last executing test programs:

3.272688379s ago: executing program 2 (id=400):
setxattr$incfs_id(0x0, 0x0, 0x0, 0x0, 0x0)
getpgrp(0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/protocols\x00')
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000000)=""/73, 0x49}], 0x1, 0xfffffffa, 0x0)

3.272160734s ago: executing program 0 (id=401):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x208010, &(0x7f00000000c0)={[{@dioread_lock}, {@dax_inode}, {@noblock_validity}, {@init_itable}, {@grpquota}, {@grpjquota, 0x2e}, {@i_version}, {@dax_never}, {@jqfmt_vfsv1}, {@discard}], [], 0x2c}, 0x84, 0x4c2, &(0x7f0000000240)="$eJzs3M9vFFUcAPDvTGkpP1uQqPxQVtHYiLa0oHLwoEYTLhoTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqBc1XvVuTIjhAnowa2Z3pt2lu9vdlnbF/XyS2b43v95838zbfTOvuwH0rFL2kkRsjYhfI2Komq1foVT9c+Papam/rl2aSqJcfunPpLLe9WuXpopVi+225JmRNCJ9L4m9DcqdvXDx9OTMzPT5PD82d+aNsdkLFx89dWby5PTJ6bMTR48eOTz+xOMTj7UVx+VllmdxXd/z9rl9u4+98uHzU+V49fvPsuPdmi+vjaNquK1yWylFKcq5xbkDldcHV733/5ZtNelkQxcPhI70RUR2uvor7X8o+mLx5A3Fc+8uZL7p0gECayb7bNqxZG5f/jdd+PwC/o8SbRx6VPGJn93/FtN69j+67erT2et0Jf4b+fTjC9W6SbN72eHqHXuzW9o7G8wbXEyWh5Ypf2tEHJ//+6NsiobPIVpI2l4TAGDBV1n/55FG/b+0rm+zPR9DGY6IgxGxMyLuiIhdkS6sc1dE3N1h+aWb8kv7Pz9v6nCXHcn6f0/mY1vFVF1SxJUs5LZV4u9PXjs1M30or5OR6N+Y5cdblPH1s7980GxZqab/l01Z+UVfMD+OPzZsrN/mxOTc5CpCrnP1nYg9GxrFnyz0ebMa2B0Re1aw/6zOTj386b4svX3L0uXLx9/CLRhnKn8S8VD1/M/HTfEXkmpJzcYnxwZjZvrQWHFVLPXDT1derM3316Tr4h9sL6bBlQbbQHb+Nze8/vP4i2ZQjNfOdl7Gld/eb3pPs/T8J3F8vnaN/PrftFht2fU/kLxcSQ/k896anJs7Px4xkM+omz+xuLciX6yfxT9yoHH73xnxz8f5dnsjIruI74mIeyNif37s90XE/RFxoEX83z3zwOutayiPP6Kz6/8WyOI/0er8RwwnteP1K0j0nf72y2blt/f+d6SSGsnntPP+1+4BrqbuAAAA4HaRVsagk3S0SNc8nNoVm9OZc7NzB0vx5tkT1bHq4ehPiyddQzXPQ8fzZ8NFfuKm/OGI2FH5T6NNlfzo1LmZbd0MHKh8V6eu/Ueajo5Wl/3e1+2jA9ZcR+Notf909vkXt/5ggHXl+5rQu7R/6F3aP/Qu7R96V6P2fzniRhcOBVhnPv+hd2n/0Lu0f+hd2j/0pKVfiS9+bmUl3/RfTOw8tqrN1zxRHlqTPc93vlXfGkUatT/a0TSRRMTKioi09ToDbZTetUS67DpPLVct/av6TYwssT9PbIyIdre6vG61WrxDJH5lEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuK39GwAA///x/uMO")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc3}})
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
read$FUSE(r1, &(0x7f0000000ec0)={0x2020}, 0x2020)

2.954657558s ago: executing program 0 (id=402):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x8, &(0x7f0000000040)={[{@autodefrag}, {@autodefrag}, {@ref_verify}, {@max_inline={'max_inline', 0x3d, [0x54]}}, {@clear_cache}, {@discard}, {@noenospc_debug}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55a3, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vuF6nMN5TNW0LVoXxm26zpCzrmx0fKQ2Njn2I17aDned2mc2ZsTbrXvA5jBxq2y+vwgdpJ9Ze9PfHglSf/8fR956+duq3dfC5nk+amd7TqkHnN9ZrnMZrg86QXvP0KviUN9aUrhHD8nz5f9sycl3bf+MGrJ068/YWLr5628JopE58d9Iux/3jtLndPu7xg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MbKxP5uYAAADQa/SGvaZfHf3qS6c+dPeiF5cfV/Hdcb86abf6irO/33H8rivHf/HSK9sf36Vg/j+0tOP/8ZB/Xe5oV4cwoStxwYAQdut6PAn8LHbn5AEh7NWVaskPHJYKrA7hC12J/bNVpUr0jSWGpgK/r88EJqQCa2KgJRW4MQaWpAIXxsCKVGBGDKxOBQ6PgdCeP44D6jPjKDlQEwOtyUZcEc9CeKc+tpbaVuuyVQEAAGwnmdlhZf7dnHMdtjVDnF6uqOkpQzwDu2iG6lQN6RlsdlpVtIaKnmoo76mG7LgXffTwC2ou66nmgtMwyvIzfDjkO+UDJu79o7tuHHFT84sTv/vu2OO/8uc33129/z/993vOmX/dAQXz/6aPnv9Xd9ORsoLj/yFM7vobc5dnIh3ZeGtLXgYAAABgG1z12NInbzjgqP9z38v33fmla28oX3311//vKxsv2HvUccPL+v7dt1cUzP8nlHb+f9wn0icnc3g07oaYPSCEpvxAUu3BhYHkqHe/TAAAAAB6g+zx+Oyx8PbMbXKKdno+XZi/ZSvzxwP/E7rNf/mmv372y9c+eeLCYftsuOK/nflB2efH/m6XY9eOfPytPYf9Q0PfwvP/W0o7/782/zbpxJrYiysHhNA3J/BI7GVnoMvQGHj50PxAZvxr4gZYHKvKnJiQrWpxLNEaA02pwLJiJX6bLbFbfiDzZGUbvyA7jvZMiZwAAAAAfOLi7oB4XD6e/3/P5AO+tP+gl8a8uOe9C1+bsPSEU2t/uM8tu74+oGPSmAMnHHLEMwXz/9atO/+/ax5ccHp/R78QRlaE0Cf9w4BHa5OFAWOgriyTuL82qatPuqrzakMY3zmwdFWvZNb/r0ivMfhETVJVDOy29083DetM3FATwsjcwDPfvH5MZ2J+KpBt/Bs1IQzpHG268ZV9k8Yr041f0zeEPXMC2apO7htCZ2NV6aoerM5cxyBd1W3VIQzMCWSrOrA6hIUBgF4q/iudmfvgvIVnz57e0dF2xg5MxH34NWFWe0db44w5HTOri/RpZqrPecsYnVc4plKvfPN8ZomiqUNuH15KOvs7wabctjL78QtOHMzcj9+FKrvG2VyZd3d0esjD9ylsIuR8kyo25PIdPOTa3Eq2PIkF9cf8VaFf6LtgXtsZjWdNnz//jFHJ31KzNyd/42GmZFuNSm+r2u76VsLLo+hqWSkfd1vtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbkbw9D3a+7qlND3Xx9iePajkPdvSKnkk/iU0NCQqK3JaYvKTt/wrRf3/+tPdacdtZJe/z9HjNHnPRXl/9m7omNh0z+1fV/ubZg/j/3o+f/8VMnfvJn1mcodvy/IR7mTx7fcpi/NQaWlXr8v6HY0fzsiQFDU4FFMbDIYX4AAAA+G+LuyLg3M+6Vvq7un+4+cuaMQ97/5QlTrv7bseNOPWv9vg0XX33skv+w/p0lq454u2D+v6i03/9vp/X/s0vXf63YMv/7xxJNxdb/Ty/zn13/f1Gx9f/Ty/xn1/9f9ims/78gG0htknes/w8AAHwWfHLr//e4vH/6AgEFGXpc3j99gYCCDD0u41/qBQK2ev3/OR1/UTvo8jnjDh0x98ePrNp7ycDbvvT8xF/vs/SgEfeuvOW9UbcWzP+XlDb/t3A/AAAA7Dwe+mXfb1/87rD7n3rk/SPLLv3txpuO/6u2Aw75w8DmUyYfXfP9m/6tYP6/rLT5/ye//l8odv7/0GKBlmILA1r/DwAAgF6q2Pp/Nw98eejq+SNufOznb97yUusvZo5/7d8t+cFXpg9runnNut80zFhfMP9fUdr8P552UZ6XO/bmw/pkTbuQXtNuY332JwMAAADQO5SHxsbKEvPmrYx62Mdvc11mKdCPSud6+r5BqxaUP3RVWfXGH1wy7ZDGc489c86RF63/fu2TP6md2lh9RsH8f3Vp8/+832U8UDup/rK3Jx784cqT/3j6vvPXTt1y/B8AAADYcUrdLwEAAAAAAAAAAAAAAHz6nmpdetAHo45+Y+Zeo/70jWNf+MHiL37zkb+59s9n/vzw+/Zq3zxsSsHv/8PkrnLFfv8fr/sXf1+wa17u2GrP6/9l7k855taFXUsWPlofwj65gdnnz/5cyFybf7/cwKqp+w/uTJyfLnHfi4e/1pmYlg4cNWKX9zoT41OB1rhI4hfSgXhVxff6pwJxecUn04G4PVakA1WZwCX9k3GUpbfVhrpkW5Wlt9VzdSEMyAlkt9XddUkbZekBXpUKZAd4ejoQBzgpEyhP9+rWfkmvYqAuFv2bfkmvAADYacVvgZVhVntHW1P8Ch9vd6/Iv43yliw7r7DashKbfz6zNNnUIbcPLyXdJ/1ddMu1xitDdecQRhV8Xc3NUtY1yu1TSw+bbtciQ+5ptbfyIuXStnbTVRUfUU0yosYZczpmVvY48NE9Z2mu6DHLqILJTm6W8q5NWkItJfSlhBGVuG1K6HK8Xx4aG/ukco2LwYaQp6dXRKm/189d56/YqyA3z9/WXHtpn8F93v+38Rc99OCAyo5TJ7ddtPtj/zxw1Mwf//DB1mt+XzD/byht/l+dO673MhcDWBSvrHfwgBBaSxwRAAAAfPb9z3OX33HinDUbZq2uePZ3v5tdftyJlZvPueucsy967v7FR13y72/e1viKsqc2nfjGprP++o2ffOW6h8966fAZZ901ad0h69uqb/zuXyw/dUjB/H9oafP/uAcrcyg42duxOl7//4IBIXRdWr8hCfwsDvfkASHs1ZVqiSWSC+p/LZZoSgI/iztM9o8lWlvyq+obAytSgd/XZwKrU4E1MZDZS/HTkNmVc0V9CGO6UpPzS8yNJRpSgeNiYGgq0BgDTalA/xiYkAq82T8TaEkF/jEGQnv+trqzf2ZbAQAAbI3MPKsy/25Iz/NWVPSUoaynDLU9ZSjvKUN1TxmKjSLevyNmqEydvFKWk6kyXWtNqpaCDPFi+Fvdr4IM4bf5OdMFC5qO5x9kzzcoy88w7od3tB70tXk/3nTxjx4/8sALj1xy5duXHt1v8JXP/u/2c/v131RbMP9vKm3+X5t/m7S+Js7/t1z/Lwk8Ert3ZTx1fGgMvHxofiCzY2BNnOwuzlbVkimRmbQvjiUmxMDQVGBuDExIBVonZwLLBucHMjPtbOMXZBtvz5TICQAAAMAnLu4giLtp4vx/5bjwzh5Hvt+8+5UD5457/JHzjphes2t1zT+PX7t0/KXVD+3Xt2D+P6G0+X9sr19uYxfG3rzaP4S7y7b0JhsYUZcE4n6Muvjz+D3qQvhczg6ObIm22qREVarh8HBN8gv1qnRV99YkawzE+1OeeHDVZZ2Jq2pC2Ddn70u2jReqkzZq0oFhVUmgNh2YU5EE4p6fbOCe8iQA2yy7VzC+oDKnumQ1dF+uyOvvs3JN0PTwCvaBdpOvu99c7SjV6Qcy+1Sztu5pK6iOHaLg7bHau603vtsavNtyv0hlvqFs3hKqDuUz22ZNX9AxPz6S+0vWAjvoec79lWop6e3wOlz08Xvbs+p0B5pSHx9N3Zfr/nVYFqt7oHZS/WVvTzx45cl/PH3f+WunltyNIuIPhQ++de4Bz+Vs3h2tOmRec73u86TF50lv/Dcw1NMWQlh+wawnn/iX95+vWN/8Xw4cu/y2Nx9b/pODHpg14gsbLvnyxrfePapg/t9S2vy/InXb5YO4MecNCGF4zsZ9NG7+iQOSz8GcQPIpObAwkBxyX19f9JMTAAAAtrfs7o7s/oL2zG1yQnh6nlyYv2Ur88f9FRO6zV9qvweO+YfvHXrV69/4+vrdL3906VPr/tObrxwx7dAHNj29YuXrzcd+/umC+X/rR8//+6a66fi/4//sII7/d2tn3xXdN/3Aom3aFV1QHTuE4//d2tnfbY7/d8vxf8f/u+P4fw8c/+/Wzv60FXxLmutLVwihdcANt/+idvrwflec860Za3/+9DtN416oO/foO//H4YvDNeet+nPB/H9uafN/6/91v2hfdv2/1mLr/80ttv7fIuv/AQAAO1SRhebS87yC1fsKMqRX7yvI0OMCgT0uMWj9v61e/6/2pLNPeqX+rb2umXj7f75z+oXPn3Tis/v2ef6E20+4aeTVw1/68oaC+f+i0ub/8eXQL7f13rL+39DJRapaEgNzLQwIAADAzqjYDgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+XSseXPzFzYv3OeimZz9/0+H/umzNrL1/dcDm0WNObhy+eGDZlX/3L28NWrDwjbZJZ17bMn35NRtWLg2hvatcWVK87KFB5eWj/3DMXbdd8XDTtMFTzq3O1FuZuf1iXu7Y6of1ISzLeaQuJjbWd97ZEphyzK0LKzoTj9aHsE9uYPb5sz/XmbixPoT9cgOrpu4/uDNxfrrEfS8e/lpnYlo6cNSIXd7rTIzPBMrS3b2uf9LdsnR3L+sfwoCcQLa73+6fX1W2jf+YCZSn27i5LmkjBupi0R/VJW3EQEcs0d43hJEVIfRJV/Xr6qSqPumq/r46qapPuqr/Wh3C+BBCRbqqF6uSqirSI19blVQVA7vt/dNNwzoTy6pCGJkbeOab14/pTJyeCmQb/3pVCEM6XzLpxu+oTBqvTDd+VWUIe4YQqtIl/rUiKVGVLvFKRQgDcwLZxk+tCGFh4DMhfvjMzH1w3sKzZ0/v6Gg7YwcmqjJt1YRZ7R1tjTPmdMysTvWpmLKc9ObzPv7Yn990zozO26lDbh9eSroiU66yq8vNlXl3R+/svY/9qs2tZMvzUVB/zF8V+oW+C+a1ndF41vT5888YlfwtNXtz8rdPJppsq1G9ZVvtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbk7/YY6vWf/FB3r8ip5JP4AJCQkOhtifK8T7emnf2DvOCL/paOVobqrg/ogmlFbpayrlFuj0Ef9jFH/HG+p/Q4olEFE4eCLM09ZxldMJnYkqUmydL1va5gcphbU3nXJo33y0NjY59i26Eh/27u5n1rGzbvusymKzUNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//5twzl8=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x169)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x70)
fdatasync(r0)
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file7\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)

2.135268373s ago: executing program 0 (id=404):
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESOCT=r1, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)

1.915176224s ago: executing program 0 (id=405):
r0 = creat(&(0x7f00000006c0)='./file0\x00', 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2, 0x0, &(0x7f00000002c0)="8000", 0x0, 0xfffffffe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x40}, 0x50)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000140)='./file0\x00', 0x88)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(0x3)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

1.804840258s ago: executing program 0 (id=406):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f0000000340), 0x0}, 0x20)

1.725020336s ago: executing program 0 (id=407):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000b00)={0x2020}, 0x2020)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1.494037592s ago: executing program 1 (id=410):
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000002d00)=[{{&(0x7f0000001080)={0xa, 0x4e22, 0x1, @private2, 0x10001}, 0x1c, &(0x7f0000001200)=[{&(0x7f00000011c0)="e6", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9)

1.443422587s ago: executing program 2 (id=411):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000240), 0x2)
r1 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f00000001c0)=0x7)

1.442929175s ago: executing program 1 (id=412):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x200, 0x4)
listen(r0, 0xf5db)

1.442641586s ago: executing program 2 (id=413):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a40)={0x24, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x800)

1.371001989s ago: executing program 2 (id=414):
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)

1.370547673s ago: executing program 2 (id=415):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0)

1.304648068s ago: executing program 1 (id=416):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
epoll_pwait(r0, &(0x7f0000000140)=[{}], 0x1, 0x2d516fb6, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3)
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x400)

341.688303ms ago: executing program 1 (id=417):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)="b0", 0x1}], 0x1, 0xe7b, 0x0, 0x1)
chdir(&(0x7f0000000200)='./file0\x00')
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='./file1\x00')
write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000180)={0xa, {0x4, 0x7, 0x83}}, 0xa)

104.706675ms ago: executing program 2 (id=418):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x21c91c, &(0x7f0000000900)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@jqfmt_vfsv1}, {@nodelalloc}, {@errors_remount}, {@nomblk_io_submit}, {@usrjquota}, {@minixdf}, {@resgid, 0x32}]}, 0x1e, 0x4e0, &(0x7f0000001a40)="$eJzs3d9rW9cdAPDvla0sP5zZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYX/AYIy10Kc+9aXQP6BQ8ieUQqB9L21pKW3SPhTaRkVXUuI4UuwQWUqtzweOdO7Rvfqeo4uO7rn3cBVA3zoVEacj4kG1Wj0bEcON8kwjxWY91da7f+/WTC0lUa1e/SyJSOpltdXGtrznkcZmByPir3+K+EfyZNzy+sbidLFYWG0s5ytLK/ny+sa5haXp+cJ8YXlycuLi1KWpC1PjHWnnUERc/sNH///Pa3+8/Navbrx/7ZOxfyaN8ohH7ei0etOz6WfRNBgRq3sRrEcG0xYCAPB90DzO/3lEnI3hGEiP5gAAAID9pPrbofgmiagCAAAA+1YmnQObZHKNeQBDkcnkcvU5vD+Ow5liqVz55VxpbXm2Pld2JLKZuYViYbwxV3gksklteSLNP1o+v215MiKORcT/hg+ly7mZUnG21yc/AAAAoE8c2Tb+/3K4Pv7f4uueVQ4AAADonJFeVwAAAADYc8b/AAAAsP8Z/wMAAMC+9ucrV2qp2vz/69nr62uLpevnZgvlxdzS2kxuprS6kpsvlebTe/Yt7fR+xVJp5dexvHYzXymUK/ny+sa1pdLacuXawmN/gQ0AAAB00bGf3XkviYjN3xxKU82BXlcK6IrBZ1n5w72rB9B9A72uANAzz/T7D+wr2V5XAOi5ZIfX207eebvzdQEAAPbG6E9aX/8f2PHcwGamS1UE9ojzf9C/XP+H/uX6P/SvbAyEgTz0t51uAfr81/+r1WeqEAAA0HFDaUoyuYj0PMBQZDK5XMTRdEyQTeYWioXxiPhhRLw7nP1BbXki3TLZcc4wAAAAAAAAAAAAAAAAAAAAAAAAAFBXrSZRBQAAAPa1iMzHSXo3/4jR4TND288PHEi+Gk6fI+LGK1dfujldqaxO1Mo/f1heeblRfr4XZzAAAACA7Zrj9OY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66f69WzPN1M24n/4+IkZaxR+Mg+nzwchGxOEvkhjcsl0SEQMdiL95OyKOt4qf1KoVI41atIp/qMfxj3QgPvSzO7X+53etvn+ZOJU+t/7+XUx7qOfXvv/LPOz/BlrEr5Ud3WWME3ffyLeNfzvixGDr/qcZP2nT/5zeZfy//21jo91r1VcjRlv+/iSPxcpXllby5fWNcwtL0/OF+cLy5OTExalLUxemxvNzC8VC47FljP/+9M0HT2v/4TbxR3Zo/5ldtv/buzfv/aiezT7cPHkUf+x06/1/vE38TGP//6KRr70+2sxv1vNbnXz9nZNPa/9sm/bvtP/Hdtn+s3/59we7XBUA6ILy+sbidLFYWO3rzHN9GrXDoheiFS9mpva5vgDVaJn51x68c+3IvNft6kSmp90SAACwB54cAwMAAAAAAAAAAAAAAAAAAADd1o3biWW3xdxMHztx93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM75LgAA///6fNJN")
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000001200)='./file2\x00', 0x0, 0x100)

277.733µs ago: executing program 1 (id=419):
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @local, {[@timestamp_addr={0x44, 0x14, 0xa, 0x2, 0x0, [{@remote}, {@loopback}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

0s ago: executing program 1 (id=420):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=@newsa={0xfc, 0x16, 0x633, 0x0, 0x80000000, {{@in=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@remote, 0x4d2, 0x32}, @in6=@loopback, {}, {0x5, 0x3, 0x0, 0x5}, {0x4}, 0x2, 0x2, 0xa, 0x4, 0x18}, [@mark={0xc, 0x15, {0x35075c, 0x1}}]}, 0xfc}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:50108' (ED25519) to the list of known hosts.
syzkaller login: [   56.522158][ T5834] cgroup: Unknown subsys name 'net'
[   56.674104][ T5834] cgroup: Unknown subsys name 'cpuset'
[   56.679233][ T5834] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.734009][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.711281][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.715213][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.718152][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.721207][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.723953][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.758612][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.762225][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.765404][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.768616][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.771588][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.778060][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.785167][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.788342][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.792693][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.797814][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.092395][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   65.151180][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   65.174232][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   65.277845][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.282140][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.285216][ T5849] bridge_slave_0: entered allmulticast mode
[   65.289262][ T5849] bridge_slave_0: entered promiscuous mode
[   65.310492][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.314205][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.317164][ T5849] bridge_slave_1: entered allmulticast mode
[   65.321412][ T5849] bridge_slave_1: entered promiscuous mode
[   65.343448][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.345723][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.348264][ T5857] bridge_slave_0: entered allmulticast mode
[   65.353383][ T5857] bridge_slave_0: entered promiscuous mode
[   65.366557][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.369373][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.372670][ T5853] bridge_slave_0: entered allmulticast mode
[   65.375569][ T5853] bridge_slave_0: entered promiscuous mode
[   65.378758][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.381942][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.384717][ T5853] bridge_slave_1: entered allmulticast mode
[   65.387547][ T5853] bridge_slave_1: entered promiscuous mode
[   65.390407][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.393222][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.395963][ T5857] bridge_slave_1: entered allmulticast mode
[   65.399478][ T5857] bridge_slave_1: entered promiscuous mode
[   65.415445][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.421110][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.477689][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.499927][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.522752][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.528488][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.550251][ T5849] team0: Port device team_slave_0 added
[   65.583192][ T5857] team0: Port device team_slave_0 added
[   65.588449][ T5857] team0: Port device team_slave_1 added
[   65.593453][ T5849] team0: Port device team_slave_1 added
[   65.651675][ T5853] team0: Port device team_slave_0 added
[   65.655880][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.658524][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.669058][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.686980][ T5853] team0: Port device team_slave_1 added
[   65.689754][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.692477][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.702370][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.707005][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.709267][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.720247][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.736794][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.739554][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.750195][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.789490][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.792779][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.800592][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.841794][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.844752][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.855251][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.864821][ T5849] hsr_slave_0: entered promiscuous mode
[   65.867124][ T5849] hsr_slave_1: entered promiscuous mode
[   65.881199][ T5857] hsr_slave_0: entered promiscuous mode
[   65.883859][ T5857] hsr_slave_1: entered promiscuous mode
[   65.886360][ T5857] debugfs: 'hsr0' already exists in 'hsr'
[   65.888494][ T5857] Cannot create hsr debugfs directory
[   65.985830][ T5853] hsr_slave_0: entered promiscuous mode
[   65.988360][ T5853] hsr_slave_1: entered promiscuous mode
[   65.992388][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   65.994320][ T5853] Cannot create hsr debugfs directory
[   66.288828][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   66.297360][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   66.313300][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   66.329466][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.372983][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.382284][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.393106][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.416839][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.457290][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.463740][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.477573][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.490191][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.564051][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.598700][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   66.618553][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.621697][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.638593][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.641726][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.668485][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.724837][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   66.742704][ T4055] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.745691][ T4055] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.768589][ T4055] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.771603][ T4055] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.784383][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.802090][ T5851] Bluetooth: hci1: command tx timeout
[   66.804044][ T5851] Bluetooth: hci0: command tx timeout
[   66.832514][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   66.857945][ T4055] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.861446][ T4055] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.881164][   T55] Bluetooth: hci2: command tx timeout
[   66.892004][ T4055] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.894889][ T4055] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.945938][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.064245][ T5849] veth0_vlan: entered promiscuous mode
[   67.077853][ T5849] veth1_vlan: entered promiscuous mode
[   67.136458][ T5849] veth0_macvtap: entered promiscuous mode
[   67.146897][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.157253][ T5849] veth1_macvtap: entered promiscuous mode
[   67.188390][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.214668][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.233253][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.245730][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.254112][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.258914][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.297379][ T5857] veth0_vlan: entered promiscuous mode
[   67.305673][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.329554][ T5857] veth1_vlan: entered promiscuous mode
[   67.395239][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.397990][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.404655][ T5857] veth0_macvtap: entered promiscuous mode
[   67.427964][ T5853] veth0_vlan: entered promiscuous mode
[   67.430295][ T5857] veth1_macvtap: entered promiscuous mode
[   67.456851][ T5853] veth1_vlan: entered promiscuous mode
[   67.465519][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.466721][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.474027][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.477117][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.503780][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.511039][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.526694][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.529900][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.539109][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.549182][ T5853] veth0_macvtap: entered promiscuous mode
[   67.608843][ T5853] veth1_macvtap: entered promiscuous mode
[   67.661204][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.663675][ T4055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.666535][ T4055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.674526][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.698672][ T5740] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.750241][ T5740] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.756285][ T5740] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.759997][ T5740] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.766922][ T4055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.770717][ T4055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.795639][ T5918] syz.1.5 uses obsolete (PF_INET,SOCK_PACKET)
[   67.909848][ T4055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.914259][ T4055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.948617][ T4055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.956805][ T4055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.586814][ T5938] netlink: 'syz.1.9': attribute type 6 has an invalid length.
[   68.589720][ T5938] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9'.
[   68.661845][   T33] audit: type=1326 audit(1755520299.657:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5937 comm="syz.1.9" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf698ebe9 code=0x7ffc0000
[   68.692413][   T33] audit: type=1326 audit(1755520299.657:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5937 comm="syz.1.9" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf698ebe9 code=0x7ffc0000
[   68.699814][   T33] audit: type=1326 audit(1755520299.657:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5937 comm="syz.1.9" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3cf698ebe9 code=0x7ffc0000
[   68.714068][   T33] audit: type=1326 audit(1755520299.657:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5937 comm="syz.1.9" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf698ebe9 code=0x7ffc0000
[   68.741198][   T33] audit: type=1326 audit(1755520299.657:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5937 comm="syz.1.9" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3cf698ebe9 code=0x7ffc0000
[   68.756766][   T33] audit: type=1326 audit(1755520299.697:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5937 comm="syz.1.9" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf698ebe9 code=0x7ffc0000
[   68.772327][   T33] audit: type=1326 audit(1755520299.697:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5937 comm="syz.1.9" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf698ebe9 code=0x7ffc0000
[   68.836769][ T5946] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   68.842573][ T5946] team0: Device ipvlan2 is already an upper device of the team interface
[   68.882826][   T55] Bluetooth: hci0: command tx timeout
[   68.885196][   T55] Bluetooth: hci1: command tx timeout
[   68.932524][ T5892] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   68.961307][ T5851] Bluetooth: hci2: command tx timeout
[   69.121722][ T5892] usb 3-1: Using ep0 maxpacket: 16
[   69.142915][ T5967] capability: warning: `syz.1.18' uses deprecated v2 capabilities in a way that may be insecure
[   69.142988][ T5892] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   69.162441][ T5892] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   69.180617][ T5892] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   69.191383][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.194613][ T5892] usb 3-1: Product: syz
[   69.196482][ T5892] usb 3-1: Manufacturer: syz
[   69.198527][ T5892] usb 3-1: SerialNumber: syz
[   69.219168][ T5973] capability: warning: `syz.1.20' uses 32-bit capabilities (legacy support in use)
[   69.540391][ T5892] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   69.600692][ T5892] usb 3-1: USB disconnect, device number 2
[   69.740009][ T5994] lo speed is unknown, defaulting to 1000
[   69.743818][ T5994] lo speed is unknown, defaulting to 1000
[   69.757481][ T5994] lo speed is unknown, defaulting to 1000
[   69.795041][ T5994] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   69.900391][ T5994] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[   69.959662][ T5994] lo speed is unknown, defaulting to 1000
[   69.965602][ T5994] lo speed is unknown, defaulting to 1000
[   69.969424][ T5994] lo speed is unknown, defaulting to 1000
[   70.961140][ T5851] Bluetooth: hci1: command tx timeout
[   70.963691][   T55] Bluetooth: hci0: command tx timeout
[   71.040853][ T5851] Bluetooth: hci2: command tx timeout
[   71.126267][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.129020][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.337464][ T5892] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   71.401055][ T5892] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   71.542477][ T6073] loop2: detected capacity change from 0 to 256
[   71.549015][ T6073] =======================================================
[   71.549015][ T6073] WARNING: The mand mount option has been deprecated and
[   71.549015][ T6073]          and is ignored by this kernel. Remove the mand
[   71.549015][ T6073]          option from the mount to silence this warning.
[   71.549015][ T6073] =======================================================
[   71.703437][ T6076] netlink: 'syz.0.31': attribute type 4 has an invalid length.
[   71.756347][ T6076] netlink: 'syz.0.31': attribute type 4 has an invalid length.
[   72.521717][ T6081] loop0: detected capacity change from 0 to 32768
[   72.616510][ T6081] XFS (loop0): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[   72.642694][ T6088] bond0: entered promiscuous mode
[   72.644890][ T6088] bond_slave_0: entered promiscuous mode
[   72.647945][ T6088] bond_slave_1: entered promiscuous mode
[   72.677709][ T6081] XFS (loop0): Ending clean mount
[   72.723478][   T33] audit: type=1800 audit(1755520303.797:9): pid=6081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.33" name="file1" dev="loop0" ino=6150 res=0 errno=0
[   72.875457][ T5857] XFS (loop0): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[   72.945112][ T6095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37'.
[   73.042217][ T5851] Bluetooth: hci1: command tx timeout
[   73.044503][ T5851] Bluetooth: hci0: command tx timeout
[   73.121798][ T5851] Bluetooth: hci2: command tx timeout
[   73.207039][ T6108] loop0: detected capacity change from 0 to 512
[   73.215995][ T6108] EXT4-fs: Ignoring removed orlov option
[   73.224739][ T6108] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   73.230435][ T6108] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[   73.241321][ T6108] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.42: corrupted in-inode xattr: e_value size too large
[   73.247275][ T6108] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.42: couldn't read orphan inode 15 (err -117)
[   73.255441][ T6108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.298364][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.398683][ T6113] overlayfs: failed to resolve 'W': -2
[   73.682869][ T6118] netlink: 'syz.0.45': attribute type 1 has an invalid length.
[   73.686174][ T6118] netlink: 'syz.0.45': attribute type 1 has an invalid length.
[   73.730379][ T6120] loop2: detected capacity change from 0 to 16
[   73.770059][ T6120] erofs (device loop2): mounted with root inode @ nid 36.
[   73.775895][ T6120] erofs (device loop2): xattr_isize 12 of nid 46 is not supported yet
[   73.881946][ T6126] loop2: detected capacity change from 0 to 1024
[   73.935922][ T1089] hfsplus: b-tree write err: -5, ino 4
[   74.197609][ T6138] warning: `syz.2.56' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   74.220916][ T5879] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   74.401463][ T5879] usb 1-1: config 0 interface 0 altsetting 60 endpoint 0xE has invalid maxpacket 1023, setting to 64
[   74.405675][ T5879] usb 1-1: config 0 interface 0 altsetting 60 endpoint 0xD has invalid maxpacket 14254, setting to 1024
[   74.413134][ T5879] usb 1-1: config 0 interface 0 altsetting 60 bulk endpoint 0xD has invalid maxpacket 1024
[   74.417464][ T5879] usb 1-1: config 0 interface 0 has no altsetting 0
[   74.420017][ T5879] usb 1-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=ae.ad
[   74.428249][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.438253][ T5879] usb 1-1: config 0 descriptor??
[   74.442489][ T6130] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   74.623412][   T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   74.667033][ T5879] usb 1-1: string descriptor 0 read error: -71
[   74.670233][ T5879] usb 1-1: ucan: probing device on interface #0
[   74.684020][ T5879] usb 1-1: ucan: invalid endpoint configuration
[   74.686199][ T5879] usb 1-1: ucan: probe failed; try to update the device firmware
[   74.732038][ T5879] usb 1-1: USB disconnect, device number 2
[   74.810813][   T10] usb 2-1: Using ep0 maxpacket: 32
[   74.814678][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[   74.817773][   T10] usb 2-1: config 0 has no interface number 0
[   74.822951][   T10] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[   74.826503][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.829495][   T10] usb 2-1: Product: syz
[   74.831443][   T10] usb 2-1: Manufacturer: syz
[   74.833167][   T10] usb 2-1: SerialNumber: syz
[   74.838820][   T10] usb 2-1: config 0 descriptor??
[   74.848234][   T10] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[   74.854242][   T10] usb 2-1: selecting invalid altsetting 1
[   74.856727][   T10] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[   74.869352][   T10] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   74.874954][   T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[   74.879428][   T10] usb 2-1: media controller created
[   74.902451][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   75.071621][   T10] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[   75.091321][   T10] zl10353_read_register: readreg error (reg=127, ret==-71)
[   75.098271][   T10] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[   75.170293][   T10] usb 2-1: USB disconnect, device number 2
[   75.264789][ T6163] loop0: detected capacity change from 0 to 4096
[   75.322695][ T6163] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   75.363977][ T6163] ntfs3(loop0): Failed to load $Extend (-22).
[   75.368101][ T6163] ntfs3(loop0): Failed to initialize $Extend.
[   75.550945][ T6172] overlay: filesystem on ./bus not supported
[   75.653736][ T6176] PKCS7: Unknown OID: [4] 0.38.107.217331280.32(bad)
[   75.658560][ T6176] PKCS7: Only support pkcs7_signedData type
[   76.023191][ T6198] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   76.195421][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz.1.84'.
[   76.256095][ T6202] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   76.476580][ T6214] loop0: detected capacity change from 0 to 256
[   76.485390][ T6214] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   76.490370][ T6214] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[   76.522532][ T6214] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   77.531062][ T6213] loop1: detected capacity change from 0 to 32768
[   77.599621][ T6213] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   77.649615][ T6231] loop0: detected capacity change from 0 to 256
[   77.658365][ T6231] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   77.662709][ T6231] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[   77.675351][ T6231] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[   77.688183][ T6213] XFS (loop1): Ending clean mount
[   77.705315][ T6213] XFS (loop1): Quotacheck needed: Please wait.
[   77.761877][ T6213] XFS (loop1): Quotacheck: Done.
[   77.804067][ T6232] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff)
[   77.807861][ T6232] exFAT-fs (loop0): Filesystem has been set read-only
[   77.813265][ T6232] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff)
[   77.817829][ T6232] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff)
[   77.900793][ T5849] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   78.275909][ T6238] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000000004
[   78.867667][ T6246] netlink: 40 bytes leftover after parsing attributes in process `syz.0.100'.
[   78.871495][ T6246] netlink: 40 bytes leftover after parsing attributes in process `syz.0.100'.
[   78.876020][ T6246] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[   78.950085][ T6248] loop0: detected capacity change from 0 to 256
[   78.971768][ T6248] MINIX-fs: mounting file system with errors, running fsck is recommended
[   78.981460][ T6236] loop2: detected capacity change from 0 to 65536
[   79.036682][ T6236] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[   79.075674][ T6236] XFS (loop2): Ending clean mount
[   79.079908][ T6236] XFS (loop2): Quotacheck needed: Please wait.
[   79.125356][ T6236] XFS (loop2): Quotacheck: Done.
[   79.153967][   T33] audit: type=1804 audit(1755520310.227:10): pid=6236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.97" name="/newroot/27/file0/bus" dev="loop2" ino=74 res=1 errno=0
[   79.519974][ T5853] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[   79.877345][ T6266] lo speed is unknown, defaulting to 1000
[   80.263294][   T33] audit: type=1800 audit(1755520311.307:11): pid=6277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.107" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=7323 res=0 errno=0
[   80.816796][    C0] vcan0: j1939_tp_rxtimer: 0xffff88803330c400: rx timeout, send abort
[   80.821916][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88803330c400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[   81.545907][ T6291] netlink: 24 bytes leftover after parsing attributes in process `syz.2.114'.
[   81.688831][ T6301] loop2: detected capacity change from 0 to 2048
[   81.703403][ T6301] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   81.827764][ T6306] loop2: detected capacity change from 0 to 1764
[   81.935159][ T6313] loop0: detected capacity change from 0 to 256
[   81.938111][ T6313] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   81.942558][ T6313] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[   81.957984][ T6313] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   82.093087][ T6318] loop2: detected capacity change from 0 to 4096
[   82.135649][ T6323] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   82.165725][   T33] audit: type=1800 audit(1755520313.227:12): pid=6318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.125" name="file1" dev="loop2" ino=15 res=0 errno=0
[   82.197496][   T33] audit: type=1800 audit(1755520313.237:13): pid=6318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.125" name="file1" dev="loop2" ino=15 res=0 errno=0
[   82.330778][   T47] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[   82.485582][   T47] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0
[   82.489895][   T47] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x82 has an invalid bInterval 0, changing to 10
[   82.495706][   T47] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[   82.499757][   T47] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x3 has invalid wMaxPacketSize 0
[   82.505602][   T47] usb 1-1: config 1 interface 0 has no altsetting 0
[   82.516192][   T47] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   82.520032][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   82.527693][   T47] usb 1-1: SerialNumber: syz
[   82.550473][   T47] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[   82.822163][  T793] usb 1-1: USB disconnect, device number 3
[   82.992768][ T6331] loop2: detected capacity change from 0 to 16
[   83.003753][ T6331] MTD: Attempt to mount non-MTD device "/dev/loop2"
[   83.431332][ T6333] loop2: detected capacity change from 0 to 1024
[   83.476191][ T6333] mmap: +}[@ (6333) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   83.706712][ T6345] ucma_write: process 100 (syz.2.138) changed security contexts after opening file descriptor, this is not allowed.
[   84.227441][ T6359] loop2: detected capacity change from 0 to 1024
[   84.230853][ T6359] EXT4-fs: Ignoring removed orlov option
[   84.233302][ T6359] EXT4-fs: Ignoring removed mblk_io_submit option
[   84.241628][ T6359] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   84.277701][ T6359] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.654417][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.707114][ T5297] udevd[5297]: worker [5856] terminated by signal 33 (Unknown signal 33)
[   84.712369][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   84.715696][ T5297] udevd[5297]: worker [5856] failed while handling '/devices/virtual/block/loop2'
[   84.736770][ T6377] mkiss: ax0: crc mode is auto.
[   84.876504][ T6381] loop2: detected capacity change from 0 to 128
[   84.881705][   T10] usb 1-1: Using ep0 maxpacket: 16
[   84.891659][   T10] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   84.896764][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[   84.899414][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[   84.906160][ T6381] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   84.911052][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.915791][   T10] usb 1-1: config 0 descriptor??
[   84.921088][ T6381] ext4 filesystem being mounted at /48/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   84.970463][ T5853] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   85.082788][ T6386] netlink: 'syz.2.151': attribute type 12 has an invalid length.
[   85.238434][ T6393] netlink: 28 bytes leftover after parsing attributes in process `syz.2.154'.
[   85.345210][   T10] logitech 0003:046D:C20E.0002: rdesc size test failed for formula gp
[   85.357015][   T10] logitech 0003:046D:C20E.0002: hidraw0: USB HID v20.00 Device [HID 046d:c20e] on usb-dummy_hcd.0-1/input0
[   85.433740][ T6399] Driver unsupported XDP return value 0 on prog  (id 17) dev N/A, expect packet loss!
[   85.539945][   T10] usb 1-1: USB disconnect, device number 4
[   85.793129][ T6414] loop2: detected capacity change from 0 to 512
[   85.797012][ T6414] EXT4-fs (loop2): blocks per group (34) and clusters per group (32768) inconsistent
[   85.914443][ T6418] loop2: detected capacity change from 0 to 128
[   85.948835][ T6418] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   85.955576][ T6418] ext4 filesystem being mounted at /65/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   85.979752][ T5853] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   86.126065][ T6426] loop0: detected capacity change from 0 to 512
[   86.128771][ T5851] Bluetooth: hci1: unexpected subevent 0x01 length: 11 < 18
[   86.134611][ T6426] EXT4-fs: Ignoring removed nomblk_io_submit option
[   86.136820][ T6426] EXT4-fs: inline encryption not supported
[   86.139420][ T6426] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   86.144769][ T6426] EXT4-fs (loop0): can't mount with both data=journal and delalloc
[   86.245761][ T6432] loop0: detected capacity change from 0 to 1024
[   86.264845][ T6432] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.316669][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.372095][ T6436] netlink: 'syz.0.173': attribute type 2 has an invalid length.
[   86.400151][ T6428] loop2: detected capacity change from 0 to 40427
[   86.403876][ T6428] f2fs: Unknown parameter ''
[   86.482916][   T24] cfg80211: failed to load regulatory.db
[   86.681880][   T47] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   86.853508][   T47] usb 1-1: too many configurations: 227, using maximum allowed: 8
[   86.880350][   T47] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[   86.884666][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.899847][   T47] usb 1-1: config 0 descriptor??
[   86.912708][   T47] pwc: Samsung MPC-C10 USB webcam detected.
[   86.915217][   T47] pwc: Warning: more than 1 configuration available.
[   87.121149][   T47] pwc: send_video_command error -71
[   87.123936][   T47] pwc: Failed to set video mode VGA@30 fps; return code = -71
[   87.131333][   T47] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[   87.144551][   T47] usb 1-1: USB disconnect, device number 5
[   87.225022][ T6452] netlink: 12 bytes leftover after parsing attributes in process `syz.2.180'.
[   87.781112][ T6456] netlink: 'syz.0.182': attribute type 29 has an invalid length.
[   88.191193][   T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   88.429829][   T10] usb 1-1: config 0 has an invalid interface number: 171 but max is 0
[   88.437528][   T10] usb 1-1: config 0 has no interface number 0
[   88.444682][   T10] usb 1-1: config 0 interface 171 has no altsetting 0
[   88.449441][   T10] usb 1-1: New USB device found, idVendor=13d3, idProduct=3219, bcdDevice=7a.67
[   88.454022][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.456788][   T10] usb 1-1: Product: syz
[   88.458379][   T10] usb 1-1: Manufacturer: syz
[   88.460216][   T10] usb 1-1: SerialNumber: syz
[   88.466100][   T10] usb 1-1: config 0 descriptor??
[   88.676030][   T10] dvb_usb_m920x 1-1:0.171: probe with driver dvb_usb_m920x failed with error -71
[   88.687161][   T10] usb 1-1: USB disconnect, device number 6
[   89.014260][ T6469] vivid-000: disconnect
[   89.016740][ T6468] vivid-000: reconnect
[   89.083004][ T5878] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   89.089706][ T5878] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   89.102783][   T24] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   89.178380][ T6473] loop2: detected capacity change from 0 to 8192
[   89.222608][   T24] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   89.323927][ T6479] loop2: detected capacity change from 0 to 512
[   89.345507][ T6479] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   89.349212][ T6479] System zones: 0-2, 18-18, 34-35
[   89.359602][ T6479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.369490][ T6479] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.443167][   T24] Process accounting resumed
[   89.447432][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.526151][ T6491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.197'.
[   89.533153][ T6492] loop0: detected capacity change from 0 to 1024
[   89.597075][ T6492] hfsplus: catalog searching failed
[   89.622813][ T1099] hfsplus: b-tree write err: -5, ino 3
[   89.828934][ T6494] loop2: detected capacity change from 0 to 32768
[   89.840907][ T5879] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   89.868601][ T6494] JBD2: Ignoring recovery information on journal
[   89.902627][ T6494] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   89.947069][ T5853] ocfs2: Unmounting device (7,2) on (node local)
[   90.564069][ T5879] IPVS: starting estimator thread 0...
[   90.658795][ T6521] (unnamed net_device) (uninitialized): option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[   90.681112][ T6519] IPVS: using max 62 ests per chain, 148800 per kthread
[   90.713297][ T6525] tipc: Started in network mode
[   90.715122][ T6525] tipc: Node identity ac14140f, cluster identity 4711
[   90.718176][ T6525] tipc: New replicast peer: 255.255.255.255
[   90.723601][ T6525] tipc: Enabled bearer <udp:syz2>, priority 10
[   90.724269][ T6524] loop0: detected capacity change from 0 to 1024
[   91.014310][ T6462] libceph: connect (1)[c::]:6789 error -101
[   91.026589][ T6462] libceph: mon0 (1)[c::]:6789 connect error
[   91.033054][ T6462] libceph: connect (1)[c::]:6789 error -101
[   91.036140][ T6462] libceph: mon0 (1)[c::]:6789 connect error
[   91.091203][ T5899] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   91.157319][ T6532] ceph: No mds server is up or the cluster is laggy
[   91.165824][ T6537] loop0: detected capacity change from 0 to 256
[   91.193013][ T6537] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d)
[   91.293665][ T5899] usb 2-1: config 0 has an invalid interface number: 228 but max is 0
[   91.297152][ T5899] usb 2-1: config 0 has no interface number 0
[   91.299249][ T5899] usb 2-1: config 0 interface 228 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[   91.307421][ T5899] usb 2-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=34.b1
[   91.312062][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.314707][ T5899] usb 2-1: Product: syz
[   91.315942][ T6512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   91.316363][ T5899] usb 2-1: Manufacturer: syz
[   91.325680][ T5899] usb 2-1: SerialNumber: syz
[   91.345744][ T5899] usb 2-1: config 0 descriptor??
[   91.353834][ T5899] bfusb 2-1:0.228: probe with driver bfusb failed with error -5
[   91.490800][ T5879] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   91.579211][ T5899] usb 2-1: USB disconnect, device number 3
[   91.661182][ T5879] usb 1-1: Using ep0 maxpacket: 8
[   91.667115][ T5879] usb 1-1: config 162 has an invalid interface number: 97 but max is 0
[   91.670946][ T5879] usb 1-1: config 162 has no interface number 0
[   91.673681][ T5879] usb 1-1: config 162 interface 97 has no altsetting 0
[   91.679409][ T5879] usb 1-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[   91.686013][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.689355][ T5879] usb 1-1: Product: syz
[   91.691246][ T5879] usb 1-1: Manufacturer: syz
[   91.693138][ T5879] usb 1-1: SerialNumber: syz
[   91.737813][ T6462] tipc: Node number set to 2886997007
[   91.915392][ T5879] metro_usb 1-1:162.97: Metrologic USB to Serial converter detected
[   91.933392][ T5879] usb 1-1: Metrologic USB to Serial converter now attached to ttyUSB0
[   91.945839][ T5879] usb 1-1: USB disconnect, device number 7
[   91.975343][ T5879] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0
[   91.979567][ T5879] metro_usb 1-1:162.97: device disconnected
[   92.258517][ T6546] loop2: detected capacity change from 0 to 512
[   92.290977][ T6546] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   92.306110][ T6546] EXT4-fs (loop2): orphan cleanup on readonly fs
[   92.309129][ T6546] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.218: iget: bad i_size value: 360287970189639680
[   92.323362][ T6546] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.218: couldn't read orphan inode 15 (err -117)
[   92.405384][ T6546] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   92.702026][ T6546] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.963648][ T6556] loop0: detected capacity change from 0 to 512
[   93.069997][ T6556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   93.071363][ T6559] lo speed is unknown, defaulting to 1000
[   93.091996][ T6556] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.120970][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   93.276455][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   93.366629][   T33] audit: type=1326 audit(1755520324.437:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6558 comm="syz.2.221" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f057798ebe9 code=0x0
[   93.406646][ T6578] gtp0: entered promiscuous mode
[   93.408292][ T6578] gtp0: entered allmulticast mode
[   93.854430][ T6582] bridge: RTM_NEWNEIGH with invalid ether address
[   93.929377][ T6587] loop1: detected capacity change from 0 to 16
[   93.938881][ T6587] erofs (device loop1): rootino(nid 36) is not a directory(i_mode 17700)
[   94.194759][ T6600] netlink: 40 bytes leftover after parsing attributes in process `syz.2.236'.
[   94.731152][ T6614] netlink: 'syz.0.244': attribute type 1 has an invalid length.
[   94.774901][ T6614] bond1: (slave geneve2): making interface the new active one
[   94.778068][ T6614] bond1: (slave geneve2): Enslaving as an active interface with an up link
[   94.785907][   T13] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   94.795448][   T13] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   94.799757][   T13] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   94.807204][   T13] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   94.940825][ T5899] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[   94.988466][ T6617] cgroup: none used incorrectly
[   95.112751][ T5899] usb 2-1: unable to get BOS descriptor or descriptor too short
[   95.126203][ T5899] usb 2-1: not running at top speed; connect to a high speed hub
[   95.141915][ T5899] usb 2-1: config 2 has an invalid interface number: 212 but max is 1
[   95.156051][ T5899] usb 2-1: config 2 has an invalid interface number: 226 but max is 1
[   95.159370][ T5899] usb 2-1: config 2 has no interface number 0
[   95.164613][ T5899] usb 2-1: config 2 has no interface number 1
[   95.168004][ T5899] usb 2-1: config 2 interface 212 altsetting 9 endpoint 0x1 has invalid maxpacket 512, setting to 64
[   95.174808][ T5899] usb 2-1: config 2 interface 226 altsetting 0 has a duplicate endpoint with address 0x1, skipping
[   95.180004][ T5899] usb 2-1: config 2 interface 226 altsetting 0 endpoint 0x85 has invalid maxpacket 37745, setting to 64
[   95.186309][ T5899] usb 2-1: config 2 interface 226 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[   95.191187][ T5899] usb 2-1: config 2 interface 226 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   95.197438][ T5899] usb 2-1: config 2 interface 212 has no altsetting 0
[   95.203910][ T5899] usb 2-1: New USB device found, idVendor=0738, idProduct=4540, bcdDevice=c6.ce
[   95.207912][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.212794][ T5899] usb 2-1: Product: syz
[   95.214883][ T5899] usb 2-1: Manufacturer: syz
[   95.216833][ T5899] usb 2-1: SerialNumber: syz
[   95.496112][ T5899] input: Mad Catz Beat Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:2.226/input/input4
[   95.514878][    C1] xpad 2-1:2.226: xpad_irq_in - usb_submit_urb failed with result -1
[   95.521598][ T5899] usb 2-1: USB disconnect, device number 4
[   96.535973][ T6624] loop1: detected capacity change from 0 to 32768
[   97.020889][ T5899] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   97.090764][ T6462] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   97.174744][ T5899] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[   97.178227][ T5899] usb 3-1: config 0 has no interface number 0
[   97.187994][ T5899] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[   97.197769][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.203955][ T6650] loop0: detected capacity change from 0 to 512
[   97.204818][ T5899] usb 3-1: Product: syz
[   97.208255][ T5899] usb 3-1: Manufacturer: syz
[   97.210150][ T5899] usb 3-1: SerialNumber: syz
[   97.215263][ T5899] usb 3-1: config 0 descriptor??
[   97.239057][ T6650] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.247220][ T6650] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.254801][ T6462] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.261170][ T6462] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.265466][ T6462] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[   97.276295][ T6462] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.287356][ T6462] usb 2-1: config 0 descriptor??
[   97.336365][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.431547][ T5899] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected
[   97.441697][ T5899] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81
[   97.445091][ T5899] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1
[   97.448517][ T5899] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2
[   97.474144][ T5899] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[   97.498380][ T6657] loop0: detected capacity change from 0 to 128
[   97.525692][ T6657] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   97.539549][ T6657] ext4 filesystem being mounted at /86/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   97.594897][ T5857] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   97.693418][ T6662] loop0: detected capacity change from 0 to 2048
[   97.708059][ T6663] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   97.713766][ T6462] hid-thrustmaster 0003:044F:B65D.0003: collection stack underflow
[   97.727096][ T6462] hid-thrustmaster 0003:044F:B65D.0003: item 0 4 0 12 parsing failed
[   97.730172][ T6462] hid-thrustmaster 0003:044F:B65D.0003: parse failed with error -22
[   97.735179][ T6462] hid-thrustmaster 0003:044F:B65D.0003: probe with driver hid-thrustmaster failed with error -22
[   97.799019][ T6663] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[   97.802660][ T6663] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4)
[   97.808576][ T6663] Remounting filesystem read-only
[   97.834668][ T5857] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
[   97.851408][ T6462] usb 3-1: USB disconnect, device number 3
[   97.868486][ T6462] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[   97.888470][ T6462] keyspan 3-1:0.133: device disconnected
[   97.925280][   T10] usb 2-1: USB disconnect, device number 5
[   98.764319][ T6682] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[   99.246485][ T6696] bridge: RTM_NEWNEIGH with invalid state 0x0
[   99.361157][ T6698] loop0: detected capacity change from 0 to 1024
[   99.851885][ T5899] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  100.010841][ T5899] usb 1-1: Using ep0 maxpacket: 32
[  100.019006][ T5899] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  100.024729][ T5899] usb 1-1: config 0 has no interface number 0
[  100.027052][ T5899] usb 1-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  100.030476][ T5899] usb 1-1: config 0 interface 1 has no altsetting 0
[  100.044741][ T5899] usb 1-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  100.060783][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.064027][ T5899] usb 1-1: Product: syz
[  100.065797][ T5899] usb 1-1: Manufacturer: syz
[  100.067783][ T5899] usb 1-1: SerialNumber: syz
[  100.083039][ T5899] usb 1-1: config 0 descriptor??
[  100.319387][ T5899] cx231xx 1-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  100.333414][ T5899] cx231xx 1-1:0.1: Not found matching IAD interface
[  100.340140][ T5899] usb 1-1: USB disconnect, device number 8
[  100.503595][ T6725] loop1: detected capacity change from 0 to 8
[  101.210832][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  101.500956][   T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  101.515219][ T6751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.302'.
[  101.561745][ T6753] loop2: detected capacity change from 0 to 128
[  101.568050][ T6753] FAT-fs (loop2): bogus number of reserved sectors
[  101.571283][ T6753] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  101.599815][ T6753] FAT-fs (loop2): Can't find a valid FAT filesystem
[  101.664609][   T24] usb 1-1: Using ep0 maxpacket: 16
[  101.671551][   T24] usb 1-1: New USB device found, idVendor=5752, idProduct=75b9, bcdDevice=ae.00
[  101.677151][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.694267][   T24] usb 1-1: Product: syz
[  101.719614][   T24] usb 1-1: Manufacturer: syz
[  101.729262][   T24] usb 1-1: SerialNumber: syz
[  101.748878][   T24] usb 1-1: config 0 descriptor??
[  101.760592][   T24] usb-storage 1-1:0.0: USB Mass Storage device detected
[  101.977303][   T24] usb 1-1: USB disconnect, device number 9
[  102.244480][ T6779] loop2: detected capacity change from 0 to 512
[  102.249704][ T6779] EXT4-fs: Ignoring removed oldalloc option
[  102.254040][ T6779] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  102.264275][ T6779] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 11. Delete some EAs or run e2fsck.
[  102.268966][ T6779] EXT4-fs (loop2): 1 truncate cleaned up
[  102.273646][ T6779] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.283874][   T33] audit: type=1800 audit(1755520333.357:15): pid=6779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.315" name="bus" dev="loop2" ino=18 res=0 errno=0
[  102.359492][ T6773] loop1: detected capacity change from 0 to 32768
[  102.381694][ T6773] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.312 (6773)
[  102.424327][ T6773] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  102.429869][ T6773] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  102.435552][ T6773] BTRFS info (device loop1): disk space caching is enabled
[  102.438948][ T6773] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  102.620288][ T6773] BTRFS info (device loop1): rebuilding free space tree
[  102.646349][ T6800] loop0: detected capacity change from 0 to 512
[  102.718924][ T6773] BTRFS info (device loop1): disabling free space tree
[  102.720147][ T6800] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.729960][ T6800] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  102.732841][ T6773] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  102.754709][ T6773] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  102.755754][ T6800] EXT4-fs warning (device loop0): verify_group_input:137: Cannot add at group 25 (only 1 groups)
[  102.806858][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.013219][ T5849] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  103.632414][ T6826] binder: 6825:6826 ioctl c0306201 200000000240 returned -14
[  103.697684][ T6828] loop0: detected capacity change from 0 to 4096
[  103.702807][ T6828] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  103.788794][ T6828] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  103.794345][ T6828] ntfs3(loop0): ino=1a, mi_enum_attr
[  103.797937][ T6828] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  104.470935][ T6840] Zero length message leads to an empty skb
[  104.593752][ T6845] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  104.605045][ T6844] process 'syz.1.333' launched '/dev/fd/3' with NULL argv: empty string added
[  104.778280][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.825304][ T6851] loop0: detected capacity change from 0 to 1024
[  104.864828][ T6851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.882128][ T6855] syzkaller1: entered promiscuous mode
[  104.884536][ T6855] syzkaller1: entered allmulticast mode
[  104.903020][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.000400][ T6864] loop2: detected capacity change from 0 to 512
[  105.058037][ T6864] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.083417][ T6864] ext4 filesystem being mounted at /141/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.110899][ T6873] loop1: detected capacity change from 0 to 256
[  105.119081][ T6873] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  105.197682][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.264085][ T6880] loop1: detected capacity change from 0 to 64
[  105.337372][ T6884] binder: 6883:6884 ioctl c018620c 0 returned -14
[  105.359698][ T6886] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82
[  105.364542][ T6886] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  105.507269][ T6896] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  105.513313][ T6896] bridge0: port 3(macsec1) entered blocking state
[  105.515642][ T6896] bridge0: port 3(macsec1) entered disabled state
[  105.527911][ T6896] macsec1: entered allmulticast mode
[  105.530199][ T6896] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  105.542406][ T6896] macsec1: entered promiscuous mode
[  105.554352][ T6896] bridge0: port 3(macsec1) entered blocking state
[  105.556987][ T6896] bridge0: port 3(macsec1) entered forwarding state
[  105.778064][ T6908] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  105.837380][ T6910] loop2: detected capacity change from 0 to 1024
[  105.840294][ T6910] EXT4-fs: Ignoring removed nobh option
[  105.855613][ T6910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.387749][ T6921] xt_socket: unknown flags 0xd0
[  106.418141][ T6923] binder: 6915:6923 unknown command 0
[  106.420469][ T6923] binder: 6915:6923 ioctl c0306201 200000000c40 returned -22
[  106.589093][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.069082][ T6955] program syz.2.380 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  107.830806][   T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  107.990784][   T24] usb 1-1: Using ep0 maxpacket: 8
[  107.995464][   T24] usb 1-1: config 5 has an invalid interface number: 22 but max is 0
[  107.999312][   T24] usb 1-1: config 5 has no interface number 0
[  108.003087][   T24] usb 1-1: config 5 interface 22 altsetting 25 endpoint 0x6 has invalid wMaxPacketSize 0
[  108.007571][   T24] usb 1-1: config 5 interface 22 has no altsetting 0
[  108.013433][   T24] usb 1-1: New USB device found, idVendor=0bfd, idProduct=010d, bcdDevice=ba.fa
[  108.017189][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.022319][   T24] usb 1-1: Product: syz
[  108.024229][   T24] usb 1-1: Manufacturer: syz
[  108.026238][   T24] usb 1-1: SerialNumber: syz
[  108.068569][ T6970] Bluetooth: MGMT ver 1.23
[  108.239492][   T24] kvaser_usb 1-1:5.22: error -ENODEV: Cannot get usb endpoint(s)
[  108.251952][   T24] rndis_host 1-1:5.22: skipping garbage
[  108.253820][   T24] usb 1-1: bad CDC descriptors
[  108.261957][   T24] usb 1-1: USB disconnect, device number 10
[  108.895275][ T6990] loop0: detected capacity change from 0 to 4096
[  108.910876][ T6990] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  108.937110][ T6990] ntfs3(loop0): ino=19, mi_enum_attr
[  108.945716][ T6990] ntfs3(loop0): ino=19, mi_enum_attr
[  108.951890][ T6990] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  109.190122][ T6997] loop0: detected capacity change from 0 to 512
[  109.212550][ T6997] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.401: Unrecognised inode hash code 255
[  109.225413][ T6997] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.401: Corrupt directory, running e2fsck is recommended
[  109.257328][ T6997] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  109.269205][ T6997] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.401: corrupted in-inode xattr: invalid ea_ino
[  109.292359][ T6997] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.401: couldn't read orphan inode 15 (err -117)
[  109.317253][ T6997] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.353896][ T6997] EXT4-fs (loop0): shut down requested (1)
[  109.416807][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.897031][ T7003] loop0: detected capacity change from 0 to 32768
[  109.911055][ T7003] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.402 (7003)
[  109.937774][ T7003] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  109.943455][ T7003] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  110.017039][ T7003] BTRFS info (device loop0): rebuilding free space tree
[  110.056958][ T7003] BTRFS info (device loop0): disabling free space tree
[  110.059888][ T7003] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  110.081429][ T7003] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  110.278308][ T5857] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  111.300798][   T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  111.453170][   T24] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  111.457213][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.551834][   T24] usb 3-1: config 0 descriptor??
[  111.564165][   T24] gspca_main: spca508-2.14.0 probing 8086:0110
[  111.764114][   T24] gspca_spca508: reg_read err -71
[  111.766480][   T24] gspca_spca508: reg_read err -71
[  111.771151][   T24] gspca_spca508: reg_read err -71
[  111.774585][   T24] gspca_spca508: reg_read err -71
[  111.777316][   T24] gspca_spca508: reg_read err -71
[  111.780995][   T24] gspca_spca508: reg write: error -71
[  111.784769][   T24] spca508 3-1:0.0: probe with driver spca508 failed with error -71
[  111.809144][   T24] usb 3-1: USB disconnect, device number 4
[  112.318579][ T7061] loop2: detected capacity change from 0 to 512
[  112.341073][ T7061] EXT4-fs: Ignoring removed nomblk_io_submit option
[  112.369547][ T7061] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  112.377385][ T7061] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  112.397459][ T7061] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.418: Allocating blocks 41-42 which overlap fs metadata
[  112.409734][ T7061] EXT4-fs (loop2): Remounting filesystem read-only
[  112.413948][ T7061] Quota error (device loop2): write_blk: dquota write failed
[  112.416822][ T7061] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5
[  112.421548][ T7061] Quota error (device loop2): write_blk: dquota write failed
[  112.424480][ T7061] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  112.428256][ T7061] EXT4-fs (loop2): 1 truncate cleaned up
[  112.431295][ T7061] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.433293][ T7068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.420'.
[  112.445898][ T7068] ==================================================================
[  112.448446][ T7068] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  112.450869][ T7068] Read of size 4 at addr ffff88811fd680c4 by task syz.1.420/7068
[  112.454856][ T7068] 
[  112.455767][ T7068] CPU: 1 UID: 0 PID: 7068 Comm: syz.1.420 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  112.455780][ T7068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  112.455787][ T7068] Call Trace:
[  112.455801][ T7068]  <TASK>
[  112.455812][ T7068]  dump_stack_lvl+0x189/0x250
[  112.455827][ T7068]  ? __kasan_check_byte+0x12/0x40
[  112.455842][ T7068]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.455852][ T7068]  ? lock_release+0x4b/0x3e0
[  112.455866][ T7068]  ? __virt_addr_valid+0x4a5/0x5c0
[  112.455877][ T7068]  print_report+0xca/0x240
[  112.455886][ T7068]  ? xfrm_alloc_spi+0x570/0xf30
[  112.455896][ T7068]  kasan_report+0x118/0x150
[  112.455907][ T7068]  ? xfrm_alloc_spi+0x570/0xf30
[  112.455917][ T7068]  xfrm_alloc_spi+0x570/0xf30
[  112.455926][ T7068]  ? xfrm_alloc_spi+0x2a0/0xf30
[  112.455937][ T7068]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  112.455945][ T7068]  ? xfrm_find_acq+0x87/0xa0
[  112.455954][ T7068]  xfrm_alloc_userspi+0x70b/0xc90
[  112.455967][ T7068]  ? apparmor_capable+0x137/0x1b0
[  112.455977][ T7068]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  112.455986][ T7068]  ? __nla_parse+0x40/0x60
[  112.455999][ T7068]  xfrm_user_rcv_msg+0x7a3/0xab0
[  112.456009][ T7068]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  112.456046][ T7068]  ? __pfx___mutex_trylock_common+0x10/0x10
[  112.456059][ T7068]  ? rcu_is_watching+0x15/0xb0
[  112.456068][ T7068]  ? trace_contention_end+0x39/0x120
[  112.456076][ T7068]  ? __mutex_lock+0x335/0x1360
[  112.456088][ T7068]  netlink_rcv_skb+0x208/0x470
[  112.456100][ T7068]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  112.456109][ T7068]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  112.456122][ T7068]  ? netlink_deliver_tap+0x2e/0x1b0
[  112.456132][ T7068]  ? netlink_deliver_tap+0x2e/0x1b0
[  112.456143][ T7068]  xfrm_netlink_rcv+0x79/0x90
[  112.456151][ T7068]  netlink_unicast+0x82f/0x9e0
[  112.456163][ T7068]  ? __pfx_netlink_unicast+0x10/0x10
[  112.456172][ T7068]  ? netlink_sendmsg+0x642/0xb30
[  112.456182][ T7068]  ? skb_put+0x11b/0x210
[  112.456200][ T7068]  netlink_sendmsg+0x805/0xb30
[  112.456213][ T7068]  ? __pfx_netlink_sendmsg+0x10/0x10
[  112.456225][ T7068]  ? aa_sock_msg_perm+0xf1/0x1d0
[  112.456239][ T7068]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  112.456248][ T7068]  ? __pfx_netlink_sendmsg+0x10/0x10
[  112.456259][ T7068]  __sock_sendmsg+0x21c/0x270
[  112.456269][ T7068]  ____sys_sendmsg+0x505/0x830
[  112.456278][ T7068]  ? __pfx_____sys_sendmsg+0x10/0x10
[  112.456287][ T7068]  ? import_iovec+0x74/0xa0
[  112.456296][ T7068]  ___sys_sendmsg+0x21f/0x2a0
[  112.456304][ T7068]  ? __pfx____sys_sendmsg+0x10/0x10
[  112.456318][ T7068]  ? __fget_files+0x2a/0x420
[  112.456324][ T7068]  ? __fget_files+0x3a0/0x420
[  112.456333][ T7068]  __x64_sys_sendmsg+0x19b/0x260
[  112.456341][ T7068]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  112.456350][ T7068]  ? rcu_is_watching+0x15/0xb0
[  112.456358][ T7068]  ? do_syscall_64+0xbe/0x3b0
[  112.456370][ T7068]  do_syscall_64+0xfa/0x3b0
[  112.456380][ T7068]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.456390][ T7068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.456398][ T7068]  ? exc_page_fault+0x9f/0xf0
[  112.456408][ T7068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.456416][ T7068] RIP: 0033:0x7f3cf698ebe9
[  112.456425][ T7068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.456432][ T7068] RSP: 002b:00007f3cf7834038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  112.456442][ T7068] RAX: ffffffffffffffda RBX: 00007f3cf6bb5fa0 RCX: 00007f3cf698ebe9
[  112.456448][ T7068] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  112.456454][ T7068] RBP: 00007f3cf6a11e19 R08: 0000000000000000 R09: 0000000000000000
[  112.456459][ T7068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  112.456464][ T7068] R13: 00007f3cf6bb6038 R14: 00007f3cf6bb5fa0 R15: 00007ffd5517f528
[  112.456473][ T7068]  </TASK>
[  112.456477][ T7068] 
[  112.587587][ T7068] Allocated by task 6192:
[  112.589142][ T7068]  kasan_save_track+0x3e/0x80
[  112.590801][ T7068]  __kasan_slab_alloc+0x6c/0x80
[  112.592685][ T7068]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  112.594603][ T7068]  xfrm_state_alloc+0x24/0x2f0
[  112.596287][ T7068]  __find_acq_core+0x8a7/0x1c00
[  112.598180][ T7068]  xfrm_find_acq+0x78/0xa0
[  112.599885][ T7068]  xfrm_alloc_userspi+0x6b3/0xc90
[  112.601650][ T7068]  xfrm_user_rcv_msg+0x7a3/0xab0
[  112.603649][ T7068]  netlink_rcv_skb+0x208/0x470
[  112.605562][ T7068]  xfrm_netlink_rcv+0x79/0x90
[  112.607258][ T7068]  netlink_unicast+0x82f/0x9e0
[  112.608931][ T7068]  netlink_sendmsg+0x805/0xb30
[  112.610678][ T7068]  __sock_sendmsg+0x21c/0x270
[  112.612404][ T7068]  ____sys_sendmsg+0x505/0x830
[  112.614157][ T7068]  ___sys_sendmsg+0x21f/0x2a0
[  112.615848][ T7068]  __x64_sys_sendmsg+0x19b/0x260
[  112.617615][ T7068]  do_syscall_64+0xfa/0x3b0
[  112.619279][ T7068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.621361][ T7068] 
[  112.622198][ T7068] Freed by task 5899:
[  112.623652][ T7068]  kasan_save_track+0x3e/0x80
[  112.625430][ T7068]  kasan_save_free_info+0x46/0x50
[  112.627282][ T7068]  __kasan_slab_free+0x5b/0x80
[  112.629061][ T7068]  kmem_cache_free+0x18f/0x400
[  112.630794][ T7068]  xfrm_state_gc_task+0x52d/0x6b0
[  112.632649][ T7068]  process_scheduled_works+0xae1/0x17b0
[  112.634567][ T7068]  worker_thread+0x8a0/0xda0
[  112.636154][ T7068]  kthread+0x711/0x8a0
[  112.637574][ T7068]  ret_from_fork+0x3fc/0x770
[  112.639332][ T7068]  ret_from_fork_asm+0x1a/0x30
[  112.641230][ T7068] 
[  112.642088][ T7068] The buggy address belongs to the object at ffff88811fd68000
[  112.642088][ T7068]  which belongs to the cache xfrm_state of size 928
[  112.647071][ T7068] The buggy address is located 196 bytes inside of
[  112.647071][ T7068]  freed 928-byte region [ffff88811fd68000, ffff88811fd683a0)
[  112.651918][ T7068] 
[  112.652838][ T7068] The buggy address belongs to the physical page:
[  112.655306][ T7068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88811fd68480 pfn:0x11fd68
[  112.659039][ T7068] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  112.662048][ T7068] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  112.664767][ T7068] page_type: f5(slab)
[  112.666237][ T7068] raw: 057ff00000000040 ffff88801af7a640 ffffea00047f5600 0000000000000004
[  112.669447][ T7068] raw: ffff88811fd68480 00000000800e000d 00000000f5000000 0000000000000000
[  112.672572][ T7068] head: 057ff00000000040 ffff88801af7a640 ffffea00047f5600 0000000000000004
[  112.675774][ T7068] head: ffff88811fd68480 00000000800e000d 00000000f5000000 0000000000000000
[  112.678703][ T7068] head: 057ff00000000002 ffffea00047f5a01 00000000ffffffff 00000000ffffffff
[  112.681655][ T7068] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  112.684853][ T7068] page dumped because: kasan: bad access detected
[  112.687170][ T7068] page_owner tracks the page as allocated
[  112.689246][ T7068] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5926, tgid 5919 (syz.0.1), ts 68311833788, free_ts 68195704434
[  112.695647][ T7068]  post_alloc_hook+0x240/0x2a0
[  112.697457][ T7068]  get_page_from_freelist+0x21e4/0x22c0
[  112.699477][ T7068]  __alloc_frozen_pages_noprof+0x181/0x370
[  112.701621][ T7068]  alloc_pages_mpol+0x232/0x4a0
[  112.703400][ T7068]  allocate_slab+0x8a/0x370
[  112.705116][ T7068]  ___slab_alloc+0xbeb/0x1410
[  112.706805][ T7068]  kmem_cache_alloc_noprof+0x283/0x3c0
[  112.708724][ T7068]  xfrm_state_alloc+0x24/0x2f0
[  112.710402][ T7068]  xfrm_state_find+0x37d4/0x5400
[  112.712236][ T7068]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  112.714466][ T7068]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  112.716463][ T7068]  xfrm_lookup_route+0x3c/0x1c0
[  112.718250][ T7068]  udp_sendmsg+0x142e/0x2170
[  112.720146][ T7068]  __sock_sendmsg+0x19c/0x270
[  112.722236][ T7068]  ____sys_sendmsg+0x52d/0x830
[  112.723884][ T7068]  ___sys_sendmsg+0x21f/0x2a0
[  112.725517][ T7068] page last free pid 5297 tgid 5297 stack trace:
[  112.727736][ T7068]  __free_frozen_pages+0xbc4/0xd30
[  112.729589][ T7068]  __put_partials+0x156/0x1a0
[  112.731382][ T7068]  put_cpu_partial+0x17c/0x250
[  112.733276][ T7068]  __slab_free+0x2d5/0x3c0
[  112.734902][ T7068]  qlist_free_all+0x97/0x140
[  112.736561][ T7068]  kasan_quarantine_reduce+0x148/0x160
[  112.738510][ T7068]  __kasan_slab_alloc+0x22/0x80
[  112.740200][ T7068]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  112.742079][ T7068]  getname_flags+0xb8/0x540
[  112.743636][ T7068]  do_readlinkat+0xbc/0x500
[  112.745276][ T7068]  __x64_sys_readlink+0x7f/0x90
[  112.747050][ T7068]  do_syscall_64+0xfa/0x3b0
[  112.748754][ T7068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.750940][ T7068] 
[  112.751824][ T7068] Memory state around the buggy address:
[  112.753874][ T7068]  ffff88811fd67f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  112.756692][ T7068]  ffff88811fd68000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.759422][ T7068] >ffff88811fd68080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.762276][ T7068]                                            ^
[  112.764586][ T7068]  ffff88811fd68100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.767553][ T7068]  ffff88811fd68180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.770479][ T7068] ==================================================================
[  112.773633][ T7068] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  112.776307][ T7068] CPU: 1 UID: 0 PID: 7068 Comm: syz.1.420 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  112.780741][ T7068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  112.784376][ T7068] Call Trace:
[  112.785609][ T7068]  <TASK>
[  112.786638][ T7068]  dump_stack_lvl+0x99/0x250
[  112.788283][ T7068]  ? __asan_memcpy+0x40/0x70
[  112.789920][ T7068]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.791851][ T7068]  ? __pfx__printk+0x10/0x10
[  112.793691][ T7068]  vpanic+0x281/0x750
[  112.795235][ T7068]  ? __pfx_vpanic+0x10/0x10
[  112.796866][ T7068]  ? irqentry_exit+0x74/0x90
[  112.798583][ T7068]  panic+0xb9/0xc0
[  112.799879][ T7068]  ? __pfx_panic+0x10/0x10
[  112.801415][ T7068]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  112.803449][ T7068]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  112.805491][ T7068]  ? xfrm_alloc_spi+0x570/0xf30
[  112.807266][ T7068]  check_panic_on_warn+0x89/0xb0
[  112.809052][ T7068]  ? xfrm_alloc_spi+0x570/0xf30
[  112.810875][ T7068]  end_report+0x78/0x160
[  112.812450][ T7068]  kasan_report+0x129/0x150
[  112.814062][ T7068]  ? xfrm_alloc_spi+0x570/0xf30
[  112.815738][ T7068]  xfrm_alloc_spi+0x570/0xf30
[  112.817344][ T7068]  ? xfrm_alloc_spi+0x2a0/0xf30
[  112.818989][ T7068]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  112.820838][ T7068]  ? xfrm_find_acq+0x87/0xa0
[  112.822497][ T7068]  xfrm_alloc_userspi+0x70b/0xc90
[  112.824350][ T7068]  ? apparmor_capable+0x137/0x1b0
[  112.826212][ T7068]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  112.828201][ T7068]  ? __nla_parse+0x40/0x60
[  112.829790][ T7068]  xfrm_user_rcv_msg+0x7a3/0xab0
[  112.831588][ T7068]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  112.833498][ T7068]  ? __pfx___mutex_trylock_common+0x10/0x10
[  112.835647][ T7068]  ? rcu_is_watching+0x15/0xb0
[  112.837649][ T7068]  ? trace_contention_end+0x39/0x120
[  112.839719][ T7068]  ? __mutex_lock+0x335/0x1360
[  112.841556][ T7068]  netlink_rcv_skb+0x208/0x470
[  112.843407][ T7068]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  112.845437][ T7068]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  112.847358][ T7068]  ? netlink_deliver_tap+0x2e/0x1b0
[  112.849121][ T7068]  ? netlink_deliver_tap+0x2e/0x1b0
[  112.850963][ T7068]  xfrm_netlink_rcv+0x79/0x90
[  112.852684][ T7068]  netlink_unicast+0x82f/0x9e0
[  112.854394][ T7068]  ? __pfx_netlink_unicast+0x10/0x10
[  112.856333][ T7068]  ? netlink_sendmsg+0x642/0xb30
[  112.858047][ T7068]  ? skb_put+0x11b/0x210
[  112.859499][ T7068]  netlink_sendmsg+0x805/0xb30
[  112.861097][ T7068]  ? __pfx_netlink_sendmsg+0x10/0x10
[  112.862893][ T7068]  ? aa_sock_msg_perm+0xf1/0x1d0
[  112.864645][ T7068]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  112.866604][ T7068]  ? __pfx_netlink_sendmsg+0x10/0x10
[  112.868605][ T7068]  __sock_sendmsg+0x21c/0x270
[  112.870402][ T7068]  ____sys_sendmsg+0x505/0x830
[  112.872161][ T7068]  ? __pfx_____sys_sendmsg+0x10/0x10
[  112.874027][ T7068]  ? import_iovec+0x74/0xa0
[  112.875551][ T7068]  ___sys_sendmsg+0x21f/0x2a0
[  112.877137][ T7068]  ? __pfx____sys_sendmsg+0x10/0x10
[  112.879030][ T7068]  ? __fget_files+0x2a/0x420
[  112.880752][ T7068]  ? __fget_files+0x3a0/0x420
[  112.882408][ T7068]  __x64_sys_sendmsg+0x19b/0x260
[  112.884865][ T7068]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  112.886837][ T7068]  ? rcu_is_watching+0x15/0xb0
[  112.888523][ T7068]  ? do_syscall_64+0xbe/0x3b0
[  112.890435][ T7068]  do_syscall_64+0xfa/0x3b0
[  112.892170][ T7068]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.894083][ T7068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.896490][ T7068]  ? exc_page_fault+0x9f/0xf0
[  112.898485][ T7068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.900791][ T7068] RIP: 0033:0x7f3cf698ebe9
[  112.902415][ T7068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.909243][ T7068] RSP: 002b:00007f3cf7834038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  112.912481][ T7068] RAX: ffffffffffffffda RBX: 00007f3cf6bb5fa0 RCX: 00007f3cf698ebe9
[  112.915325][ T7068] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  112.918116][ T7068] RBP: 00007f3cf6a11e19 R08: 0000000000000000 R09: 0000000000000000
[  112.920947][ T7068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  112.923880][ T7068] R13: 00007f3cf6bb6038 R14: 00007f3cf6bb5fa0 R15: 00007ffd5517f528
[  112.926829][ T7068]  </TASK>
[  112.928628][ T7068] Kernel Offset: disabled
[  112.930017][ T7068] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:32:23  Registers:
info registers vcpu 0

CPU#0
RAX=6c4bedcd972f2700 RBX=ffffffff81968308 RCX=6c4bedcd972f2700 RDX=0000000000000001
RSI=ffffffff8d9b6dc6 RDI=ffffffff8be33400 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa37e30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055d4cdc86038 CR3=0000000111d32000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f4b27b87498 00007f4b27b87470 XMM03=00007f4b27b874a8 00007f4b27b874a0
XMM04=00007f4b286ed100 00007f4b27b87460 XMM05=00007f4b27b87478 00007f4b27b874c0
XMM06=00007f4b27b874b8 00007f4b27b874b0 XMM07=00007f4b27b874a8 00007f4b27b874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f4b27a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000000a RBX=000000000000000a RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000001a320 RDI=000000000001a321 RBP=00000000000003f8 RSP=ffffc900037ae9f0
R8 =ffff8881088e0237 R9 =1ffff1102111c046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af9916 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3cf78346c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32823ff8 CR3=000000010ff96000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f3cf6a12e53
XMM06=0000000000000000 00007f3cf6a12e4d XMM07=0000000000000000 00007f3cf6a12e61
XMM08=0000000000000000 00007f3cf6a12ee7 XMM09=0000000000000000 00007f3cf6a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
