs2vn7tdV+53VLx266WsfKWNjOb+/r/bvZ5jIn9q83Z/beT3eFS67rsp86X7+rvabmso3ZT9vCdj67f/X91Nye5jKfP7DG4+lglmUXPvJA/vve8PeVC+e//7W2v7t0+5vOhY888NMXHvun9Ww/AMPv+WJsKb7Xtfxlai1//wcAAACGQsz9I2Em8j8AAABURsz98f8KT+R/AAAAqIyY+8fCTKqQ//+4/yLb3vDswvMXstTMXwri9Wk3PFgsFzuus+HrqaVlzcsf+Mr8f//jhbVt3kiWZb988I+6Lr/twbhdhamwnU+9sf3yFb5295rWffjhC2m9rf31L4b7j49nrYdBtwrubJZl37jhs/l6pt5/KZ9PP3g4nw9dfPyx5jLPHSi+jrd/5iXF8n8Vyr8Hjx1pu/0zYT/8OMzZt3bfH/F2X7306u373ru8vni7xo7r84f9xAeK+43vk/O5x4rl435ebfu/+Zknv9pc/pFXdt/+CyPdt//JcL9fCfN/XlYs3/ocNL+Ot/tU2P64vni7e778ra7b/9Sni+XPvKlY7nCYcf13hK93vunZhdb99UjjSNvjyt5cLBfXP/v9P82vj/cX779z+ycPXWrbH53Hx9P/VtzPTMfy8fK4nugfOtbfvJ/W4zOu/8k/Ody2n/ut/6mHnnlZ8347139Xx3JnPnJnvv7l+2t/x6a//tRnu64vbs/Bvz/T9ngOviu8jsP6n/hAOB7D9f/7VHF/ne+ucPhd7eefuPwXt15oezzRW35erP+p1x7P56bJzVuue8ELr7/4iua+y7LvbSrur9/6j//N6bbt/9JNxf6I18eOfuf6VxPXf/aj06dOL55fmEt79dEb8vfOeVuxPXF7bwjn1s6vD50+98H5s1OzU7NZNlXdt9C7bF8O86fFuNh76aUVZ9A7Hw7P5y1/+Y0tt//rZ+Ll//6e4vJLby2+b70qLPe5cPnW8Pytb/0rPXHrTfnru/F02MKlle8XfCW27/yv/WtaMDz+zp8L4vF+5qUfzPdD87r8+0Z8XV/h9v9wrrifr4f9uhTemXnHTcvra10+vjfCpXcXr/cr3n/hNBef178Lz/fbf1zcf9yu+Hh/GH6O+da29vNdPD6+fmGk8/7zd/G4GM4n2cXi+rhU3N+Xnrup6+bF9yHJLt6cf/1n6X5uXtfDXM3ixxZnTiycOv/IzLn5xXMzix/7+KGTp8+fOncofy/PQx/qd/vl89OW/Pw0N7/33iw/W50uxlV2rbf/zMNH5/bN3j43f+zI+WPnHj4zf/b40cXFo/Nzi7cfOXZs/qP9br8wd/+u3Qf27Ns9fXxh7v79Bw7sOTC9cOp0czOKjepj7+yHp0+dPZTfZPH+ew/suu++e2enT56em79/3+zs9Pl+t8+/N003b/2H02fnTxw5t3Byfnpx4ePz9+86sHfv7r7vBnjyzLHFqZmz50/NnF+cPztTPJapc/nFze99/W5PNS3+R/HzbKdG8UZ82Tvv2pven7XpK59Y9a6KRTreQPTZ8F4033nRmf1r+Trm/vEwkyrkfwAAACAXc/9EmIn8DwAAAJURc/+mMBP5HwAAACoj5v7JMNP/ElCT/F+5/v+2C2tav/6//n/r/tL/r1n//91l6/8X5wv9/8G40v69/n+g/6//r/+v/6//zwCUrf8fc//mLPP3fwAAAKiomPu3hJnI/wAAAFAZMfdfF2Yi/wMAAEBlxNz/gjCTmuR//X/9f/1//X/9/+7r1/8fTvr/ven/96H/P5PVq/9/cZDbfw36/5tbv9D/p4zK1v+Puf+FYSY1yf8AAABQBzH3Xx9mIv8DAABAZcTcf0OYifwPAAAAlRFz/9Ywk5rkf/3/K+r/p86V/n/79uv/t9P/D8eD/r/+/wbQ/+9N/78P/X+f/z9c/f82+v+UUdn6/zH3vyjMpCb5HwAAAOog5v4Xh5nI/wAAAFA+Y5d3s5j7XxJmsiL/X+YKAAAAgGsu5v4bs44ieE3+/q//7/P/9f/1//X/u69/7f3/0Uz/vzz0/3vT/+9D/1//X/9f/5+BKlv/P8/92WT20jCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7v9/YSbyPwAAAFRGzP3bwkxqkv/1/yvT//9F61On/6//32v9+v8+/7/K9P970//vQ/9f/1//X/+fgSpb/z/m/pvDTGqS/wEAAKAOYu6/JcxE/gcAAIDKiLn//4eZyP8AAABQGTH3bw8zqUn+1/8vef8/Nkd9/r/+v/5/Kfv/k/r/paP/35v+fx/6//r/+v/6/wxU2fr/Mfe/LMykJvkfAAAA6iDm/peHmcj/AAAAUBkx978izET+BwAAgMqIuX8qzKQm+X89/f/GRf3/1Vzlz/+fWMPn/7fR/9f/77V+/X+f/19l+v+96f/3of+v/6//r//PQJWt/x9z/61hJjXJ/wAAAFAHMffvCDOR/wEAAKAyYu6/LcxE/gcAAIDKiLl/Z5hJTfK/z/8fiv5/pv+v/6//r/+v/782+v+96f/3of+v/6//r//PQJWt/x9z/yvDTGqS/wEAAKAOYu6/PcxE/gcAAIDKiLn/VWEm8j8AAABURsz9d4SZ1CT/6//r/+v/6//r/3dfv/7/cNL/703/vw/9f/1//X/9fwaqbP3/mPtfHWZSk/wPAAAAdRBz/51hJvI/AAAAVEbM/XeFmcj/AAAAUBkx90+HmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j77w4zqUn+BwAAgDqIuf+eMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJOa5H/9f/1//X/9/3X1/1+xfL/6/wX9/3LR/+9N/78P/X/9/2ve/x/X/6dSytb/j7l/V5hJTfI/AAAA1EHM/bvDTOR/AAAAqIyY+/eEmcj/AAAAUBkx998bZlKT/K//r/+v/6//7/P/u69f/3846f/3Nvj+f3yI+v/6//r/Pv9f/5+Vytb/j7n/vjCTmuR/AAAAqIOY+/eGmcj/AAAAUBkx9+8LM5H/AQAAoDJi7t8fZlKT/K//r/+v/6//r//fff36/8NJ/783n//fh/6//v8Q9/+bx5b+P2VTtv5/zP0Hwkxqkv8BAACgDmLuf02YifwPAAAAlRFz/6+Fmcj/AAAAUBkx9/96mElN8r/+v/6//r/+f9n7/xP6//r/66D/35v+fx/6//r/Q9z/9/n/lFHZ+v8x998fZlKT/A8AAAB1EHP/b4SZyP8AAABQGTH3vzbMRP4HAACAyoi5/2CYSU3yv/7/BvX/44X6//r/+v8+/1///6rS/+9N/78P/X/9f/1//X8Gqmz9/5j7XxdmUpP8DwAAAHUQc/8DYSbyPwAAAFRGzP2vDzOR/wEAAKAyYu5/Q5hJTfK//r/P/7/2/f/xtm3X/1++nf5/Qf9f/3899P970//vQ/9f/1//X/+fgSpb/z/m/jeGmdQk/wMAAEAdxNz/pjAT+R8AAAAqI+b+N4eZyP8AAABQGTH3vyXMpCb5X/9f///a9/99/r/+f0H/X/9/EPT/e9P/70P/X/9f/1//n4EqW/8/5v7fDDOpSf4HAACAOoi5/8EwE/kfAAAAKiPm/reGmcj/AAAAUBkx978tzKQm+V//X/9f/1//X/+/+/r1/4eT/n9vQ9b//9X14XL9/4L+f7m3f739/7GOr69K//9Hq/X/lzZ13l7/n6uhbP3/mPvfHmZSk/wPAAAAdRBz/zvCTOR/AAAAqIyY+98ZZiL/AwAAQGXE3P9bYSY1yf/6/83tWG4v6//r/+cX6P/r/+v/Dy39/96GrP/v8/876P+Xe/t9/r/+PyuVrf8fc/+7wkxqkv8BAACgDmLufyjMRP4HAACAyoi5/91hJvI/AAAAVEbM/e8JM6lJ/tf/9/n/+v/6//r/3dev/z+c9P970//vQ/9f/79s/f//1P9nuJWt/x9z/8NhJjXJ/wAAAFAHMfe/N8xE/gcAAIDKiLn/t8NM5H8AAACojJj73xdmUpP8r/8/LP3/Kf3/dfb/J8Jl+v/6//r/9aL/35v+fx/6//r/Zev/+/x/hlzZ+v8x978/zGTt+X9yzUsCAAAA10TM/b8TZlKTv/8DAABAHcTc/7thJvI/AAAAVEbM/b8XZlKT/K//Pyz9f5//n/n8f/3/jsej/6//383G9f/jmUf/X/9f/z/S/9f/1/+nU9n6/zH3/36YSU3yPwAAANRBzP0fCDOR/wEAAGAodPt/sjvF3H8ozET+BwAAgMqIuf9wmElN8r/+v/6//n9J+/9/seNffvDddxzepf+v/6//vy4b+vn/zRe/z//X/9f/T/T/9f/1/+lUtv5/zP1HwkyWg9/bfMA/AAAADLeY+/8gzKQmf/8HAACAOoi5/2iYifwPAAAAlRFz/1yYSU3yv/6//r/+f0n7/0P8+f9xfwxT/3960xD1/+NJV/+/qw3t/793uSeu/7/e/v9E10s7+/8N/f82+v/r3v7vZFmm/6//zzVUtv5/zP3zYSY1yf8AAABQByH3jxwr5vIV8j8AAABURsz9x8NM5H8AAACojJj7PxhmUpP8r/+v/6//r//v8/+7r7+0/X+f/9+T/n9v5en/d+fz//X/h3n79f/1/1mpbP3/mPsXwkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/4fDTOR/AAAAqIyY+0+EmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j7T4aZ1CT/AwAAQB3E3H8qzOT/2LuPJsvq847jt3FTzBQb77zwwt77JbAwa/sFeMHGC7vK5YWxjXNicI4454BtJRRQAAmhhHICJSSUhSSUc0AZSTUqmOd5Znr69LndM7e7z/0/n89CDzSMzkU1BfrRfDn2PwAAAAwjd//NcYv9DwAAAMPI3f/LcUuT/a//1/8P2///pP7/oOfr//X/I9P/z9P/r6H/1//r//X/bNTS+v/c/b8StzTZ/wAAANBB7v5fjVvsfwAAABhG7v5b4hb7HwAAAIaRu//X4pYm+/+y/n9n1bP/z4xX/z9S/+/9/wc+X/+v/x/Zyfb/tz3xZz79v/5f/x/0//p//T+XW1r/n7v/1+OWJvsfAAAAOsjd/xtxi/0PAAAAw8jd/5txi/0PAAAAw8jd/1txS5P97/3/3v+v/9f/6/+nn6//307e/z+vU/9/y8PX/9Jj9/7ofUd5vv5f/6//1/+zWUvr/3P3/3bc0mT/AwAAQAe5+38nbrH/AQAAYBi5+383brH/AQAAYAudnfxq7v7fi1ua7H/9v/5f/x/9/xn9v/5f/z8C/f+8Tv3/lTxf/6//1//r/9mspfX/uft/P25psv8BAACgg9z9fxC32P8AAACwXFP/IPaM3P23xi32PwAAAAwjd/+5uKXJ/tf/H3///339/3b0/97/r//X/w9B/z9P/7+G/l//r//X/7NRS+v/c/ffFrc02f8AAADQQe7+P4xb7H8AAAAYRu7+P4pb7H8AAAAYRu7+P45bmux//b/3/+v/9f/6/+nn6/+3k/5/nv5/Df3/1fbz1+r/9f/6fy51xP7/8Zk/bW+k/8/d/ydxS5P9DwAAAB3k7v/TuMX+BwAAgGHk7v+zuMX+BwAAgGHk7v/zuKXJ/tf/6//1//r/K+7/9//Ue5L+f5r+/2To/+ctpv/f2Z38sv5/6/t/7//X/+v/2WNp7//P3f8XcUuT/Q8AAAAd5O7/y7hlZv8f+W/mAwAAAKcqd/9fxS2+/w8AAABbL6uz3P1/Hbc02f/6f/2//l//7/3/08+f6//vu+Tz6f+XRf8/bzH9/wH0//r/bf78+n/9P/strf/P3f83cUuT/Q8AAAAd5O6/PW6x/wEAAGAYufv/Nm6x/wEAAGAYufv/Lm5psv+n+/+Lv13/fzj6/72fX/8//fNjU/1//jfq/2f7/xu9/78n/f88/f8a+n/9v/7/oP7/7Lofr/9nytL6/9z9fx+3NNn/AAAA0EHu/n+IW+x/AAAAGEbu/n+MW+x/AAAAGEbu/n+KW5rsf+//1//r/7ev//f+/wtO8/3/qxPv/3f1/4ek/5+n/19D/6//1//Pv/9/5t8CoP9nytL6/9z9/xy3NNn/AAAA0EHu/n+JW+x/AAAA2A6X/rMDl/8DpSF3/7/GLfY/AAAADCN3/7/FLePs/9l3der/9f/6f/2//n/6+cvq/73//7D0//P0/2vo/4+jn98drP+/46Afv4T+/9bj7v9n6P+Zsqf/v//i10+r/8/d/+9xyzj7HwAAANrL3f8fcYv9DwAAAMPI3f+fcYv9DwAAAMPI3f9fcUuT/X/s/f/Mv31A/6//1//r//X/+v9N0//P0/+vof/3/n/v/9f/s1F7+v9LnFb/n7v/v+OWJvsfAAAAOsjd/z9xi/0PAAAAw8jdf0fcYv8DAADAMHL3/2/c0mT/e/+//l//r//X/08/X/+/na6qv79G/1/0//p//b/+X//PBiyt/8/d/39xS5P9DwAAAB3k7v//uMX+BwAAgGHk7n9K3GL/AwAAwDBy9z81bmmy//X/x9v/59f1//r/lf5f/6//PxFt3/+/M/VXov0O6P8f/IVzP733K/p//b/+X/+v/+eQfnjmty2i/z9/8f9d5u5/WtzSZP8DAABAB7n7nx632P8AAAAwjNz9z4hb7H8AAAAYRu7+O+OWI+7/ueZhyfT/3v+v/9f/6/+nn6//305t+/9D8v7/NfT/+n/9v/6fjVpE/3/Jr+fuf2bc4vv/AAAAMIzc/c+KW+x/AAAAGEbu/mfHLfY/AAAADCN3/3Pilib7X/+v/9f/6//1/9PP1/9vJ/3/PP3/GtvU/995Ff3/7vSXT7ufv1qn/fn1//p/9lta/5+7/664pcn+BwAAgA5y9z83brH/AQAAYBi5+58Xt9j/AAAAMIzc/c+PW5rsf/2//l//r//X/08/X/+/nfT/8/T/q9Xq7pkPMNX/n79umf2/9/8v7vPr//X/7Le0/j93/wvilib7HwAAADrI3X933GL/AwAAwDBy998Tt9j/AAAAMIzc/S+MW5rsf/2//l//r//X/08/X/+/nfT/8/T/a2zT+//1/4v7/Pp//T/7La3/z93/orilyf4HAACADnL33xu32P8AAAAwjNz9L45b7H8AAAAYRu7+++KWJvtf/6//1//r//X/08/X/2+n4+v/V/p//b/+fw39v/5f/8/lltb/5+5/SdzSZP8DAABAB7n7Xxq32P8AAAAwjNz9L4tb7H8AAAAYRu7+l8ctTfa//l//r//X/+v/p5+v/99O3v8/T/+/hv5f/6//1/+zUdP9/62n1v/n7n9F3NJk/wMAAEAHufvvj1vsfwAAABhG7v5Xxi32PwAAAAwjd/+r4pYm+1//r//f2/+vVvp//b/+/4IT6P/PrPT/G6f/n6f/X0P/P2b/f81qoP7/7IE/Xv/PEi3t/f+5+18dtzTZ/wAAANBB7v7XxC32PwAAAAwjd/9r4xb7HwAAAIaRu/91cUuT/a//1/97/7/+X/8//Xzv/99O+v95+v819P9j9v/e/6//59Qsrf/P3f/6uKXJ/gcAAIAOcve/IW6x/wEAAGAYufvfGLfY/wAAADCM3P1vilua7H/9v/5f/6//1/9PP1//v530//P0/2vo//X/+n/9Pxu1tP4/d/+b45Ym+x8AAAA6yN3/QNxi/wMAAMAwcvc/GLfY/wAAADCM3P1viVua7H/9v/5f/7+d/f8Z/b/+X/8/aSn9/w03/NRD+n/9v/5f/6//1/93t7T+P3f/W+OWJvsfAAAAOsjd/7a4xf4HAACAYeTuf3vcYv8DAADAMHL3vyNuabL/9/f/164uFKoXTPX/0ajp/y+h/9/7+fX/0z8/vP9f/6//P35L6f+9///KPr/+X/+/zZ//SP3/j+//8fp/RrS0/j93/0NxS5P9DwAAAB3k7n9n3GL/AwAAwDBy978rbrH/AQAAYBi5+x+OW5rsf+//1//r//X/+v/p5+v/t5P+f57+fw39v/7f+/9v/rkf0v+zOUvr/3P3vztuabL/AQAAoIPc/e+JW+x/AAAAGEbu/vfGLfY/AAAADCN3//vilib7X/+v/9f/6//1/9PP1/9vJ/3/PP1/ufwP7YI+/f+ZqS+edj9/tU778w/T/3v/Pxu0tP4/d//745Ym+x8AAAA6yN3/gbjF/gcAAIBh5O7/YNxi/wMAAMAwcvd/KG5psv/1//r/8fv/n9X/X/Z8/b/+f2T6//wr+jT9/xp9+v9Jp93Pb/vn1//r/9lvaf1/7v5H4pYm+x8AAAA6yN3/4bjF/gcAAIBh5O7/SNxi/wMAAMAwcvd/NG5psv/1/736/51Vx/7f+//1//r/TvT/8/T/a+j/9f/6f/0/G7W0/j93/6M7uy33PwAAAGyrn/mJX3zksL/vo0/+55nVx+KWG1fnD/ltbAAAAGDhntj9O7ur1cef/DXf/wcAAIAR5e7/RNzSZP/r/3v1/z3f/6//1//r/zvR/8/T/6+h/9f/6//1/2zU0vr/3P2fjFsuGX67R/6jBAAAAJYkd/+n4pYm3/8HAACADnL3fzpu2bf//esAAQAAYFvl7v9M3NLk+//6/4X3/6tj6v/j99P/X6D/1/9PPV//v530//Ousv8/v6P/1//P0P/r//X/XG5p/X/u/s/GLU32PwAAAAxqz99RyN3/ubjF/gcAAIBh5O7/fNxi/wMAAMAwcvd/IW5psv/1/yfe/2eqfozv/z9bv+T9/837/9vPTD5f/6//H5n+f573/6+h/x+l/79O/6//ZxmW1v/n7v9i3NJk/wMAAEAHufu/FLfY/wAAADCM3P1fjlvsfwAAABhG7v6vxC1N9r/+f+Hv/7+i/v8Q7//X//fo/w94/jj9/49cf+6Bm37+nrv0/1x0kv1//lzQ/+v/9f8XLKj/9/5//T8Lsfn+f3fPF4/a/+fu/2rc0mT/AwAAQAe5+x+LW+x/AAAAGEbu/q/FLfY/AAAADCN3/9fjlib7X/+v/19K/5//W59C/3/uivv/s6vV6lT6/2yKu/f/3v+v/9/P+//n6f/X0P/r//X/+n82avP9/94vHrX/z93/jbilyf4HAACADnL3fzNuyf2/c+S/dQ8AAAAsTO7+b8Utvv8PAAAAw8jd/+24pcn+1//r/5fS/yfv/7/448Z6//9NFaf27P9/rH5J/3+89P/z9P9r6P/1//p//T8btbT+P3f/d+KWJvsfAAAAOsjd/3jcYv8DAADAMHL3fzdusf8BAABgGLn7vxe3NNn/+v9R+/8s4vX/+v+l9P/e/+/9/ydD/z9P/7+G/l//r//X/7NRS+v/c/f/IAAA//9GqnSo")
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0))
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000a00)='./bus/file0\x00')

612.939567ms ago: executing program 0 (id=407):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=@can_newroute={0x14c, 0x18, 0x1, 0x0, 0x25dfdbfb, {}, [@CGW_MOD_SET={0x15, 0x4, {{{0x1, 0x1}, 0x3, 0x0, 0x0, 0x0, "0002d1e4bdfc77e4"}, 0x2}}, @CGW_CS_CRC8={0x11e, 0x6, {0xfd, 0x7e, 0x0, 0x0, 0x0, "71ec6d721744cd5200080000f8cfcad4c4ec6511ec00005028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8d5bde7a5e405bdc893770338925f824bd24689c0d11afc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c00", 0x0, "5c8d586b2a88d81866930fca15c8a95d29e5b2ea"}}]}, 0x14c}}, 0x0)

461.6896ms ago: executing program 0 (id=408):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000280)='./file0\x00', 0x8d0, &(0x7f0000000140)={[{@fat=@sys_immutable}]}, 0x1, 0x25f, &(0x7f0000000840)="$eJzs3cFqE0EYB/Av2zSJvdizeFjw4qmobxAkghgQInvQk4HqpRVhe1k95TF8Bh/Jx8ipt0i7wbSpllqSTpP9/SDsx/4Z8s1lJ4GZ5OPjL0eHX08+z379iF6WRztiEqcR+5HFTtRa82t2XnfiokkAAJtmNBr3U/fACrWu3irL/ng3IrpXkuLn3TQFAAAAAAAAAADAql3a/9+z/x8AmsD+/+1Xlv3x3vzz22X2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpnM5mD2fXvFL3BwCs3tn6n1n/AaBRfP8HgOa52fqfpW4TAFihd+8/vOlnMRjleS9iOqmKqqivdf7q9XDwLD/XWYyaVlWxO6+Hg+d1ni/ne/PxL/6ad+Lpkzo/y16+HS7l3Thc9+QBAAAAAAAAAAAAAAAAAADgnjjI/9hf3J1WVbFT5wf/yuvqwu8DLJ3fb8ej9p1NAwAAAAAAAAAAAAAAAAAAADbaybfvR+Pj40/lFhadiLgHbWxg8SBuMaoXa26sG7Hut2hW0Wpf8wRI/WQCAAAAAAAAAAAAAAAAAIDmWRz6Td0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKSz+P//mxb/Pyr1HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBm+B0AAP//Ai+I5w==")
syz_io_uring_submit(0x0, 0x0, 0x0)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff, 0x100)

361.554229ms ago: executing program 0 (id=409):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000009, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r0, 0x6, 0x5, 0x0, &(0x7f00000009c0))

311.207047ms ago: executing program 2 (id=410):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0xa00000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nobh}, {@nogrpid}, {@noauto_da_alloc}, {@grpquota}]}, 0x3, 0x57a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbDb9rU2hFPUggR6s1G6axB8VhNajaLGg97ok21Cy6ZbspjSx0PZgD3qRIohYEP8A7x6L/4B/RUELRUrQg5eV2cy2a7Kbn2s3dT4fmPa9mdl+5+2b79s3M7s0gNwaTf8oRLwcEV8nEYc7thUj2zi6st/y4xtT6ZJEs/nJH0kk2br2/kn298Gs8lJE/PJFxMnC2rj1xaXZcrVamc/qY425q2P1xaVTl+fKM5WZypWJyckzb01OvPvO231r6+sX/vru4/sfnPnq+PK3Pz08cjeJc3Eo29bZjh241VkZjdHsPRmOc6t2HO9DsN0kGfQBsC1DWZ4PRzoGHI6hLOv1J/z/3YyIJpBTifyHnGrPA9rX9n26Dn5uPHp/5QJobfuLK/dGYl/r2ujAcpJdGa1Ir49G+hA/jfHz7/fupktscB/iZh/iAbTduh0Rp4vFteNfko1/W9Rx4+h06+bx+lbHyNvnDwzS/XT+80a3+U/hyfwnusx/DnbJ3e3YOP8LD/sQpqd0/vde1/nvk6FrZCirvdCa8w0nly5XK6cj4sWIOBHDe9P6es9zziw/aPba1jn/S5c0fnsumB3Hw+Lef79mutwo76TNnR7djnjl6fw3iTXj/77WkL66/9P348ImYxyr3Hu117aN29+p/zPg5o8Rr3Xt/6cfZEmX55NfNpvN7PnkWOt8GGufFWv9eefYr73ib639/Zf2/4H12z+SdD6vrW89xg/7/q702rbd839P8mmrvCdbd73caMyPR+xJPlq7fuLpa9v19v5p+08cX3/863b+74+IzzbZ/jtH7/TcdTf0//SW+n/rhQcffv59r/ib6/83W6UT2ZrNjH+bPcCdvHcAAAAAAACw2xQi4lAkhdKTcqFQKq18v+NoHChUa/XGyUu1hSvT0fqt7EgMF9pPug93fB9iPPs+bLs+sao+GRFHIuKbof2temmqVp0edOMBAAAAAAAAAAAAAAAAAABglzjY4/f/qd+GBn10wH+uOOgDAAZmw/zvx//0BOxKPv8hv+Q/5Jf8h/yS/5Bf8h/yS/5Dfsl/yC/5DwAAAAAAAAAAAAAAAAAAAAAAAAAAAH114fz5dGkuP74xldanry0uzNaunZqu1GdLcwtTpana/NXSTK02U62UpmpzG/171Vrt6vhELFwfa1TqjbH64tLFudrClcbFy3PlmcrFyvAzaRUAAAAAAAAAAAAAAAAAAAA8X+qLS7PlarUyr9CzcDZ2xWFsu5Bs1Mtns5NhWyGKg29gfgq3n12sAQ9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDhnwAAAP//V0g2Zg==")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
bind$inet(0xffffffffffffffff, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000)
syz_usb_disconnect(0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='yeah\x00', 0x5)
shutdown(r0, 0x2)
syz_io_uring_setup(0x3b, 0x0, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x15, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)

310.848227ms ago: executing program 0 (id=411):
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x22000b0, 0x0, 0x3, 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x84000, 0x0)

189.44123ms ago: executing program 0 (id=412):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x6}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x10000, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4000000, 0x3}, 0x48)

0s ago: executing program 0 (id=413):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x54, 0x10, 0x19, 0x70bd2d, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40da7, 0x79269}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}]}}}, @IFLA_IFNAME={0x14, 0x3, 'ip6gretap0\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0xcc93f1266b7358bf}, 0x8040)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:31480' (ED25519) to the list of known hosts.
syzkaller login: [   58.071296][ T5826] cgroup: Unknown subsys name 'net'
[   58.181976][ T5826] cgroup: Unknown subsys name 'cpuset'
[   58.189230][ T5826] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.101385][ T5826] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   65.504030][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.508431][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.512324][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.516056][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.521116][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.524161][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.527923][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.532119][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.536423][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.541975][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.555288][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.559236][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.562542][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.568947][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.576594][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.936233][ T5847] chnl_net:caif_netlink_parms(): no params data found
[   66.001071][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   66.040307][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   66.112540][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.115646][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.119549][ T5847] bridge_slave_0: entered allmulticast mode
[   66.123601][ T5847] bridge_slave_0: entered promiscuous mode
[   66.170276][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.173221][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.176113][ T5847] bridge_slave_1: entered allmulticast mode
[   66.180462][ T5847] bridge_slave_1: entered promiscuous mode
[   66.223803][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.226027][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.228977][ T5854] bridge_slave_0: entered allmulticast mode
[   66.232202][ T5854] bridge_slave_0: entered promiscuous mode
[   66.269687][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.272480][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.274928][ T5854] bridge_slave_1: entered allmulticast mode
[   66.279681][ T5854] bridge_slave_1: entered promiscuous mode
[   66.285310][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.289911][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.292614][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.294885][ T5848] bridge_slave_0: entered allmulticast mode
[   66.298592][ T5848] bridge_slave_0: entered promiscuous mode
[   66.301909][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.304194][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.306455][ T5848] bridge_slave_1: entered allmulticast mode
[   66.309440][ T5848] bridge_slave_1: entered promiscuous mode
[   66.322853][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.363150][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.382553][ T5847] team0: Port device team_slave_0 added
[   66.387204][ T5847] team0: Port device team_slave_1 added
[   66.404550][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.438914][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.451270][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.453952][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.464155][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.471352][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.474786][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.477616][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.486161][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.491939][ T5854] team0: Port device team_slave_0 added
[   66.499678][ T5854] team0: Port device team_slave_1 added
[   66.520288][ T5848] team0: Port device team_slave_0 added
[   66.540877][ T5848] team0: Port device team_slave_1 added
[   66.563482][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.565663][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.574503][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.579570][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.581849][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.589918][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.625594][ T5847] hsr_slave_0: entered promiscuous mode
[   66.629039][ T5847] hsr_slave_1: entered promiscuous mode
[   66.632466][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.634660][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.642508][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.648026][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.650221][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.658392][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.719445][ T5854] hsr_slave_0: entered promiscuous mode
[   66.722272][ T5854] hsr_slave_1: entered promiscuous mode
[   66.724905][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   66.727034][ T5854] Cannot create hsr debugfs directory
[   66.804034][ T5848] hsr_slave_0: entered promiscuous mode
[   66.807178][ T5848] hsr_slave_1: entered promiscuous mode
[   66.811486][ T5848] debugfs: 'hsr0' already exists in 'hsr'
[   66.813683][ T5848] Cannot create hsr debugfs directory
[   67.118557][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.131121][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.138507][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.154658][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.209343][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   67.229889][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   67.271879][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   67.279258][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   67.303704][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   67.316082][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   67.325141][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   67.336793][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   67.456398][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.502207][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   67.518333][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.520686][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.528807][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.541453][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.543701][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.563043][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   67.568457][ T5856] Bluetooth: hci1: command tx timeout
[   67.572316][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.592315][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.594604][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.608059][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.610764][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.616786][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   67.622256][ T5847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.647697][ T5856] Bluetooth: hci2: command tx timeout
[   67.649637][ T5856] Bluetooth: hci0: command tx timeout
[   67.654736][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.657654][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.672803][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.676013][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.774762][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.825142][ T5847] veth0_vlan: entered promiscuous mode
[   67.844043][ T5847] veth1_vlan: entered promiscuous mode
[   67.883497][ T5847] veth0_macvtap: entered promiscuous mode
[   67.892996][ T5847] veth1_macvtap: entered promiscuous mode
[   67.924990][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.935700][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.941936][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.954823][ T5864] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.961362][ T5864] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.964710][ T5864] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.971485][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.979549][ T5864] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.065137][ T5848] veth0_vlan: entered promiscuous mode
[   68.099475][ T5854] veth0_vlan: entered promiscuous mode
[   68.102647][ T5848] veth1_vlan: entered promiscuous mode
[   68.137040][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.142360][ T5854] veth1_vlan: entered promiscuous mode
[   68.149181][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.202277][ T5848] veth0_macvtap: entered promiscuous mode
[   68.216627][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.219341][ T5854] veth0_macvtap: entered promiscuous mode
[   68.223486][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.225578][ T5854] veth1_macvtap: entered promiscuous mode
[   68.239136][ T5848] veth1_macvtap: entered promiscuous mode
[   68.260444][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.274330][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.284436][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.295744][ T5880] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.303888][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   68.310275][ T5880] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.315463][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.324193][ T5880] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.329404][ T5880] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.341218][ T5880] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.362637][ T5880] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.392507][ T5880] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.395602][ T5880] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.469496][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.471949][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.509490][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.512453][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.611890][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.630385][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.730144][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.733249][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.488790][ T5934] loop2: detected capacity change from 0 to 512
[   69.515376][ T5934] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   69.533770][ T5934] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   69.599907][ T5934] EXT4-fs (loop2): orphan cleanup on readonly fs
[   69.604273][ T5934] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   69.652049][ T5852] Bluetooth: hci1: command tx timeout
[   69.677711][ T5934] EXT4-fs (loop2): Remounting filesystem read-only
[   69.680918][ T5934] EXT4-fs (loop2): 1 truncate cleaned up
[   69.705322][ T5934] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   69.727912][ T5852] Bluetooth: hci0: command tx timeout
[   69.730438][ T5856] Bluetooth: hci2: command tx timeout
[   69.768585][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.409080][  T793] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   70.578621][  T793] usb 1-1: Using ep0 maxpacket: 32
[   70.586978][  T793] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[   70.595135][  T793] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.621815][  T793] usb 1-1: config 0 descriptor??
[   70.652532][  T793] gspca_main: nw80x-2.14.0 probing 055f:d001
[   70.903350][ T5955] loop2: detected capacity change from 0 to 32768
[   70.918468][ T5955] =======================================================
[   70.918468][ T5955] WARNING: The mand mount option has been deprecated and
[   70.918468][ T5955]          and is ignored by this kernel. Remove the mand
[   70.918468][ T5955]          option from the mount to silence this warning.
[   70.918468][ T5955] =======================================================
[   71.021174][ T5955] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   71.066379][ T5965] syzkaller1: tun_chr_ioctl cmd 1074025675
[   71.074446][ T5965] syzkaller1: persist disabled
[   71.163171][ T5854] ocfs2: Unmounting device (7,2) on (node local)
[   71.172889][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.175582][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.198820][ T5967] loop1: detected capacity change from 0 to 512
[   71.202109][ T5967] EXT4-fs: Ignoring removed nobh option
[   71.207716][ T5967] EXT4-fs (loop1): Test dummy encryption mode enabled
[   71.249792][ T5967] EXT4-fs error (device loop1): __ext4_iget:5464: inode #11: block 1: comm syz.1.23: invalid block
[   71.258181][ T5967] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.23: couldn't read orphan inode 11 (err -117)
[   71.270617][ T5967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.341559][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.388001][ T5972] netlink: 1053 bytes leftover after parsing attributes in process `syz.1.24'.
[   71.445431][ T5977] netlink: 'syz.2.26': attribute type 1 has an invalid length.
[   71.453156][ T5975] loop1: detected capacity change from 0 to 2048
[   71.457569][  T793] gspca_nw80x: reg_r err -71
[   71.459363][  T793] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[   71.470167][  T793] usb 1-1: USB disconnect, device number 2
[   71.475752][ T5975] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   71.811411][ T5856] Bluetooth: hci2: command tx timeout
[   71.817433][ T5856] Bluetooth: hci0: command tx timeout
[   72.100565][ T6000] loop1: detected capacity change from 0 to 256
[   72.182248][ T6005] loop0: detected capacity change from 0 to 16
[   72.204357][ T6005] erofs (device loop0): mounted with root inode @ nid 36.
[   72.302185][ T6007] loop0: detected capacity change from 0 to 4096
[   72.306769][ T6007] EXT4-fs (loop0): Test dummy encryption mode enabled
[   72.316049][ T6007] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.617714][ T5915] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   72.771794][ T5915] usb 1-1: unable to get BOS descriptor or descriptor too short
[   72.775924][ T5915] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   72.779760][ T5915] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   72.783521][ T5915] usb 1-1: config 1 has no interface number 1
[   72.785918][ T5915] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   72.793336][ T5915] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   72.796715][ T5915] usb 1-1: New USB device strings: Mfr=20, Product=2, SerialNumber=3
[   72.800176][ T5915] usb 1-1: Product: syz
[   72.801849][ T5915] usb 1-1: Manufacturer: syz
[   72.803670][ T5915] usb 1-1: SerialNumber: syz
[   73.046239][ T6014] loop1: detected capacity change from 0 to 32768
[   73.050955][ T6014] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.43 (6014)
[   73.070929][ T6014] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   73.074375][ T6014] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[   73.077416][ T5915] usb 1-1: USB disconnect, device number 3
[   73.087735][ T6014] BTRFS info (device loop1): disk space caching is enabled
[   73.090236][ T6014] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   73.120890][ T5859] udevd[5859]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   73.199261][ T6014] BTRFS info (device loop1): rebuilding free space tree
[   73.224134][ T6014] BTRFS info (device loop1): disabling free space tree
[   73.226883][ T6014] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   73.231396][ T6014] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   73.507159][ T6035] fanotify: failed to encode fid (type=0, len=0, err=-2)
[   73.510259][ T6035] fanotify: failed to encode fid (type=0, len=0, err=-2)
[   73.601800][ T6039] netlink: 'syz.2.46': attribute type 2 has an invalid length.
[   73.608625][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.806633][ T6049] loop2: detected capacity change from 0 to 512
[   73.811478][ T6049] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   73.853219][ T6049] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.862384][ T6049] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.889010][ T5856] Bluetooth: hci0: command tx timeout
[   73.889047][ T5852] Bluetooth: hci2: command tx timeout
[   73.911889][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.999075][ T5848] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   74.191708][ T6058] loop1: detected capacity change from 0 to 512
[   74.198096][ T6054] loop0: detected capacity change from 0 to 32768
[   74.200488][ T6058] EXT4-fs: Ignoring removed orlov option
[   74.201925][ T6054] XFS: attr2 mount option is deprecated.
[   74.209339][  T793] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   74.214623][ T6058] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   74.233455][ T6054] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[   74.237117][ T6058] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #17: comm syz.1.52: corrupted in-inode xattr: overlapping e_value 
[   74.245828][ T6054] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   74.252995][ T6058] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.52: couldn't read orphan inode 17 (err -117)
[   74.258059][ T6058] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.275103][   T33] audit: type=1800 audit(1755393304.506:2): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.52" name="bus" dev="loop1" ino=18 res=0 errno=0
[   74.275267][ T6054] XFS (loop0): Ending clean mount
[   74.291656][ T6054] XFS (loop0): Quotacheck needed: Please wait.
[   74.319912][ T6054] XFS (loop0): Quotacheck: Done.
[   74.341964][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.377378][  T793] usb 3-1: Using ep0 maxpacket: 16
[   74.388414][  T793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.391867][  T793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.403463][  T793] usb 3-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.00
[   74.406872][  T793] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.418435][  T793] usb 3-1: config 0 descriptor??
[   74.422498][ T5847] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   74.546730][ T6071] loop1: detected capacity change from 0 to 4096
[   74.561250][ T6071] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[   74.843510][  T793] asus 0003:0B05:19B6.0001: unknown main item tag 0x0
[   74.848973][  T793] asus 0003:0B05:19B6.0001: unknown main item tag 0x0
[   74.851335][  T793] asus 0003:0B05:19B6.0001: unknown main item tag 0x0
[   74.853450][  T793] asus 0003:0B05:19B6.0001: unknown main item tag 0x0
[   74.855611][  T793] asus 0003:0B05:19B6.0001: unknown main item tag 0x0
[   74.864131][  T793] asus 0003:0B05:19B6.0001: hidraw0: USB HID v0.00 Device [HID 0b05:19b6] on usb-dummy_hcd.2-1/input0
[   74.871380][  T793] asus 0003:0B05:19B6.0001: Asus input not registered
[   74.877034][  T793] asus 0003:0B05:19B6.0001: probe with driver asus failed with error -12
[   75.053191][  T793] usb 3-1: USB disconnect, device number 2
[   75.275706][   T47] IPVS: starting estimator thread 0...
[   75.328297][ T5852] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   75.332427][ T5852] Bluetooth: hci1: Injecting HCI hardware error event
[   75.335987][ T5852] Bluetooth: hci1: hardware error 0x00
[   75.387625][ T6093] IPVS: using max 41 ests per chain, 98400 per kthread
[   75.591388][ T6099] tipc: Started in network mode
[   75.593663][ T6099] tipc: Node identity ac141441, cluster identity 4711
[   75.600274][ T6099] tipc: Enabled bearer <udp:syz2>, priority 10
[   76.526290][ T6120] loop1: detected capacity change from 0 to 1024
[   76.571689][ T6120] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.599852][ T5887] tipc: Node number set to 2886997057
[   76.604968][ T6114] loop0: detected capacity change from 0 to 32768
[   76.608518][ T6114] XFS: ikeep mount option is deprecated.
[   76.633077][ T6120] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.77: missing EA_INODE flag
[   76.640199][ T6120] EXT4-fs (loop1): Remounting filesystem read-only
[   76.643017][ T6120] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   76.670484][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.714457][ T6114] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[   76.720671][ T6114] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   76.736713][ T6114] XFS (loop0): Internal error !uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid) at line 254 of file fs/xfs/xfs_log_recover.c.  Caller xlog_header_check_mount+0x93/0xe0
[   76.744325][ T6114] CPU: 1 UID: 0 PID: 6114 Comm: syz.0.74 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   76.744365][ T6114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   76.744374][ T6114] Call Trace:
[   76.744389][ T6114]  <TASK>
[   76.744402][ T6114]  dump_stack_lvl+0x189/0x250
[   76.744428][ T6114]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.744448][ T6114]  ? __phys_addr+0xd3/0x180
[   76.744468][ T6114]  ? __kasan_kmalloc_large+0x85/0xa0
[   76.744489][ T6114]  ? is_vmalloc_addr+0x52/0xb0
[   76.744516][ T6114]  xfs_corruption_error+0x122/0x170
[   76.744535][ T6114]  ? xlog_header_check_mount+0x93/0xe0
[   76.744556][ T6114]  xlog_header_check_mount+0xc6/0xe0
[   76.744572][ T6114]  ? xlog_header_check_mount+0x93/0xe0
[   76.744590][ T6114]  xlog_find_verify_log_record+0x32e/0x500
[   76.744614][ T6114]  xlog_find_zeroed+0x327/0x410
[   76.744637][ T6114]  xlog_find_head+0x5f/0x700
[   76.744653][ T6114]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.744673][ T6114]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.744695][ T6114]  xlog_find_tail+0x3d/0x840
[   76.744716][ T6114]  ? try_to_wake_up+0x7f5/0x12b0
[   76.744738][ T6114]  xlog_recover+0x4b/0x3e0
[   76.744758][ T6114]  xfs_log_mount+0x253/0x3e0
[   76.744781][ T6114]  xfs_mountfs+0xe5e/0x2330
[   76.744810][ T6114]  ? __pfx_xfs_mountfs+0x10/0x10
[   76.744832][ T6114]  ? xfs_setup_dax_always+0x20f/0x290
[   76.744849][ T6114]  xfs_fs_fill_super+0x11b3/0x1600
[   76.744868][ T6114]  get_tree_bdev_flags+0x40e/0x4d0
[   76.744888][ T6114]  ? __pfx_xfs_fs_fill_super+0x10/0x10
[   76.744902][ T6114]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   76.744930][ T6114]  vfs_get_tree+0x92/0x2b0
[   76.744951][ T6114]  do_new_mount+0x2a2/0x9e0
[   76.745004][ T6114]  ? ns_capable+0x8a/0xf0
[   76.745020][ T6114]  ? __pfx_do_new_mount+0x10/0x10
[   76.745040][ T6114]  ? path_mount+0x61c/0xfe0
[   76.745060][ T6114]  ? user_path_at+0x44/0x60
[   76.745084][ T6114]  __se_sys_mount+0x317/0x410
[   76.745111][ T6114]  ? __pfx___se_sys_mount+0x10/0x10
[   76.745137][ T6114]  ? do_syscall_64+0xbe/0x3b0
[   76.745155][ T6114]  ? __x64_sys_mount+0x20/0xc0
[   76.745178][ T6114]  do_syscall_64+0xfa/0x3b0
[   76.745196][ T6114]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.745215][ T6114]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.745229][ T6114]  ? exc_page_fault+0x9f/0xf0
[   76.745248][ T6114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.745262][ T6114] RIP: 0033:0x7fd34319038a
[   76.745277][ T6114] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.745289][ T6114] RSP: 002b:00007fd343f8fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.745305][ T6114] RAX: ffffffffffffffda RBX: 00007fd343f8fef0 RCX: 00007fd34319038a
[   76.745315][ T6114] RDX: 0000200000000500 RSI: 0000200000000040 RDI: 00007fd343f8feb0
[   76.745324][ T6114] RBP: 0000200000000500 R08: 00007fd343f8fef0 R09: 000000000300c880
[   76.745333][ T6114] R10: 000000000300c880 R11: 0000000000000246 R12: 0000200000000040
[   76.745342][ T6114] R13: 00007fd343f8feb0 R14: 000000000000970d R15: 0000200000000080
[   76.745364][ T6114]  </TASK>
[   76.745370][ T6114] XFS (loop0): Corruption detected. Unmount and run xfs_repair
[   76.878616][ T6114] XFS (loop0): log has mismatched uuid - can't recover
[   76.882994][ T6114] XFS (loop0): empty log check failed
[   76.885607][ T6114] XFS (loop0): log mount/recovery failed: error -117
[   76.904161][ T6114] XFS (loop0): log mount failed
[   76.962935][ T6141] netlink: 88 bytes leftover after parsing attributes in process `syz.1.82'.
[   77.037471][ T6143] netlink: 'syz.2.83': attribute type 1 has an invalid length.
[   77.043219][ T6143] netlink: 'syz.2.83': attribute type 1 has an invalid length.
[   77.047458][ T6143] netlink: 216 bytes leftover after parsing attributes in process `syz.2.83'.
[   77.415721][ T5852] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   77.590271][ T6166] loop0: detected capacity change from 0 to 2048
[   77.697455][ T6167] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   77.707615][ T5887] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   77.737221][ T6166] NILFS (loop0): failed to count free inodes: err=-34
[   77.838114][ T5847] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 8796093022222
[   77.841702][ T5847] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16)
[   77.849490][ T5847] Remounting filesystem read-only
[   77.851385][ T5847] NILFS (loop0): error -5 truncating bmap (ino=16)
[   77.863616][ T5847] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[   77.905474][ T5887] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[   77.912452][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.935048][ T5887] usb 3-1: config 0 descriptor??
[   77.942991][ T5887] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[   78.217222][ T5887] gp8psk: usb in 128 operation failed.
[   78.424385][ T5887] gp8psk: usb in 146 operation failed.
[   78.426636][ T5887] gp8psk: failed to get FW version
[   78.441734][ T5887] gp8psk: usb in 149 operation failed.
[   78.444120][ T5887] gp8psk: failed to get FPGA version
[   78.660579][ T5887] gp8psk: usb out operation failed.
[   78.662774][ T5887] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   78.666853][ T5887] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[   78.668856][ T6179] loop1: detected capacity change from 0 to 4096
[   78.693372][ T5887] usb 3-1: USB disconnect, device number 3
[   78.882112][ T6190] loop1: detected capacity change from 0 to 2048
[   78.906258][ T6192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.106'.
[   78.924520][ T6190] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.931742][ T6190] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.090582][ T6199] loop0: detected capacity change from 0 to 256
[   79.156908][ T6199] FAT-fs (loop0): Directory bread(block 64) failed
[   79.159863][ T6199] FAT-fs (loop0): Directory bread(block 65) failed
[   79.162546][ T6199] FAT-fs (loop0): Directory bread(block 66) failed
[   79.165270][ T6199] FAT-fs (loop0): Directory bread(block 67) failed
[   79.170037][ T6199] FAT-fs (loop0): Directory bread(block 68) failed
[   79.172548][ T6199] FAT-fs (loop0): Directory bread(block 69) failed
[   79.175012][ T6199] FAT-fs (loop0): Directory bread(block 70) failed
[   79.177820][ T6199] FAT-fs (loop0): Directory bread(block 71) failed
[   79.180391][ T6199] FAT-fs (loop0): Directory bread(block 72) failed
[   79.182759][ T6199] FAT-fs (loop0): Directory bread(block 73) failed
[   79.310685][   T33] audit: type=1800 audit(1755393309.526:3): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.103" name="file0" dev="loop1" ino=13 res=0 errno=0
[   79.507428][   T33] audit: type=1800 audit(1755393309.736:4): pid=6199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.108" name="bus" dev="loop0" ino=1048592 res=0 errno=0
[   79.564448][ T6205] proc: Bad value for 'gid'
[   79.669185][ T6207] loop0: detected capacity change from 0 to 4096
[   79.690256][ T6211] process 'syz.2.113' launched './file0' with NULL argv: empty string added
[   79.727391][ T6207] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[   79.759925][ T6207] ntfs3(loop0): ino=1a, mi_enum_attr
[   79.768555][ T6207] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   79.773652][ T6207] ntfs3(loop0): ino=1a, mi_enum_attr
[   79.775858][ T6207] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[   79.800349][ T6201] syz.1.103 (6201) used greatest stack depth: 20008 bytes left
[   79.844229][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.868231][ T6213] loop2: detected capacity change from 0 to 64
[   79.942850][ T6215] loop1: detected capacity change from 0 to 16
[   79.968487][ T6215] erofs (device loop1): mounted with root inode @ nid 36.
[   80.112757][ T6225] netlink: 48 bytes leftover after parsing attributes in process `syz.1.120'.
[   80.287532][  T793] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   80.450718][  T793] usb 3-1: unable to get BOS descriptor or descriptor too short
[   80.454966][  T793] usb 3-1: config 6 has an invalid interface number: 158 but max is 0
[   80.460474][  T793] usb 3-1: config 6 has no interface number 0
[   80.465394][  T793] usb 3-1: config 6 interface 158 altsetting 8 endpoint 0x1 has invalid wMaxPacketSize 0
[   80.472353][  T793] usb 3-1: config 6 interface 158 has no altsetting 0
[   80.486889][  T793] usb 3-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=da.29
[   80.490865][  T793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.494160][  T793] usb 3-1: Product: syz
[   80.495941][  T793] usb 3-1: Manufacturer: syz
[   80.499712][  T793] usb 3-1: SerialNumber: syz
[   80.716079][  T793] rtsx_usb 3-1:6.158: probe with driver rtsx_usb failed with error -8
[   80.721620][  T793] usb 3-1: USB disconnect, device number 4
[   81.159382][ T6245] loop0: detected capacity change from 0 to 32768
[   81.167042][ T6245] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.129 (6245)
[   81.177193][ T6245] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   81.183016][ T6245] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[   81.187047][ T6245] BTRFS info (device loop0): using free-space-tree
[   81.264474][ T5847] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   81.271177][ T6263] syzkaller1: entered promiscuous mode
[   81.273312][ T6263] syzkaller1: entered allmulticast mode
[   81.453071][ T6266] netlink: 'syz.0.131': attribute type 1 has an invalid length.
[   81.612647][ T6272] loop0: detected capacity change from 0 to 512
[   81.667081][ T6272] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.695986][ T6272] ext4 filesystem being mounted at /43/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   81.732451][ T6272] EXT4-fs error (device loop0): ext4_get_first_dir_block:3533: inode #12: comm syz.0.134: Attempting to read directory block (0) that is past i_size (3)
[   81.838154][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.187801][ T5901] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   82.230723][ T6288] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   82.398793][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   82.402641][ T5901] usb 2-1: New USB device found, idVendor=046d, idProduct=c532, bcdDevice= 0.00
[   82.406245][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.412575][ T5901] usb 2-1: config 0 descriptor??
[   82.584545][ T6292] loop0: detected capacity change from 0 to 32768
[   82.693730][ T6292] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=gzip,norecovery,nojournal_transaction_names,no_data_io
[   82.693743][ T6292]   allowing incompatible features above 0.0: (unknown version)
[   82.693749][ T6292]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   82.722130][ T6292] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   82.725509][ T6292] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=btree_root in superblock: invalid btree root journal entry: wrong number of keys, fixing
[   82.732817][ T6292] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   82.735231][ T6292] bcachefs (loop0): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[   82.735231][ T6292] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[   82.735231][ T6292]   running recovery passes: check_extents_to_backpointers,check_inodes
[   82.756699][ T6292] bcachefs (loop0): error reading btree root btree=extents level=0: btree_node_read_error, fixing
[   82.769571][ T6292] bcachefs (loop0): btree node read error: no device to read from
[   82.769601][ T6292]  at freespace level 0/0
[   82.769606][ T6292]   u64s 11 type 255 SPOS_MAX len 0 ver 65535: 
[   82.769610][ T6292]   flagging btree freespace lost data
[   82.769614][ T6292]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[   82.782715][ T6292] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[   82.788551][ T6292] bcachefs (loop0): check_topology...
[   82.788626][ T6292] bcachefs (loop0): btree root extents unreadable, must recover from scan
[   82.794410][ T6292] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding
[   82.800276][ T6292] bcachefs (loop0): bch2_check_root(): error restart_recovery
[   82.802783][ T6292] bcachefs (loop0): scan_for_btree_nodes...
[   82.809049][ T6292] bcachefs (loop0): btree node scan found 1 nodes after overwrites
[   82.816170][ T6292]  done
[   82.817099][ T6292] bcachefs (loop0): check_topology...
[   82.817201][ T6292] bcachefs (loop0): btree root extents unreadable, must recover from scan
[   82.824668][ T6292] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX
[   82.831580][ T6292] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0
[   82.859227][ T6292] bcachefs (loop0): empty interior btree node at btree=extents level=1
[   82.859238][ T6292]   u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing
[   82.865314][ T6292] bcachefs (loop0): bch2_btree_repair_topology_recurse(): error ECHILD
[   82.870235][ T6292] bcachefs (loop0): empty btree root extents
[   82.872947][ T6292]  done
[   82.874019][ T6292] bcachefs (loop0): accounting_read... done
[   82.882303][ T6292] bcachefs (loop0): alloc_read... done
[   82.884515][ T6292] bcachefs (loop0): snapshots_read... done
[   82.886874][ T6292] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[   82.892599][ T6292] bcachefs (loop0): done starting filesystem
[   82.923401][ T5847] bcachefs (loop0): shutting down
[   82.943934][ T6307] loop2: detected capacity change from 0 to 512
[   82.947878][ T6307] EXT4-fs: Ignoring removed oldalloc option
[   82.965601][ T5847] bcachefs (loop0): shutdown complete
[   83.000006][ T6307] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.144: Parent and EA inode have the same ino 15
[   83.039281][ T5901] usb 2-1: USB disconnect, device number 2
[   83.079922][ T6307] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.144: Parent and EA inode have the same ino 15
[   83.085985][ T6307] EXT4-fs (loop2): 1 orphan inode deleted
[   83.093621][ T6307] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.143168][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.385482][ T6310] loop2: detected capacity change from 0 to 40427
[   83.392920][ T6310] F2FS-fs (loop2): build fault injection rate: 14
[   83.395641][ T6310] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   83.401136][ T6310] F2FS-fs (loop2): invalid crc value
[   83.408321][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[   83.420056][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[   83.463878][ T6310] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   83.468157][ T6310] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[   83.473860][ T6310] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   83.492062][ T6310] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[   83.500513][ T6310] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_mknod+0x155/0x5d0
[   83.506140][ T6310] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[   83.513211][ T6310] F2FS-fs (loop2): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x249/0x1cf0
[   83.518599][ T6310] F2FS-fs (loop2): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:1219692001,blkaddr:4098]
[   83.531400][ T6310] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40
[   83.585222][ T5854] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_grab_meta_folio+0x6a/0x1d0
[   84.306711][ T6327] loop2: detected capacity change from 0 to 32768
[   84.326858][ T6327] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   84.386039][ T6327] XFS (loop2): Ending clean mount
[   84.392151][ T6327] XFS (loop2): Quotacheck needed: Please wait.
[   84.426479][ T6327] XFS (loop2): Quotacheck: Done.
[   84.653459][ T6325] loop1: detected capacity change from 0 to 131072
[   84.657767][ T6325] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[   84.661021][ T6325] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   84.671485][ T6325] F2FS-fs (loop1): invalid crc value
[   84.727702][ T6325] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   84.734878][ T6325] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   84.738261][ T6325] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   84.953363][ T6351] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   85.092350][ T5854] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   85.339585][ T6353] ceph: No mds server is up or the cluster is laggy
[   85.375425][ T5901] libceph: connect (1)[c::]:6789 error -101
[   85.387083][ T5901] libceph: mon0 (1)[c::]:6789 connect error
[   85.594454][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.161'.
[   85.626531][ T6360] loop2: detected capacity change from 0 to 32768
[   85.641223][ T6360] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   85.656927][ T6360] XFS (loop2): Ending clean mount
[   85.749463][   T33] audit: type=1326 audit(1755393315.986:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6377 comm="syz.1.164" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe9e558ebe9 code=0x0
[   85.754268][ T5854] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   86.342968][   T33] audit: type=1326 audit(1755393316.576:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.421484][   T33] audit: type=1326 audit(1755393316.656:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.443351][   T33] audit: type=1326 audit(1755393316.656:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.468539][   T33] audit: type=1326 audit(1755393316.656:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.490327][   T33] audit: type=1326 audit(1755393316.696:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.510422][   T33] audit: type=1326 audit(1755393316.696:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.551317][  T792] cfg80211: failed to load regulatory.db
[   86.555122][   T33] audit: type=1326 audit(1755393316.696:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.571699][   T33] audit: type=1326 audit(1755393316.696:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.580358][   T33] audit: type=1326 audit(1755393316.696:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.0.170" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34318ebe9 code=0x7ffc0000
[   86.612982][ T6397] pim6reg: entered allmulticast mode
[   87.590075][ T6420] Illegal XDP return value 4294967294 on prog  (id 14) dev N/A, expect packet loss!
[   88.157738][    C0] vkms_vblank_simulate: vblank timer overrun
[   88.959006][ T6425] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   88.964660][ T6425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.181'.
[   89.557633][ T6451] warning: `syz.0.192' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   89.771944][ T6465] syzkaller1: entered promiscuous mode
[   89.774453][ T6465] syzkaller1: entered allmulticast mode
[   89.812404][ T6471] netlink: 2036 bytes leftover after parsing attributes in process `syz.1.201'.
[   89.816025][ T6471] netlink: 24 bytes leftover after parsing attributes in process `syz.1.201'.
[   90.486082][ T6478] vivid-000: disconnect
[   90.489458][ T6477] vivid-000: reconnect
[   90.777390][  T792] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   90.938483][  T792] usb 3-1: Using ep0 maxpacket: 16
[   90.943253][  T792] usb 3-1: config 1 has an invalid interface number: 110 but max is 0
[   90.946529][  T792] usb 3-1: config 1 has no interface number 0
[   90.952117][  T792] usb 3-1: config 1 interface 110 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   90.955915][  T792] usb 3-1: config 1 interface 110 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[   90.960504][  T792] usb 3-1: config 1 interface 110 has no altsetting 0
[   90.965735][  T792] usb 3-1: New USB device found, idVendor=045e, idProduct=04e6, bcdDevice=8d.7f
[   90.970934][  T792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.974293][  T792] usb 3-1: Product: syz
[   90.975935][  T792] usb 3-1: Manufacturer: syz
[   90.978981][  T792] usb 3-1: SerialNumber: syz
[   90.983782][ T6480] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   90.986902][ T6480] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   90.994440][  T792] ipaq 3-1:1.110: PocketPC PDA converter detected
[   91.117532][ T5834] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   91.200743][  T792] usb 3-1: PocketPC PDA converter now attached to ttyUSB0
[   91.271619][ T5834] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 22
[   91.280274][ T5834] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   91.283724][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   91.286794][ T5834] usb 2-1: SerialNumber: syz
[   91.403774][   T47] usb 3-1: USB disconnect, device number 5
[   91.418392][   T47] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0
[   91.422160][   T47] ipaq 3-1:1.110: device disconnected
[   91.554444][ T6522] overlayfs: failed to clone upperpath
[   91.686300][ T6502] Zero length message leads to an empty skb
[   92.006764][ T6523] loop1: detected capacity change from 0 to 1024
[   92.020076][ T6523] EXT4-fs: Ignoring removed bh option
[   92.091732][ T6523] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.121590][ T5834] usb 2-1: USB disconnect, device number 3
[   93.155213][ T6535] loop2: detected capacity change from 0 to 40427
[   93.168463][ T6535] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   93.178707][ T6535] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   93.189273][ T6535] F2FS-fs (loop2): invalid crc value
[   93.254776][ T6535] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   93.262581][ T6535] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   93.264833][ T6535] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   93.536629][ T6548] loop2: detected capacity change from 0 to 512
[   93.540584][ T6548] EXT4-fs: Ignoring removed nobh option
[   93.543373][ T6548] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   93.548631][ T6548] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842e02c, mo2=0002]
[   93.551572][ T6548] EXT4-fs (loop2): orphan cleanup on readonly fs
[   93.556228][ T6548] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #11: comm syz.2.232: attempt to clear invalid blocks 1024 len 1
[   93.564491][ T6548] EXT4-fs (loop2): Remounting filesystem read-only
[   93.568223][ T6548] EXT4-fs (loop2): 1 truncate cleaned up
[   93.571545][ T6548] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[   93.594302][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[   93.655591][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.746686][ T6558] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.235'.
[   93.750385][ T6558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.235'.
[   94.084495][ T6562] loop1: detected capacity change from 0 to 32768
[   94.120771][ T6562] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   94.169968][ T6562] XFS (loop1): Ending clean mount
[   94.244171][ T5848] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   94.633688][ T6612] netlink: 16 bytes leftover after parsing attributes in process `syz.2.258'.
[   94.870294][ T6606] loop1: detected capacity change from 0 to 32768
[   94.892152][ T6606] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[   94.960148][ T5848] ocfs2: Unmounting device (7,1) on (node local)
[   95.406530][ T6629] GUP no longer grows the stack in syz.1.266 (6629): 200000005000-200000008000 (200000004000)
[   95.412238][ T6629] CPU: 0 UID: 0 PID: 6629 Comm: syz.1.266 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   95.412253][ T6629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   95.412259][ T6629] Call Trace:
[   95.412264][ T6629]  <TASK>
[   95.412269][ T6629]  dump_stack_lvl+0x189/0x250
[   95.412285][ T6629]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.412295][ T6629]  ? __pfx__printk+0x10/0x10
[   95.412306][ T6629]  ? find_vma+0xe7/0x160
[   95.412324][ T6629]  fixup_user_fault+0x661/0x720
[   95.412338][ T6629]  fault_in_user_writeable+0x72/0xe0
[   95.412348][ T6629]  futex_lock_pi+0x773/0xa90
[   95.412364][ T6629]  ? __pfx_futex_lock_pi+0x10/0x10
[   95.412387][ T6629]  ? __pfx_futex_wake_mark+0x10/0x10
[   95.412405][ T6629]  ? __pfx_userfaultfd_unmap_complete+0x10/0x10
[   95.412421][ T6629]  do_futex+0x292/0x420
[   95.412433][ T6629]  ? __pfx_do_futex+0x10/0x10
[   95.412442][ T6629]  ? __vm_munmap+0x301/0x3d0
[   95.412454][ T6629]  __se_sys_futex+0x36f/0x400
[   95.412467][ T6629]  ? __pfx___se_sys_futex+0x10/0x10
[   95.412477][ T6629]  ? rcu_is_watching+0x15/0xb0
[   95.412487][ T6629]  ? __x64_sys_futex+0x21/0xf0
[   95.412498][ T6629]  do_syscall_64+0xfa/0x3b0
[   95.412509][ T6629]  ? lockdep_hardirqs_on+0x9c/0x150
[   95.412519][ T6629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.412527][ T6629]  ? exc_page_fault+0x9f/0xf0
[   95.412538][ T6629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.412546][ T6629] RIP: 0033:0x7fe9e558ebe9
[   95.412555][ T6629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.412562][ T6629] RSP: 002b:00007fe9e633e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   95.412571][ T6629] RAX: ffffffffffffffda RBX: 00007fe9e57b5fa0 RCX: 00007fe9e558ebe9
[   95.412577][ T6629] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[   95.412582][ T6629] RBP: 00007fe9e5611e19 R08: 0000000000000000 R09: 0000000000000000
[   95.412586][ T6629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   95.412591][ T6629] R13: 00007fe9e57b6038 R14: 00007fe9e57b5fa0 R15: 00007ffc84dd1138
[   95.412605][ T6629]  </TASK>
[   95.765509][ T6635] capability: warning: `syz.1.268' uses 32-bit capabilities (legacy support in use)
[   95.835474][ T6637] gtp0: entered promiscuous mode
[   95.837141][ T6637] gtp0: entered allmulticast mode
[   96.688619][  T792] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   96.710989][ T6668] loop1: detected capacity change from 0 to 40427
[   96.723425][ T6668] F2FS-fs (loop1): invalid crc value
[   96.774447][ T6668] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   96.778311][ T6668] F2FS-fs (loop1): Start checkpoint disabled!
[   96.785487][ T6668] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   96.850964][  T792] usb 3-1: Using ep0 maxpacket: 32
[   96.856238][  T792] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[   96.860353][  T792] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   96.865369][  T792] usb 3-1: config 0 has no interface number 0
[   96.868194][  T792] usb 3-1: config 0 interface 8 altsetting 248 endpoint 0xC has an invalid bInterval 0, changing to 7
[   96.871905][  T792] usb 3-1: config 0 interface 8 altsetting 248 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[   96.876242][  T792] usb 3-1: config 0 interface 8 has no altsetting 0
[   96.883562][  T792] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[   96.887183][  T792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.890676][  T792] usb 3-1: Product: syz
[   96.892400][  T792] usb 3-1: Manufacturer: syz
[   96.894042][  T792] usb 3-1: SerialNumber: syz
[   96.903242][  T792] usb 3-1: config 0 descriptor??
[   97.054039][ T6677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.285'.
[   97.123235][  T792] ath6kl: Failed to submit usb control message: -71
[   97.125929][  T792] ath6kl: unable to send the bmi data to the device: -71
[   97.130898][  T792] ath6kl: Unable to send get target info: -71
[   97.134513][  T792] ath6kl: Failed to init ath6kl core: -71
[   97.143095][  T792] ath6kl_usb 3-1:0.8: probe with driver ath6kl_usb failed with error -71
[   97.150702][  T792] usb 3-1: USB disconnect, device number 6
[   97.286055][ T6687] loop1: detected capacity change from 0 to 256
[   97.311254][ T6687] MINIX-fs: mounting file system with errors, running fsck is recommended
[   97.325572][ T6687] MINIX-fs warning: remounting fs with errors, running fsck is recommended
[   97.330807][ T6687] MINIX-fs warning: remounting unchecked fs, running fsck is recommended
[   98.592390][   T33] kauditd_printk_skb: 13 callbacks suppressed
[   98.592404][   T33] audit: type=1326 audit(1755393328.826:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.624246][   T33] audit: type=1326 audit(1755393328.846:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.636305][   T33] audit: type=1326 audit(1755393328.846:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.648730][   T33] audit: type=1326 audit(1755393328.846:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.660090][   T33] audit: type=1326 audit(1755393328.856:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.670522][   T33] audit: type=1326 audit(1755393328.856:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.678921][   T33] audit: type=1326 audit(1755393328.856:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.686220][   T33] audit: type=1326 audit(1755393328.866:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.697101][   T33] audit: type=1326 audit(1755393328.866:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.726488][   T33] audit: type=1326 audit(1755393328.866:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.1.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e558ebe9 code=0x7ffc0000
[   98.755802][ T6719] loop1: detected capacity change from 0 to 256
[   99.232483][ T6752] loop2: detected capacity change from 0 to 32768
[   99.324832][ T6752] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   99.324855][ T6752]   allowing incompatible features above 0.0: (unknown version)
[   99.324863][ T6752]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   99.341444][ T6752] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[   99.344134][ T6752] bcachefs (loop2): initializing new filesystem
[   99.351366][ T6752] bcachefs (loop2): going read-write
[   99.360666][ T6752] bcachefs (loop2): marking superblocks
[   99.371022][ T6752] bcachefs (loop2): initializing freespace
[   99.375475][ T6752] bcachefs (loop2): done initializing freespace
[   99.380390][ T6752] bcachefs (loop2): reading snapshots table
[   99.382339][ T6752] bcachefs (loop2): reading snapshots done
[   99.419978][ T6752] bcachefs (loop2): done starting filesystem
[  100.352325][ T6799] loop1: detected capacity change from 0 to 32768
[  100.385655][ T6799] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section members_v2: device 0: not enough buckets (got 0, max 64)
[  100.385655][ T6799] members_v2 (size 152):
[  100.385655][ T6799] Device:                        0
[  100.385655][ T6799]   Label:                       (none)
[  100.385655][ T6799]   UUID:                        7af6772b-00de-4159-84cd-1faead7f0000
[  100.385655][ T6799]   Size:                        0
[  100.385655][ T6799]   read errors:                 0
[  100.385655][ T6799]   write errors:                0
[  100.385655][ T6799]   checksum errors:             0
[  100.385655][ T6799]   seqread iops:                0
[  100.385655][ T6799]   seqwrite iops:               0
[  100.385655][ T6799]   randread iops:               0
[  100.385655][ T6799]   randwrite iops:              0
[  100.385655][ T6799]   Bucket size:                 131072
[  100.385655][ T6799]   First bucket:                0
[  100.385655][ T6799]   Buckets:                     0
[  100.385655][ T6799]   Last mount:                  1714681267
[  100.385655][ T6799]   Last superblock write:       83886122
[  100.385655][ T6799]   State:                       rw
[  100.385655][ T6799]   Data allowed:                journal,btree,user
[  100.385655][ T6799]   Has data:                    (none)
[  100.385655][ T6799]   Btree allocated bitmap blocksize:256
[  100.385655][ T6799]   Btree allocated bitmap:      0000000000000000000001000010000010011000000000000000000000000000
[  100.385655][ T6799]   Durability:   
[  100.386348][ T6799] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  100.922102][ T6752] syz.2.311 (6752) used greatest stack depth: 16824 bytes left
[  100.962240][ T5854] bcachefs (loop2): shutting down
[  100.964315][ T5854] bcachefs (loop2): going read-only
[  100.968156][ T5854] bcachefs (loop2): finished waiting for writes to stop
[  100.974155][ T5854] bcachefs (loop2): flushing journal and stopping allocators, journal seq 3
[  101.011858][ T5854] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4
[  101.012151][ T6812] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  101.021835][ T5854] bcachefs (loop2): clean shutdown complete, journal seq 5
[  101.034365][ T5854] bcachefs (loop2): marking filesystem clean
[  101.076293][ T5854] bcachefs (loop2): shutdown complete
[  101.439892][ T5887] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  101.909371][ T5887] usb 2-1: unable to get BOS descriptor or descriptor too short
[  101.913510][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  101.916432][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  101.921892][ T5887] usb 2-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=b5.39
[  101.924692][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.927034][ T5887] usb 2-1: Product: syz
[  101.929454][ T5887] usb 2-1: Manufacturer: syz
[  101.931202][ T5887] usb 2-1: SerialNumber: syz
[  101.934205][ T5887] usb 2-1: config 0 descriptor??
[  101.939024][ T5887] pn533_usb 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  102.164264][ T5887] usb 2-1: USB disconnect, device number 4
[  102.710340][ T6846] netlink: 17 bytes leftover after parsing attributes in process `syz.1.347'.
[  102.713549][ T6846] netlink: zone id is out of range
[  102.715592][ T6846] netlink: zone id is out of range
[  102.717910][ T6846] netlink: zone id is out of range
[  102.719696][ T6846] netlink: zone id is out of range
[  102.721670][ T6846] netlink: zone id is out of range
[  102.723679][ T6846] netlink: zone id is out of range
[  102.725653][ T6846] netlink: zone id is out of range
[  102.727865][ T6846] netlink: zone id is out of range
[  102.730049][ T6846] netlink: zone id is out of range
[  102.732098][ T6846] netlink: zone id is out of range
[  102.913998][ T6852] loop1: detected capacity change from 0 to 512
[  103.650877][ T6871] sctp: [Deprecated]: syz.0.358 (pid 6871) Use of int in max_burst socket option.
[  103.650877][ T6871] Use struct sctp_assoc_value instead
[  103.729217][   T47] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  103.749977][   T33] kauditd_printk_skb: 3 callbacks suppressed
[  103.749987][   T33] audit: type=1326 audit(1755393333.986:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.0.361" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd34318ebe9 code=0x0
[  103.811311][ T6857] loop1: detected capacity change from 0 to 131072
[  103.815335][ T6857] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  103.818754][ T6857] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  103.824908][ T6857] F2FS-fs (loop1): invalid crc value
[  103.880090][ T6857] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  103.884741][ T6857] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  103.887514][ T6857] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  103.887808][   T47] usb 3-1: Using ep0 maxpacket: 32
[  103.902592][   T47] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  103.908498][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.913286][   T47] usb 3-1: Product: syz
[  103.915566][   T47] usb 3-1: Manufacturer: syz
[  103.918585][   T47] usb 3-1: SerialNumber: syz
[  103.926068][   T47] usb 3-1: config 0 descriptor??
[  104.558596][   T47] peak_usb 3-1:0.0 can0: unable to request usb[type=2 value=5] err=-71
[  104.630089][   T47] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[  104.642618][   T47] usb 3-1: USB disconnect, device number 7
[  105.573964][ T6908] loop2: detected capacity change from 0 to 512
[  105.579789][ T6908] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  105.592314][ T6908] EXT4-fs (loop2): 1 truncate cleaned up
[  105.595095][ T6908] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.617436][   T33] audit: type=1800 audit(1755393335.846:42): pid=6908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.372" name="bus" dev="loop2" ino=18 res=0 errno=0
[  105.638943][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.851040][ T6932] netlink: 44 bytes leftover after parsing attributes in process `syz.2.382'.
[  106.880698][ T6949] 9pnet: p9_errstr2errno: server reported unknown error 
[  107.021137][ T6955] 9pnet_fd: Insufficient options for proto=fd
[  107.219697][ T6965] loop1: detected capacity change from 0 to 2048
[  107.274314][ T6965] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  107.489497][ T6971] loop2: detected capacity change from 0 to 32768
[  107.495941][ T6971] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.400 (6971)
[  107.539523][ T6971] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  107.543622][ T6971] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  107.546954][ T6971] BTRFS info (device loop2): disk space caching is enabled
[  107.549929][ T6971] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  107.602635][ T6978] batman_adv: batadv0: Adding interface: gretap1
[  107.602662][ T6978] batman_adv: batadv0: Interface activated: gretap1
[  107.781208][ T6971] BTRFS info (device loop2): rebuilding free space tree
[  107.818948][ T6971] BTRFS info (device loop2): disabling free space tree
[  107.821733][ T6971] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  107.825522][ T6971] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  107.981661][ T7004] BTRFS info (device loop2 state M): max_inline set to 4096
[  108.147173][ T5854] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  108.405379][ T7014] loop2: detected capacity change from 0 to 1024
[  108.409109][ T7014] EXT4-fs: Ignoring removed nobh option
[  108.435876][ T7014] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.442140][ T7003] loop1: detected capacity change from 0 to 32768
[  108.514246][ T7003] read_mapping_page failed!
[  108.517086][ T7003] ERROR: (device loop1): txCommit: 
[  108.517086][ T7003] 
[  108.555812][  T116] BUG at fs/jfs/jfs_txnmgr.c:931 assert(mp->nohomeok > 0)
[  108.559931][  T116] ------------[ cut here ]------------
[  108.561691][  T116] kernel BUG at fs/jfs/jfs_txnmgr.c:931!
[  108.564953][  T116] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  108.568604][  T116] CPU: 0 UID: 0 PID: 116 Comm: jfsCommit Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  108.573792][  T116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  108.577944][  T116] RIP: 0010:txUnlock+0xdaf/0xdf0
[  108.580029][  T116] Code: e5 fd 90 0f 0b e8 e1 2e 7d fe 48 c7 c7 60 1b c4 8b 48 c7 c6 59 17 c4 8b ba a3 03 00 00 48 c7 c1 60 28 c4 8b e8 d2 22 e5 fd 90 <0f> 0b e8 ba 2e 7d fe 48 c7 c7 60 1b c4 8b 48 c7 c6 59 17 c4 8b ba
[  108.587966][  T116] RSP: 0018:ffffc9000249fbc8 EFLAGS: 00010246
[  108.590581][  T116] RAX: 0000000000000037 RBX: 0000000000001000 RCX: 4446b643836f4400
[  108.593651][  T116] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  108.596860][  T116] RBP: ffffc90001ff20d8 R08: ffffc9000249f8e7 R09: 1ffff92000493f1c
[  108.600345][  T116] R10: dffffc0000000000 R11: fffff52000493f1d R12: dffffc0000000000
[  108.603339][  T116] R13: 1ffff11006c8114b R14: ffff888036408a58 R15: 0000000000000000
[  108.605751][  T116] FS:  0000000000000000(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
[  108.608513][  T116] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  108.610702][  T116] CR2: 0000001b32423ffc CR3: 000000010616a000 CR4: 00000000000006f0
[  108.613503][  T116] Call Trace:
[  108.614619][  T116]  <TASK>
[  108.615628][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.617373][  T116]  jfs_lazycommit+0x584/0xa90
[  108.618947][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[  108.620671][  T116]  ? __pfx_default_wake_function+0x10/0x10
[  108.622745][  T116]  ? __kthread_parkme+0x7b/0x200
[  108.624468][  T116]  ? __kthread_parkme+0x1a1/0x200
[  108.626294][  T116]  kthread+0x711/0x8a0
[  108.627643][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[  108.629369][  T116]  ? __pfx_kthread+0x10/0x10
[  108.630935][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[  108.632732][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.634518][  T116]  ? __pfx_kthread+0x10/0x10
[  108.636109][  T116]  ret_from_fork+0x3fc/0x770
[  108.637632][  T116]  ? __pfx_ret_from_fork+0x10/0x10
[  108.639339][  T116]  ? __switch_to_asm+0x39/0x70
[  108.640921][  T116]  ? __switch_to_asm+0x33/0x70
[  108.642555][  T116]  ? __pfx_kthread+0x10/0x10
[  108.644212][  T116]  ret_from_fork_asm+0x1a/0x30
[  108.645672][  T116]  </TASK>
[  108.646840][  T116] Modules linked in:
[  108.648605][  T116] ---[ end trace 0000000000000000 ]---
[  108.654722][  T116] RIP: 0010:txUnlock+0xdaf/0xdf0
[  108.656447][  T116] Code: e5 fd 90 0f 0b e8 e1 2e 7d fe 48 c7 c7 60 1b c4 8b 48 c7 c6 59 17 c4 8b ba a3 03 00 00 48 c7 c1 60 28 c4 8b e8 d2 22 e5 fd 90 <0f> 0b e8 ba 2e 7d fe 48 c7 c7 60 1b c4 8b 48 c7 c6 59 17 c4 8b ba
[  108.664109][  T116] RSP: 0018:ffffc9000249fbc8 EFLAGS: 00010246
[  108.666298][  T116] RAX: 0000000000000037 RBX: 0000000000001000 RCX: 4446b643836f4400
[  108.670723][  T116] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  108.674012][  T116] RBP: ffffc90001ff20d8 R08: ffffc9000249f8e7 R09: 1ffff92000493f1c
[  108.677422][  T116] R10: dffffc0000000000 R11: fffff52000493f1d R12: dffffc0000000000
[  108.680637][  T116] R13: 1ffff11006c8114b R14: ffff888036408a58 R15: 0000000000000000
[  108.683960][  T116] FS:  0000000000000000(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
[  108.688117][  T116] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  108.690752][  T116] CR2: 000055557fd8f5c8 CR3: 0000000026f42000 CR4: 00000000000006f0
[  108.693483][  T116] Kernel panic - not syncing: Fatal exception
[  108.696374][  T116] Kernel Offset: disabled
[  108.697777][  T116] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:15:38  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000004f RBX=000000000000004f RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000249f310
R8 =ffff8880201f8237 R9 =1ffff1100403f046 R10=dffffc0000000000 R11=ffffffff854f0b30
R12=dffffc0000000000 R13=ffffffff99af98d8 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854f0bac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32423ffc CR3=000000010616a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffc900078e0000 RBX=1ffff1100450125a RCX=ffff888022078000 RDX=0000000000010000
RSI=ffff888022808000 RDI=0000000000000017 RBP=0000000000000080 RSP=ffffc900001e0dc0
R8 =ffffffff8fa37e37 R9 =1ffffffff1f46fc6 R10=dffffc0000000000 R11=ffffffff8699a970
R12=dffffc0000000000 R13=ffff8880228092d0 R14=ffff888022808000 R15=dffffc0000000000
RIP=ffffffff8699a9b8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000080 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fd343387498 00007fd343387470 XMM03=00007fd3433874a8 00007fd3433874a0
XMM04=00007fd343eed100 00007fd343387460 XMM05=00007fd343387478 00007fd3433874c0
XMM06=00007fd3433874b8 00007fd3433874b0 XMM07=00007fd3433874a8 00007fd3433874a0
XMM08=8829d53a93e44ad5 3c9e836bd318ae96 XMM09=0000000000000000 00007fd343212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
