last executing test programs:

1m49.737603831s ago: executing program 0 (id=19):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_SET_FEATURE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x3fa, 0x1, 0x70bd2b, 0x25dfdbfd, {0x1, 0x0, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x4000060}, 0x40000)

1m49.672683722s ago: executing program 0 (id=20):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, 0x0, 0x0)

1m49.672524606s ago: executing program 0 (id=21):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x21, 0x0, 0x0, 0x8000, 0x20004}, 0x50)

1m49.622594448s ago: executing program 0 (id=22):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)

1m49.561765134s ago: executing program 0 (id=23):
add_key$fscrypt_v1(0x0, &(0x7f0000000040)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffd)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8947, &(0x7f0000000040)={'bond0\x00', 0x10000})

1m48.562625333s ago: executing program 0 (id=26):
r0 = socket$kcm(0x2c, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x11b, 0x4, 0x0, 0xffc3)

1m48.494023068s ago: executing program 32 (id=26):
r0 = socket$kcm(0x2c, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x11b, 0x4, 0x0, 0xffc3)

1m17.859568667s ago: executing program 1 (id=270):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x200000, &(0x7f0000000080), 0xfe, 0x574, &(0x7f0000000cc0)="$eJzs3U9rFOcfAPDvbP5ojL+fEUTaHkrAQy3ixiT9Y6EHeyytVGjvdknGINm4kt2ISYXqoV56KVIopULpC+i9pyJ9A30VllaQIqE9eEmZzaxukt38WaNZs58PjM4zM7vP892Z75Nn9tllA+hZo9k/hYhXI+KbJOJI077+yHeOrh63/OjGVLYksbLy6d9JJPm2xvFJ/v9wXnglIn77KuJUYWO91cWl2VK5nM7n5bHa3NWx6uLS6ctzpZl0Jr0yMTl59u3JiffefWfXYn3zwr/ff3Lvw7Nfn1j+7ucHR+8kcS4O5/ua49jUgU333mwujMZo/poMxLl1B47vpOEvgWSvG0BH+vI8H4isDzgSfXnWA/vflxGxsnOPO3gM0HWSTvIf2Aca44DGvf2274P3iYcfrN4AbYw/WX1vJA7W740OLSdr7oyy+92RXag/q+OXv+7eyZbYyfsQAM/o5q2IONPf377/69yZbRyzvg79H7w497Lxz69DERvyv/Bk/BMtxj/DLXK3E1vnf+HB6iTU85GN/95vOf59UuVIX176X33MN5BculxOs77t/xFxMgYOZOXN5nPOLt9fabevefzXqLExFszb8aB/3ZzTdKlW6jTe9R7einhti/Fv0uL8Z229sM06jqd3X2+3rzn+bMnqXxv/87XyU8QbLc//0xmtZPP5ybH69TDWuCo2+uf28d/b1b/X8Wfn/9Dm8Y8kzfO11Z3X8ePBx2m7faNJPmnaNv7W1/9g8lm9ZxrMt10v1Wrz4xGDycf18prtE08f2yg3js/iP3midf5vdv0PRcTn24z/9rHbbQ/thvM/vaPzv/OV+x998UO7+reOPzv/b9XXTuZbttP/bbeBz/LaAQAAAAAAQLcpDEYcjqRQzOf0D0ehUCyufr7jWBwqlCvV2qlLlYUr01H/ruxIDBQaM93DTZ+HGM8/D9soT6wrT0bE0Yj4tm+oXi5OVcrTex08AAAAAAAAAAAAAAAAAAAAdInhaP39/8yffXvdOuC585Pf0LvW5P+BFgfsxi89AV3J33/oXfIfepf8h94l/6F3yX/oXfIfepf8h94l/wEAAAAAAAAAAAAAAAAAAAAAAAAAAGBXXTh/PltWlh/dmIqIg3FtcWG2cu30dFqdLc4tTBWnKvNXizOVykw5LU5V5rZ6vnKlcnV8Ihauj9XSam2surh0ca6ycKV28fJcaSa9mA68mLAAAAAAAAAAAAAAAAAAAADgpVJdXJotlcvpfG+s/NEdzdhPK/3d0Qwr89Wh2MUn3OueCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACe+i8AAP//geEvDw==")
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0/file3\x00', 0x4)

1m17.510563345s ago: executing program 1 (id=272):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af83, &(0x7f0000000600)={0x2, 0x0, [{0x8000000, 0x14, 0x0}, {0x8080000, 0x8d, &(0x7f00000006c0)=""/141}]})

1m17.096777835s ago: executing program 1 (id=273):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0x7c}}, 0x8050)

1m16.954039176s ago: executing program 1 (id=274):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x10, &(0x7f0000000080)={[{@nodiscard}, {@nocheckpoint_merge}, {@fastboot}, {@background_gc_off}, {@flush_merge}, {@fault_injection={'fault_injection', 0x3d, 0x4ef}}, {@grpjquota={'grpjquota', 0x3d, 'noacl'}}, {@noacl}, {@compress_cache}, {@alloc_mode_def}, {@noextent_cache}, {@grpjquota}, {@checkpoint_diasble}]}, 0x1, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0xa0, 0x0, 0x1, 0x0, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
open$dir(0x0, 0x18100, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r0 = open(&(0x7f0000000040)='.\x00', 0x20000, 0x0)
getdents64(r0, 0x0, 0x0)

1m16.186238823s ago: executing program 1 (id=278):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
write$sysctl(r0, 0x0, 0x0)

1m15.400443486s ago: executing program 1 (id=291):
prctl$PR_SET_FPEXC(0xc, 0x100000)

1m15.297121447s ago: executing program 33 (id=291):
prctl$PR_SET_FPEXC(0xc, 0x100000)

26.732824773s ago: executing program 4 (id=641):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r2, r1, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, r3, <r4=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f0000000280)={0x20, r4, &(0x7f00000001c0)=[{}, {0x1, 0x3}], 0xdeadbeef, 0x8, 0x2})

26.675113974s ago: executing program 4 (id=642):
syz_mount_image$xfs(&(0x7f0000009600), &(0x7f0000000100)='./file0\x00', 0x200800, &(0x7f0000000400)={[{@lazytime}, {@uqnoenforce}, {}, {@prjquota}, {@grpquota}, {@allocsize={'allocsize', 0x3d, [0x36, 0x39, 0x6d]}}, {@uqnoenforce}]}, 0x4, 0x9606, &(0x7f0000012cc0)="$eJzs2gm8pnPhuP/nDGOXMVRSaiqiRdYsUc0MZigkS7QjS8pSUqESSgoVEe3Zt2xlCWVrJdlbKCFUskRabMP8X8ecYYyLb/36/l++dV3X63XO8zz3c9/3+Tyf972cw2wyaYOJg8Ecg2mNG8zceddOnjLm6nXvOGrz+Y9d5tR7DnjsiouOH3mcMPI4cTAYjBp5e2jasrGD004fNZj14eWPNveccw3NOxgsO/JyZD+DFac9zHvF9PWmztTMAx169Ns+074ebr7hHzH85PAD9jpiMBiMmWH7ocFgaPfHfVBpm0yYPOlRq0fchq1Gjzyf8Wu2aV/zXjwYzHvmgI+PGdcdego+0vDP3P0l545e9yn42f9xbTJh8loz+Q+fi7OMLFtx+Byf+Rw0NvNxfttim648MoUPH2+DwfAl7jHnyn9Em0yYtPbgia/zg6NWuXCfqdOum7MPpt0o5hwMBnONXF/neapd6t9rwsTlHr5nT389wj79WN6djosT3n7yQ8M36cFgsMBgMHbN6feCqqqq+s9owsTlVoP7/xxPdv8/5ZSFz+z+X1VV9Z/bWhMmLjd8r5/p/j/Pk93/d1z4oj2n/bf/8StO2+qhp/ZDVFVV1b/UpLXw/j/mye7/K6522drd/6uqqv5zW3+dh+//88x0/1/wye7/bzl5lUVG1pv+e8ODM+xyaIb/n/DADMtnmWH5/TMsHz3DfmZcf7YZlt87w/LZh9+D9ccNBmOn/3vBKY8uHjtu+L2R5ffNsHz8o/9OZ9HVZ1g+YYblk2ZYPnFkrMPLJ8+wfPIM66/5JFNdVVX1f6b1l5u02mCGf2c/snih6e/T/f+Cs65b8qkab1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVf1n9tAdZ587GAyGBoPBqMFgymDk+YyPg6lTp04dfn3K+Zdf/pQN9P9GQ+ddO3nKmKvXveOozec/dplT7zng0Vn6j+0//xPUv9Ow/xzHjxsMtt/oqR5KPQV1/rvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMPJ89+mPZ+3/5reOrLryxqfedfCjWy46fpuRZ+ddO3nKNk/B2J+ChoY/65ir173jqM3nP3aZU+854L/g7PnP/wT17/Sw/zZDg8HI+T1m+Fxed8L6Gy4xGAwOvuvUjVcYPPLeSsPvrTJ2lsEsD2+6xMPf11iUd7z7mtMexw9/W/CRfZzy8P7XmnrYLEMzDWKGXnXejUe9a5N7lp/5cfEn/hyjpj854voz7p46derUxywcaY4n2Hj6/qd/lpnP85GxLzE89qV22u69S71/l12X3Ga7zbbecustt19muZWWX2HZZVZY+RVLbbXNtlsuPe37E8zZuIe/r/bPzNk8M8/ZHRNmnLOZP9sTzdm4J5+zh/c4ZdehDafP2az/4pyt9uRzNm6bkR+06PjRg00fnpqhwWDR1UcPdh5+sczsg8Gia4ysu9DwuquOHTUY7P/oBx1+Nvsjx+DQ7sPrbDJpg4mPjuzxn/Bx1+nHrLjo+JHHCSOPE6cNcdzg0UNx7OC000cNz8VjpnnuOecamncwWHbk5ch+BiuPvHvo9PWmztTMAx169Ns+074ebr7hnQw/effSZ18zfC7OtP3/H/0/Xf8f57XS0CMTNTTyNbLONK8Jk9d69Gc9PA3DczfLyLIVh01mnrP/zR433nGzDsY8yXgnrTVxueHFM83/9E3w+LpzsQs/PO3YGr/itK0e+n9GofHO8yTjXWsCjneeJxvv8R+59PRpu/pfG+9M17q1H/4+/p+51g2e/Fo3C+1gy0sWmfla97onHuJjzuPpczT7TCs90bVu50OW3X14/+Of/Fq39vDYRz/mWjdqMFh0tenXuuEL36TRg/2HXyw7/GLy6MGxwy+We/jFnIPzh1+8/J07bLvF8II1p8/J0sP7HT926GH3C1e8dfGpB06duvrIWMaPfexYR46PcTPezyeMnTaZ07edvt/hVafv95ZnTntv0sh+J/wL+52+LY33rvmmvTd5ZL8TZ9rv6CfZ7/RtH3c+LDH0yIXrCa43k2a63oz8jTP9xz3ma7ZpX/NePBjMeyb5zrTu/3jNpPN3jicZ74SJy602PL6Zzt9HDkc6fy+dfPXwvWLewWCwwGAwds3pY/8XG3qi8c765OOdCOOd9cnGe+Vx263zvzDewQzjfcxxtsn6046VNUeOs8n/wvE7fduZr2OjH3532mV/zX/mOjbucdexPWYZNdNkz9AT/c62Baw/7flCj/6ee+1Jx0yf+9Ez7fd/+p1ths8yBNexMTP9PT9qzRsGQzTnux+/6mVDBz35nI8ePPZvi+lzPn3bJ5vzyf/MnD/nyef8n/09eYkXTnt/9Ezjn3HO19vv2ftOn/PZZtrv/zTnk5/83vH4OR8/GE1zvvT90+btya6nTzTn07edPufDH3GVsbMO1hi+Z43M+aR/Zs4X+t85zueC9ac93/KRReccdeobp8/5zHP8P835pH91zsc9cpwv+vB7Lxg1mG22wc6b7bTTjstM+z795bLTvvO16N5rp83zk91Ln8ho+rZPdl6s/s8YjfmnjIb+J6OFZ30io0dPrSN32PEZ/6/XotX/VaMBX4uuPmbavD3Z70VPNOfTt6X74IIzbD/z36Hrr/Pw793zzHQfnL4J3gfPOWvtvafvcmSzB2ca5vT76gMzLJ9lhuX3z7B89Az7mXH92WZYfu8My4c/wmwzrD+dddzw37wjy6c8uvrY4V+exo0sv2+G5eMf3XbR1WdYPmGG5ZNmWD7x0UNj0ckzLJ88w/prDv7Fpv836W1mvsjXP1v//ddd/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMO350MjjYPeh9W5/zfDjYDAYveKJU9d7qsf7FDd03rWTp4y5et07jtp8/mOXOfWeA/4Lzp7//E9Q/04P+28zNBiMnN9jthkMButOWH/DJQaDwXpTT1xx1OCR9xYafm/VsaMGg/2HHrOD2R9ZZ2j34XU2mbTBxMFgjpE1xj3uhz7uPHrMiouOH3mcMPI4cdr1adzg0eN17OC000cNZn14+aPNPedcQ/MOBsuOvBzZz2DFaQ/zXjF9vakzNfNAhx79ts+0r4ebb/hHDD/ZeevJzx2eq5m2/z/T9Gv1NqP+x1U7/93l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u/jX/jpb/thJ1l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5i3vojrPPHTkGRg0GUwbTng/tPvI4GDr5tBePHCKjd7nq6MOe6vE+xQ2dd+3kKWOuXveOozaf/9hlTr3ngP+Cs+c//xPUv9PD/tsMDQYj5/eYbQaDwboT1t9wicFgcNjRV+0yavDIewsNv7fq2FGDwf5Dj9nB7I+sM7T78DqbTNpg4mAwx8ga4x73Qx93Hj1mxUXHjzxOGHmcOO36NG7w6PE6dnDa6aMGsz68/NHmnnOuoXkHg2VHXo7sZ7DitId5r5i+3tSZmnmgQ49+22fa18PNN/wjhp/sNc+1Jw/P1Uzb/59p+rV6m1H/46qd/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/uoTvOPnfkGBg1GEwZTHs+auRxaPebb9ptw+HH4dfzr7n3tU/1eJ/ihs67dvKUMVeve8dRm89/7DKn3nPAf8HZ85//Cerfadh/juPHDQbbb/RUD6Wegjr/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9xDd5x97sjTUY8uHbV7xwU2dN61k6eMuXrdO47afP5jlzn1ngOe6gH9uz2B/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf5ZB/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkP/jmnXk0eD/wvwxy/m/aP6YxX+x/DGL/4vyxyz+i+ePWfyXyB+z+L84f8zi/5L8MYv/S/PHLP4vyx+z+C+ZP2bxf3n+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bxf0X+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxfmT9m8V8lf8ziv2r+mMX/VfljFv9X549Z/F+TP2bxH58/ZvGfkD9m8Z+YP2bxXy1/zOK/ev6YxX+N/DGL/6T8MYv/ZJX/LP/0mhb/NVX+/3wW/7Xyxyz+r80fs/i/Ln/M4r92/pjFf538MYv/uvljFv/X549Z/NfLH7P4vyF/zOK/fv6YxX+D/DGL/4b5Yxb/jfLHLP5vzB+z+G+cP2bx3yR/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOL/tvwxi//b88cs/u/IH7P4b5o/ZvHfLH/M4r95/pjF/535Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvF/V/6YxX+b/DGL/7vzxyz+78kfs/hvmz9m8d8uf8ziv33+mMV/h/wxi/9788cs/u/LH7P475g/ZvF/f/6YxX+n/DGL/wfyxyz+H8wfs/h/KH/M4r9z/pjFf5f8MYv/rvljFv8P549Z/D+SP2bx/2j+mMV/t/wxi//H8scs/rvnj1n898gfs/jvmT9m8f94/pjF/xP5Yxb/vfLHLP6fzB+z+O+dP2bx/1T+mMX/0/ljFv998scs/vvmj1n898sfs/h/Jn/M4v/Z/DGL/+fyxyz+++ePWfwPyB+z+H8+f8zif2D+mMX/oPwxi/8X8scs/gfnj1n8D8kfs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+b+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOL/rfwxi/+388cs/qfmj1n8T8sfs/ifnj9m8T8jf8zi/538MYv/mfljFv+z8scs/mfnj1n8v5s/ZvH/Xv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4fz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/+F+WMW/4vyxyz+P80fs/hfnD9m8f9Z/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif3X+mMX/mvwxi/+v88cs/r/JH7P4X5s/ZvH/bf6Yxf+6/DGL//X5Yxb/G/LHLP6/yx+z+N+YP2bxvyl/zOJ/c/6Yxf/3+WMW/z/kj1n8/5g/ZvG/JX/M4v+n/DGL/635Yxb/2/LHLP63549Z/O/IH7P4/zl/zOJ/Z/6Yxf+u/DGL/1/yxyz+d+ePWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/5T8MYv/g/ljFv+H8scs/lPzxyT+sw7yxyz+Q/ljFv9R+WMW/1nyxyz+s+aPWfxH549Z/GfLH7P4z54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n8n5Y/ZvGfL3/M4j8mf8ziP3/+mMV/bP6YxX+B/DGL/4L5Yxb/p+ePWfyfkT9m8X9m/pjFf6H8MYv/s/LHLP4L549Z/J+dP2bxf07+mMV/kfwxi/9z88cs/s/LH7P4j8sfs/g/P3/M4v+C/DGL/wvzxyz+i+aPWfwXyx+z+L8of8ziv3j+mMV/ifwxi/+L88cs/i/JH7P4vzR/zOL/svwxi/+S+WMW/5fnj1n8l8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi//y+WMW/1fkj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMX/lfljFv9V8scs/qvmj1n8X5U/ZvF/df6Yxf81+WMW//H5Yxb/CfljFv+J+WMW/9Xyxyz+q+ePWfzXyB+z+E/KH7P4T84fs/ivmT9m8V8rf8zi/9r8MYv/6/LHLP5r549Z/NfJH7P4r5s/ZvF/ff6YxX+9/DGL/xsGl+cPWfzX7/zHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxHz3IH7P4D+WPWfxH5Y9Z/GfJH7P4z5o/ZvEfnT9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxf1r+mMV/vvwxi/+Y/DGL//z5Yxb/sfljFv8F8scs/gvmj1n8n54/ZvF/Rv6Yxf+Z+WMW/4Xyxyz+z8ofs/gvnD9m8X92/pjF/zn5Yxb/RfLHLP7PzR+z+D8vf8ziPy5/zOL//Pwxi/8L8scs/i/MH7P4L5o/ZvFfLH/M4v+i/DGL/+L5Yxb/JfLHLP4vzh+z+L8kf8zi/9L8MYv/y/LHLP5L5o9Z/F+eP2bxXyp/zOK/dP6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/F+RP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/V+aPWfxXyR+z+K+aP2bxf1X+mMX/1fljFv/X5I9Z/Mfnj1n8J+SPWfwn5o9Z/FfLH7P4r54/ZvFfI3/M4j8pf8ziPzl/zOK/Zv6YxX+t/DGL/2vzxyz+r8sfs/ivnT9m8V8nf8ziv27+mMX/9fljFv/18scs/m/IH7P4r58/ZvHfIH/M4r9h/pjFf6P8MYv/G/PHLP4b549Z/DfJH7P4vyl/zOL/5vwxi/9b8scs/m/NH7P4vy1/zOL/9vwxi/878scs/pvmj1n8N8sfs/hvnj9m8X9n/pjFf4v8MYv/lvljFv+t8scs/lvnj1n835U/ZvHfJn/M4v/u/DGL/3vyxyz+2+aPWfy3yx+z+G+fP2bx3yF/zOL/3vwxi//78scs/jvmj1n8358/ZvHfKX/M4v+B/DGL/wfzxyz+H8ofs/jvnD9m8d8lf8ziv2v+mMX/w/ljFv+P5I9Z/D+aP2bx3y1/zOL/sfwxi//u+WMW/z3yxyz+e+aPWfw/nj9m8f9E/pjFf6/8MYv/J/PHLP57549Z/D+VP2bx/3T+mMV/n/wxi/+++WMW//3yxyz+n8kfs/h/Nn/M4v+5/DGL//75Yxb/A/LHLP6fzx+z+B+YP2bxPyh/zOL/hfwxi//B+WMW/0Pyxyz+X8wfs/h/KX/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4v/1/DGL/zfyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvH/Zv6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4fyt/zOL/7fwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+H8nf8zif2b+mMX/rPwxi//Z+WMW/+/mj1n8v5c/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/t/PH7P4/yB/zOL/w/wxi/+P8scs/j/OH7P4/yR/zOJ/Yf6Yxf+i/DGL/0/zxyz+F+ePWfx/lj9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+P88f8zi/4v8MYv/L/PHLP6/yh+z+F+dP2bxvyZ/zOL/6/wxi/9v8scs/tfmj1n8f5s/ZvG/Ln/M4n99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/2yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW/6flj1n858sfs/iPyR+z+M+fP2bxH5s/ZvFfIH/M4r9g/pjF/+n5Yxb/Z+SPWfyfmT9m8V8of8zi/6z8MYv/wvljFv9n549Z/J+TP2bxXyR/zOL/3Pwxi//z8scs/uPyxyz+z88fs/i/IH/M4v/C/DGL/6L5Yxb/xfLHLP4vyh+z+C+eP2bxXyJ/zOL/4vwxi/9L8scs/i/NH7P4vyx/zOK/ZP6Yxf/l+WMW/6Xyxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOK/fP6Yxf8V+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxf2X+mMV/lfwxi/+q+WMW/1flj1n8X50/ZvF/Tf6YxX98/pjFf0L+mMV/Yv6YxX+1/DGL/+r5Yxb/NfLHLP6T8scs/pPzxyz+a+aPWfzXyh+z+L82f8zi/7r8MYv/2vljFv918scs/uvmj1n8X58/ZvFfL3/M4v+G/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4vzF/zOK/cf6YxX+T/DGL/5vyxyz+b84fs/i/JX/M4v/W/DGL/9vyxyz+b88fs/i/I3/M4r9p/pjFf7P8MYv/5vljFv935o9Z/LfIH7P4b5k/ZvHfKn/M4r91/pjF/135Yxb/bfLHLP7vzh+z+L8nf8ziv23+mMV/u/wxi//2+WMW/x3yxyz+780fs/i/L3/M4r9j/pjF//35Yxb/nfLHLP4fyB+z+H8wf8zi/6H8MYv/zvljFv9d8scs/rvmj1n8P5w/ZvH/SP6Yxf+j+WMW/93yxyz+H8sfs/jvnj9m8d8jf8ziv2f+mMX/4/ljFv9P5I9Z/PfKH7P4fzJ/zOK/d/6Yxf9T+WMW/0/nj1n898kfs/jvmz9m8d8vf8zi/5n8MYv/Z/PHLP6fyx+z+O+fP2bxPyB/zOL/+fwxi/+B+WMW/4Pyxyz+X8gfs/gfnD9m8T8kf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1/LHLP5fzx+z+H8jf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/b+aPWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/7fyxyz+384fs/ifmj9m8T8tf8zif3r+mMX/jPwxi/938scs/mfmj1n8z8ofs/ifnT9m8f9u/pjF/3v5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v/9/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+F+aPWfwvyh+z+P80f8zif3H+mMX/Z/ljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//P88cs/r/IH7P4/zJ/zOL/q/wxi//V+WMW/2vyxyz+v84fs/j/Jn/M4n9t/pjF/7f5Yxb/6/LHLP7X549Z/G/IH7P4/y5/zOJ/Y/6Yxf+m/DGL/835Yxb/3+ePWfz/kD9m8f9j/pjF/5b8MYv/n/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4v/n/DGL/535Yxb/u/LHLP5/yR+z+N+dP2bx/2v+mMX/b/ljFv+/549Z/P+RP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP5T8scs/g/mj1n8H8ofs/hPzR+T+M8+yB+z+A/lj1n8R+WPWfxnyR+z+M+aP2bxH50/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8X9a/pjFf778MYv/mPwxi//8+WMW/7H5Yxb/BfLHLP4L5o9Z/J+eP2bxf0b+mMX/mfljFv+F8scs/s/KH7P4L5w/ZvF/dv6Yxf85+WMW/0Xyxyz+z80fs/g/L3/M4j8uf8zi//z8MYv/C/LHLP4vzB+z+C+aP2bxXyx/zOL/ovwxi//i+WMW/yXyxyz+L84fs/i/JH/M4v/S/DGL/8vyxyz+S+aPWfxfnj9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxfkT9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1fmj1n8V8kfs/ivmj9m8X9V/pjF/9X5Yxb/1+SPWfzH549Z/Cfkj1n8J+aPWfxXyx+z+K+eP2bxXyN/zOI/KX/M4j85f8ziv2b+mMV/rfwxi/9r88cs/q/LH7P4r50/ZvFfJ3/M4r9u/pjF//X5Yxb/9fLHLP5vyB+z+K+fP2bx3yB/zOK/Yf6YxX+j/DGL/xvzxyz+G+ePWfw3yR+z+L8pf8zi/+b8MYv/W/LHLP5vzR+z+L8tf8zi//b8MYv/O/LHLP6b5o9Z/DfLH7P4b54/ZvF/Z/6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/N+VP2bx3yZ/zOL/7vwxi/978scs/tvmj1n8t8sfs/hvnz9m8d8hf8zi/978MYv/+/LHLP475o9Z/N+fP2bx3yl/zOL/gfwxi/8H88cs/h/KH7P475w/ZvHfJX/M4r9r/pjF/8P5Yxb/j+SPWfw/mj9m8d8tf8zi/7H8MYv/7vljFv898scs/nvmj1n8P54/ZvH/RP6YxX+v/DGL/yfzxyz+e+ePWfw/lT9m8f90/pjFf5/8MYv/vvljFv/98scs/p/JH7P4fzZ/zOL/ufwxi//++WMW/wPyxyz+n88fs/gfmD9m8T8of8zi/4X8MYv/wfljFv9D8scs/l/MH7P4fyl/zOL/5fwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/838scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bx/2b+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+H8rf8zi/+38MYv/qfljFv/T8scs/qfnj1n8z8gfs/h/J3/M4n9m/pjF/6z8MYv/2fljFv/v5o9Z/L+XP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP7fzx+z+P8gf8zi/8P8MYv/j/LHLP4/zh+z+P8kf8zif2H+mMX/ovwxi/9P88cs/hfnj1n8f5Y/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/j/PH/M4v+L/DGL/y/zxyz+v8ofs/hfnT9m8b8mf8zi/+v8MYv/b/LHLP7X5o9Z/H+bP2bxvy5/zOJ/ff6Yxf+G/DGL/+/yxyz+N+aPWfxvyh+z+N+cP2bx/33+mMX/D/ljFv8/5o9Z/G/JH7P4/yl/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP5/zh+z+N+ZP2bxvyt/zOL/l/wxi//d+WMW/7/mj1n8/5Y/ZvH/e/6Yxf8f+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOI/JX/M4v9g/pjF/6H8MYv/1Pwxif8cg/wxi/9Q/pjFf1T+mMV/lvwxi/+s+WMW/9H5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv+n5Y9Z/OfLH7P4j8kfs/jPnz9m8R+bP2bxXyB/zOK/YP6Yxf/p+WMW/2fkj1n8n5k/ZvFfKH/M4v+s/DGL/8L5Yxb/Z+ePWfyfkz9m8V8kf8zi/9z8MYv/8/LHLP7j8scs/s/PH7P4vyB/zOL/wvwxi/+i+WMW/8Xyxyz+L8ofs/gvnj9m8V8if8zi/+L8MYv/S/LHLP4vzR+z+L8sf8ziv2T+mMX/5fljFv+l8scs/kvnj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/FfljFv8V8scs/ivmj1n8V8ofs/ivnD9m8X9l/pjFf5X8MYv/qvljFv9X5Y9Z/F+dP2bxf03+mMV/fP6YxX9C/pjFf2L+mMV/tfwxi//q+WMW/zXyxyz+k/LHLP6T88cs/mvmj1n818ofs/i/Nn/M4v+6/DGL/9r5Yxb/dfLHLP7r5o9Z/F+fP2bxXy9/zOL/hvwxi//6+WMW/w3yxyz+G+aPWfw3yh+z+L8xf8ziv3H+mMV/k/wxi/+b8scs/m/OH7P4vyV/zOL/1vwxi//b8scs/m/PH7P4vyN/zOK/af6YxX+z/DGL/+b5Yxb/d+aPWfy3yB+z+G+ZP2bx3yp/zOK/df6Yxf9d+WMW/23yxyz+784fs/i/J3/M4r9t/pjFf7v8MYv/9vljFv8d8scs/u/NH7P4vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPOcgfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz/2WP/RT/Vw/v2ewP+6/DHL+X99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/1yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf+y/33+OR97K//H99/s/3Fzz5I9Z/OfNH7P4Py1/zOI/X/6YxX9M/pjFf/78MYv/2Pwxi/8C+WMW/wXzxyz+T88fs/g/I3/M4v/M/DGL/0L5Yxb/Z+WPWfwXzh+z+D87f8zi/5z8MYv/IvljFv/n5o9Z/J+XP2bxH5c/ZvF/fv6Yxf8F+WMW/xfmj1n8F80fs/gvlj9m8X9R/pjFf/H8MYv/EvljFv8X549Z/F+SP2bxf2n+mMX/ZfljFv8l88cs/i/PH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/cvljFv/l88cs/q/IH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/K/PHLP6r5I9Z/FfNH7P4vyp/zOL/6vwxi/9r8scs/uPzxyz+E/LHLP4T88cs/qvlj1n8V88fs/ivkT9m8Z+UP2bxn5w/ZvFfM3/M4r9W/pjF/7X5Yxb/1+WPWfzXzh+z+K+TP2bxXzd/zOL/+vwxi/96+WMW/zfkj1n8188fs/hvkD9m8d8wf8ziv1H+mMX/jfljFv+N88cs/pvkj1n835Q/ZvF/c/6Yxf8t+WMW/7fmj1n835Y/ZvF/e/6Yxf8d+WMW/03zxyz+m+WPWfw3zx+z+L8zf8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+78ofs/hvkz9m8X93/pjF/z35Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvF/b/6Yxf99+WMW/x3zxyz+788fs/jvlD9m8f9A/pjF/4P5Yxb/D+WPWfx3zh+z+O+SP2bx3zV/zOL/4fwxi/9H8scs/h/NH7P475Y/ZvH/WP6YxX/3/DGL/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf+5B/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkD9m8X9h/pjFf9H8MYv/YvljFv8X5Y9Z/BfPH7P4L5E/ZvF/cf6Yxf8l+WMW/5fmj1n8X5Y/ZvFfMn/M4v/y/DGL/1L5Yxb/pfPHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4v+K/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4vzJ/zOK/Sv6YxX/V/DGL/6vyxyz+r84fs/i/Jn/M4j8+f8ziPyF/zOI/MX/M4r9a/pjFf/X8MYv/GvljFv9J+WMW/8n5Yxb/NfPHLP5r5Y9Z/F+bP2bxf13+mMV/7fwxi/86+WMW/3Xzxyz+r88fs/ivlz9m8X9D/pjFf/38MYv/BvljFv8N88cs/hvlj1n835g/ZvHfOH/M4r9J/pjF/035Yxb/N+ePWfzfkj9m8X9r/pjF/235Yxb/t+ePWfzfkT9m8d80f8ziv1n+mMV/8/wxi/8788cs/lvkj1n8t8wfs/hvlT9m8d86f8zi/678MYv/NvljFv93549Z/N+TP2bx3zZ/zOK/Xf6YxX/7/DGL/w75Yxb/9+aPWfzflz9m8d8xf8zi//78MYv/TvljFv8P5I9Z/D+YP2bx/1D+mMV/5/wxi/8u+WMW/13zxyz+H84fs/h/JH/M4v/R/DGL/275Yxb/j+WPWfx3zx+z+O+RP2bx3zN/zOL/8fwxi/8n8scs/nvlj1n8P5k/ZvHfO3/M4v+p/DGL/6fzxyz+++SPWfz3zR+z+O+XP2bx/0z+mMX/s/ljFv/P5Y9Z/PfPH7P4H5A/ZvH/fP6Yxf/A/DGL/0H5Yxb/L+SPWfwPzh+z+B+SP2bx/2L+mMX/S/ljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/N/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/1v5Yxb/b+ePWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf87+WMW/zPzxyz+Z+WPWfzPzh+z+H83f8zi/738MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8f9+/pjF/wf5Yxb/H+aPWfx/lD9m8f9x/pjF/yf5Yxb/C/PHLP4X5Y9Z/H+aP2bxvzh/zOL/s/wxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/n+WMW/1/kj1n8f5k/ZvH/Vf6Yxf/q/DGL/zX5Yxb/X+ePWfx/kz9m8b82f8zi/9v8MYv/dfljFv/r88cs/jfkj1n8f5c/ZvG/MX/M4n9T/pjF/+b8MYv/7/PHLP5/yB+z+P8xf8zif0v+mMX/T/ljFv9b88cs/rflj1n8b88fs/jfkT9m8f9z/pjF/878MYv/XfljFv+/5I9Z/O/OH7P4/zV/zOL/t/wxi//f88cs/v/IH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8p+WMW/wfzxyz+D+WPWfyn5o9J/OcZ5I9Z/Ifyxyz+o/LHLP6z5I9Z/GfNH7P4j84fs/jPlj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+D8tf8ziP1/+mMV/TP6YxX/+/DGL/9j8MYv/AvljFv8F88cs/k/PH7P4PyN/zOL/zPwxi/9C+WMW/2flj1n8F84fs/g/O3/M4v+c/DGL/yL5Yxb/5+aPWfyflz9m8R+XP2bxf37+mMX/BfljFv8X5o9Z/BfNH7P4L5Y/ZvF/Uf6YxX/x/DGL/xL5Yxb/F+ePWfxfkj9m8X9p/pjF/2X5Yxb/JfPHLP4vzx+z+C+VP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP6vyB+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yvzxyz+q+SPWfxXzR+z+L8qf8zi/+r8MYv/a/LHLP7j88cs/hPyxyz+E/PHLP6r5Y9Z/FfPH7P4r5E/ZvGflD9m8Z+cP2bxXzN/zOK/Vv6Yxf+1+WMW/9flj1n8184fs/ivkz9m8V83f8zi//r8MYv/evljFv835I9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjF/435Yxb/jfPHLP6b5I9Z/N+UP2bxf3P+mMX/LfljFv+35o9Z/N+WP2bxf3v+mMX/HfljFv9N88cs/pvlj1n8N88fs/i/M3/M4r9F/pjFf8v8MYv/VvljFv+t88cs/u/KH7P4b5M/ZvF/d/6Yxf89+WMW/23zxyz+2+WPWfy3zx+z+O+QP/aI/1Yn/1f7vzd/zHL+vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPO8gfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz9m8b8uf8zif33+mMX/hvwxi//v8scs/jfmj1n8b8ofs/jfnD9m8f99/pjF/w/5Yxb/P+aPWfxvyR+z+P8pf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+f84fs/jfmT9m8b8rf8zi/5f8MYv/3fljFv+/5o9Z/P+WP2bx/3v+mMX/H/ljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8ziPyV/zOL/YP6Yxf+h/DGL/9T8MYn/0wb5Yxb/ofwxi/+o/DGL/yz5Yxb/WfPHLP6j88cs/rPlj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+T8sfs/jPlz9m8R+TP2bxnz9/zOI/Nn/M4r9A/pjFf8H8MYv/0/PHLP7PyB+z+D8zf8ziv1D+mMX/WfljFv+F88cs/s/OH7P4Pyd/zOK/SP6Yxf+5+WMW/+flj1n8x+WPWfyfnz9m8X9B/pjF/4X5Yxb/RfPHLP6L5Y9Z/F+UP2bxXzx/zOK/RP6Yxf/F+WMW/5fkj1n8X5o/ZvF/Wf6YxX/J/DGL/8vzxyz+S+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/yvyxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOL/yvwxi/8q+WMW/1Xzxyz+r8ofs/i/On/M4v+a/DGL//j8MYv/hPwxi//E/DGL/2r5Yxb/1UX+c/wL61r81xD5/ytZ/Cflj1n8J+ePWfzXzB+z+K+VP2bxf23+mMX/dfljFv+188cs/uvkj1n8180fs/i/Pn/M4r9e/pjF/w35Yxb/9fPHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxn2+QP2bxH8ofs/iPyh+z+M+SP2bxnzX/xzTLyKPFf3T+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6Yxf9p+WMW//nyxyz+Y/LHLP7z549Z/Mfmj1n8F8gfs/gvmD9m8X96/pjF/xn5Yxb/Z+aPWfwXyh+z+D8rf8ziv3D+mMX/2fljFv/n5I9Z/BfJH7P4Pzd/zOL/vPwxi/+4/DGL//Pzxyz+L8gfs/i/MH/M4r9o/pjFf7H8MYv/i/LHLP6L549Z/JfIH7P4vzh/zOL/kvwxi/9L88cs/i/LH7P4L5k/ZvF/ef6YxX+p/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvF/Rf6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/F+ZP2bxXyV/zOK/av6Yxf9V+WMW/1fnj1n8X5M/ZvEfnz9m8Z+QP2bxn5g/ZvFfLX/M4r96/pjFf438MYv/pPwxi//k/DGL/5r5Yxb/tfLHLP6vzR+z+L8uf8ziv3b+mMV/nfwxi/+6+WMW/9fnj1n818sfs/i/IX/M4r9+/pjFf4P8MYv/hvljFv+N8scs/m/MH7P4b5w/ZvHfJH/M4v+m/DGL/5vzxyz+b8kfs/i/NX/M4v+2/DGL/9vzxyz+78gfs/hvmj9m8d8sf8ziv3n+mMX/nfljFv8t8scs/lvmj1n8t8ofs/hvnT9m8X9X/pjFf5v8MYv/u/PHLP7vyR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/3vzxyz+78sfs/jvmD9m8X9//pjFf6f8MYv/B/LHLP4fzB+z+H8of8ziv3P+mMV/l/wxi/+u+WMW/w/nj1n8P5I/ZvH/aP6YxX+3/DGL/8fyxyz+u+ePWfz3yB+z+O+ZP2bx///Yo6cEUAgACIDZeNm2bdu2bdv1kW3btm3btm3zAnuCduYKc6D/qOX/IP9Ry//B/qOW/0P8Ry3/h/qPWv4P8x+1/B/uP2r5P8J/1PJ/pP+o5f8o/1HL/9H+o5b/Y/xHLf/H+o9a/o/zH7X8H+8/avk/wX/U8n+i/6jl/yT/Ucv/yf6jlv9T/Ect/6f6j1r+T/Mftfyf7j9q+T/Df9Tyf6b/qOX/LP9Ry//Z/qOW/3P8Ry3/5/qPWv7P8x+1/J/vP2r5v8B/1PJ/of+o5f8i/1HL/8X+o5b/S/xHLf+X+o9a/i/zH7X8X+4/avm/wn/U8n+l/6jl/yr/Ucv/1f6jlv9r/Ect/9f6j1r+r/Mftfxf7z9q+b/Bf9Tyf6P/qOX/Jv9Ry//N/qOW/1v8Ry3/t/qPWv5v8x+1/N/uP2r5v8N/1PJ/p/+o5f8u/1HL/93+o5b/e/xHLf/3+o9a/u/zH7X83+8/avl/wH/U8v+g/6jl/yH/Ucv/w/6jlv9H/Ect/4/6j1r+H/Mftfw/7j9q+X/Cf9Ty/6T/qOX/Kf9Ry//T/qOW/2f8Ry3/z/qPWv6f8x+1/D/vP2r5f8F/1PL/ov+o5f8l/1HL/8v+o5b/V/xHLf+v+o9a/l/zH7X8v+4/avl/w3/U8v+m/6jl/y3/Ucv/2/6jlv93/Ect/+/6j1r+3/Mftfy/7z9q+f/Af9Ty/6H/qOX/I/9Ry//H/qOW/0/8Ry3/n/qPWv4/8x+1/H/uP2r5/8J/1PL/pf+o5f8r/1HL/9f+o5b/b/xHLf/f+o9a/r/zH7X8f+8/avn/wX/U8v+j/6jl/yf/Ucv/z/6jlv9f/Ect/7/6j1r+f/Mftfz/7j9q+f/Df9Ty/6f/qOX/L/9Ry//f/qOW/3/8Ry3///qPSv4HDOQ/avkf2H/U8j+I/6jlf1D/Ucv/YP6jlv/B/Uct/0P4j1r+h/QftfwP5T9q+R/af9TyP4z/qOV/WP9Ry/9w/qOW/+H9Ry3/I/iPWv5H9B+1/A/wH7X8j+Q/avkf2X/U8j+K/6jlf1T/Ucv/aP6jlv/R/Uct/2P4j1r+x/QftfyP5T9q+R/bf9TyP47/qOV/XP9Ry/94/qOW//H9Ry3/E/iPWv4n9B+1/E/kP2r5n9h/1PI/if+o5X9S/1HL/2T+o5b/yf1HLf9T+I9a/qf0H7X8T+U/avmf2n/U8j+N/6jlf1r/Ucv/dP6jlv/p/Uct/zP4j1r+Z/QftfzP5D9q+Z/Zf9TyP4v/qOV/Vv9Ry/9s/qOW/9n9Ry3/c/iPWv7n9B+1/M/lP2r5n9t/1PI/j/+o5X9e/1HL/3z+o5b/+f1HLf8L+I9a/hf0H7X8L+Q/avlf2H/U8r+I/6jlf1H/Ucv/Yv6jlv/F/Uct/0v4j1r+l/Qftfwv5T9q+V/af9Tyv4z/qOV/Wf9Ry/9y/qOW/+X9Ry3/K/iPWv5X9B+1/K/kP2r5X9l/1PK/iv+o5X9V/1HL/2r+o5b/1f1HLf9r+I9a/tf0H7X8r+U/avlf23/U8r+O/6jlf13/Ucv/ev6jlv/1/Uct/xv4j1r+N/Qftfxv5D9q+d/Yf9Tyv4n/qOV/U/9Ry/9m/qOW/839Ry3/W/iPWv639B+1/G/lP2r539p/1PK/jf+o5X9b/1HL/3b+o5b/7f1HLf87+I9a/nf0H7X87+Q/avnf2X/U8r+L/6jlf1f/Ucv/bv6jlv/d/Uct/3v4j1r+9/Qftfzv5T9q+d/bf9Tyv4//qOV/X/9Ry/9+/qOW//39Ry3/B/iP/nf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf+zbbWydZeHH8bvbOsb+/JMRF1yGJptcKCTCbPeQ8YKwydhWB914HgMc3dqNjXabXYddAffwYhIhPEgyyRIlypahhJnQSAwEK4ho0EVNNPgAiEIUjRMh6Ja4WHPa09Ieu8Zz1etalM/nRc+577Pfva3Jd/e9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ns1NC48Mr5m2KnxQw8+eLil73XO0ZU3H/htz4UDr+WPl41wyXFDD3p7e3vnPDd7R/nwlKIoSj/bzvLxpMpx6fo767/Q2X8UFvS8tOT4lJ83Hjmw5vRH6rqP3l/bd7a2uGndhtaWj40rinBxbdFZOqirKYqwuLa4r3RQXzpYUls8UjqY3XdwavHt0sH5aze3NpdOLI3+nsH/iobGncX4YcUWw/40GNr/zvpv3TnwOsolB642oSj3f0XX99+q+GzACfofuH5YWNl/1b9B4ISq6/+FBQOvo1zyX+7/k59a9cpIn524/4Hrh4/rH9IZ4fl/WKOVz/0Vz/8zRrjk4P6qmq7jpf4vve3ZmeVTE/6d5/93rx8urux/3LDn/9Jz/KKB5/9TiiJcMsZvB7ynNDTuOjLa/X/0/idMr9jUDO3/jPbN+0v9P77ke0+UT9VW2f+iUe7/45ZW/FqB6jQ0frm34v5fRf/FR0a45GD/bz/x64dL/T/2+wfOHPJZNf1fUtn/rI62LbO2bu86b0Nb0/qW9S2b6mbPnzOvvm7eBXNn9T0S9H8d43cF3hvGdv8vJldsaoqiZXB/TfeBp0v9z33wwTnlU5Oq7H/xqPf/Ge7/MKIPjSsmTiw6mzo62uv6vw4c1vd/7f9hI/Rfxd//zzqn/MNqy681RTFtcH/XmXevKPX/zqFnd5dPTayy/yWj9r9g8OcFIozx/t9csRnW/8FDL/U9/y+79+AZ5VPV/v1/6aj9v+r+D2PR0FjxP/z8h5X631VcFtlpaPDf/yCdHP0/9s4NPXHr8An9Qzo5+v/d546eG7cOy/QP6eTof8LGB56PW4dL9Q/p5Oh/+dT5K+LW4TL9Qzo5+l/76rl/jluHRv1DOjn6P+dLuzvj1mG5/iGdHP0/1D5nW9w6rNA/pJOj/5+e9tBrcetwuf4hnRz9Hzt2z41x63CF/iGdHP137zn7B3HrcKX+IZ0c/V++bmGIW4er9A/p5Oh/+rQ/Ph63DlfrH9LJ0f+8P/39tLh1uEb/kE6O/u/4/Ip9cetwrf4hnRz9j7/+lRfj1mGl/iGdHP0vPXvbwrh1uE7/kE6O/pt/0twbtw6r9A/p5Oh/1td/tCFuHa7XP6STo//Dyx/dE7cON+gf0snR/566YkrcOtyof0gnR/9f++7ph+LW4ZP6h3Ry9P+bp56cH7cOq/UP6eTo/7kP3P6NuHW4Sf+QTo7+713z4llx69Ckf0gnR/8P733+i3HrsEb/kE6O/t94o+3/4tZhrf4hnRz9T5506utx69Csf0gnR/8Lb/1Ke9w6tOgf0snRf9vu7h/GrcM6/UM6Ofr/8PFpq+LWYb3+IZ0c/a+cu/f9cetws/4hnRz9v2/Zhbvi1mGD/iGdHP1f1PPRi+LWYaP+IZ0c/Xc889mvxq3DLfqHdHL0v3fma4vj1qFV/5BOjv5fXr30x3Hr0KZ/SCdH/289et2muHXYpH9IJ0f/T/7s7WNx67BZ/5BOjv7//4JFf41bhy36h3Ry9L94yZtr49bhU/qHdHL0v7H7Hy/HrUO7/iGdHP3PPHz1srh12Kp/SCdH/985r25/3Dp06B/SydH/nVfuq49bh236h3Ry9L//4F13x63DrfqHdHL0/+YvZkyPW4dP6x/SydH//VMOXRu3Dp36h3Ry9P/LTbXPxK3Ddv1DOjn6/9u+qTvi1qFL/5BOjv6ffr3nD3HrcJv+IZ0c/a+e8KuJcetwu/4hnRz9T+3acl/cOtyhf0gnR//z72k6P24dPqN/SCdH/1v/8sI349Zhh/4hna3bu25pam1taffGG2+8GXxzsv9kAlJ7N/qT/SsBAAAAAAAAAAAAAABOJMc/JzrZv0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+yQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRC9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAAAA//+O1eBI")
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0xfc, 0x0, &(0x7f0000000140))
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

25.918833678s ago: executing program 4 (id=650):
setresuid(0xee00, 0xee00, 0x0)
setfsgid(0xee01)

25.528774877s ago: executing program 4 (id=651):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0xd2023, &(0x7f00000001c0)={{}, 0x2c, {}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}}, 0x1, 0x0, 0x0)

25.453381157s ago: executing program 4 (id=652):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="120100006325a640402000498b4d000000010902240001000000000904000002214c6a0009050702000000da000905890e"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000001080)={0x44, &(0x7f0000000e80)={0x0, 0x0, 0x2e, "b808a52986edcb9fe211e88d3ddb4ae5a62b6ecd6f4bdc906f35c9fc66a66f8ac9a0b0d0f418e74facfc621c4c15"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

23.406873892s ago: executing program 4 (id=667):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x34, r1, 0x5, 0x2, 0x1000000c, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0xc, 0x49, [0xfac01, 0xc]}]]}, 0x34}, 0x1, 0x0, 0x0, 0x4811}, 0x880)

23.210278924s ago: executing program 34 (id=667):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x34, r1, 0x5, 0x2, 0x1000000c, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0xc, 0x49, [0xfac01, 0xc]}]]}, 0x34}, 0x1, 0x0, 0x0, 0x4811}, 0x880)

20.474173912s ago: executing program 2 (id=695):
syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000df2bfd404b0c0001cad7010203010902240001000000000904450002c9cee40009050802ff030000000905820300ab"], 0x0)

19.194081586s ago: executing program 2 (id=697):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x1c, 0x5, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8011}, 0x0)

19.092916101s ago: executing program 2 (id=699):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x7, {0x800, 0x1, 0x3, 0x4, 0x6, 0x0, 0x2, 0x9, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, "13757ddc688782636517333c0303dace01a10969cc9f4efe748fb63ea78c9aef"}})

19.002000189s ago: executing program 2 (id=701):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303031373737373737373737372c6e6c733d63703934392c63726561746f723d7af940e22c63726561746f723d0aee18b02c666f7263652c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c63726561746f723d1362a84f2c001ff9431eef5603a24fd03ed91e53947f1c1b0db87d311ac2332606851a5634c431970f558844dd9de7c5411a6a043cd24b8dac907e9e8575657ddeae1a3b6113873ccbc19593f645cac58983c2694a9c166df86f5cc5fdb0a4f7285667940bab9d107a53ca4f3f986662f9c2050388a55392282348754d"], 0x1, 0x6f4, &(0x7f0000000680)="$eJzs3U1sHGcZAOB3dtdrbyq52zZpC0KK1YgIGkhsLyVBQiIghHyoUCQuvZrEaays3ch2kBMhsgUKRzihHHooQubQE+oBqYgDopyRkLii3CNxjziwaGZn1rtre72b+CcJzyON55uZ7+ed1zOfd2cTbQD/txbeiYlWOWLh3Nub6faDrUbzwVZjpShHxGRElCIqnVUkqxHJZxGXo7PE59KdeXfJXuO89fDTD8/e/7jR2arkS1a/NKzdtvaQEVr5EjMRUc7XY6rs1d/VXfq7N1bXSTfuNGFnisTBcWvv0Bqn+Qj3LfC0uxdRnthlfz3iRERM5a8DIp8dSkcc3oEba5YDAACAp1N5vwovPopHsRnTRxMOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB+SzncGJvlSKsozkRTf/1/N96Wq1WOOd7iv7HP8g+tHFAgAAAAAAAAAHIpP8g/uTz+KR7EZ08X+dpJ95v9GtnEy+/lC3I71WIq1OB+bsRgbsRFrMRcxMd3TYXVzcWNjbW5ny99E2rLdbt/LW85HRH1Hy/kjOGkAAAAAAAAAeH79NBZi+riDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXklEubPKlpNFuR6lSkRMRUQ1rdeK+HNRfpb95bgDAAAAgMNXy9fTyX87hXaSved/NXvfPxW3YzU2Yjk2ohlLcS17FtB511/6R6vRfLDVWEmXnR1/+99jxZH1GBHleH+PkWezGqe6LRbie/GDOBczcSXWYjl+FIuxEUsxE7X0JGIxkqjXOk8v6kWcu8d7uW/rymBspwe2X88iqcX1WM5iOx9Xq9F5bJKdQzrm6z2j/bEaMTDi+2l2km/lRszRtZ7f16/z5zK59osj9nE46tmZT3QzMpvmPs/GS8NzP+Z1MjjSXJS6z6BObo+Sbg6OVOT8h+Pk/ES+TnP9i/6cH7QxH6UNZmI+SvnVF/Fqf85vffH+y/2Nv/zPv165UVq9eeP6+rlDPKVDNVEUBjPR6MnEa8OvvjwTzTQTrdEzMTG4Y+oJzuMAVfNsZFPRiLPld7PSYrzRcwm+F9diKS7GbMzFpZiNb8R8NPqusFN9ea00Vvpzkt1rpZ3zW21I8Ge+1FPpl/tU3jY7Uq0nk+blpZ689s509exYvufyr2K2J0svD7/6xv4rkI7/+bycjvGz7l+cp0FfJvK5uYjule0sTO0yN/+2nf5cb67eXLuxeGvE8c7m6/S2/aB/bv7dQZzP40uvl3TGrWRbWU5qxfWSHnulG21/vqr5Jy6ddqUdx051j9VjOpbj+3veqdX8NdzOnjrHXus99q/tmbOav74pjvW9yon3opm9ChkwczRZBWBkJ948Ua09rP299lHt57UbtbenvjN5afIL1Zj4W+VP5T+Ufl/6ZvJmfBQ/ienjjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4H63fu3lxsNpfWuoWYGtzzpIXqnmMNL0Rp3zpbL4zWYdQjho+V5IXqwZ77s1ioxSH1/ElEDKlTfeIhkrGvsbEL6YV8IB0WX5yW7WmXx2heKVrtXqcS61N7/QYnt++CqN9cbP6n3VenFj23DPCcu7CxcuvC+p27X11eWXx36d2l1flLFy9dbHx97msXri83l2Y7P487SuAwrN+5Wz7uGAAAAAAAAAAAAIDx5P/6f+Ox/zNDZZ861bX13Uc+fdSnCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyjFt6JiVYkMTd7fjbdfrDVaKZLUd6uWYmIUkQkP45IPou4HJ0l6j3dJXuN89bDTz88e//jxnZflaJ+aVi70VQjopUWZiKinK/3Nzmw3eotdPu72tNfq7f67dKI4SXdM0wTdqZIHBy3/wUAAP//AZj3og==")
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000640)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x10, 0x6, 0x10001)

18.737171968s ago: executing program 2 (id=703):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x6})
ioctl(r0, 0x8b24, &(0x7f0000000040))

18.273354285s ago: executing program 2 (id=705):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000002060102000000000000000000000000140007800500140080ff000008001240120500000900020073797a3200000000050001000700000011000300686173683a6e65742c6e6574000000000500050002000000050004"], 0x60}}, 0x0)

17.844435593s ago: executing program 35 (id=705):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000002060102000000000000000000000000140007800500140080ff000008001240120500000900020073797a3200000000050001000700000011000300686173683a6e65742c6e6574000000000500050002000000050004"], 0x60}}, 0x0)

2.93510226s ago: executing program 3 (id=863):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r0}, 0x10)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000240))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)

2.808487189s ago: executing program 3 (id=866):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xa, 0x400000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x8000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000180)="808beb6682", 0x5}], 0x1, 0x0, 0x0)

2.010889655s ago: executing program 5 (id=868):
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x2ce9}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
close(r1)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x2, 0x601)
syz_pidfd_open(0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)

1.898474343s ago: executing program 3 (id=869):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000022240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e23, 0x7ff, @remote, 0x5}}, [0x7, 0xffffffffffffffff, 0x2, 0xffffffff, 0x40, 0x7fffffffffffffff, 0xdf, 0x786, 0x6, 0x6, 0xf, 0x101, 0x6, 0x0, 0x7]}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e14000580050001"], 0x80}}, 0x0)

1.772449887s ago: executing program 3 (id=871):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r0, 0xc01c64ae, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x20})

1.718804867s ago: executing program 5 (id=872):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x14, 0x0, &(0x7f0000000380)="f6d4e9a1d78ad62ceef18843080078bb3fb7dbfc", 0x0, 0xffffffff, 0x0, 0x2, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50)

1.635543771s ago: executing program 3 (id=874):
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r5, 0x4b3a, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
r6 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x180)
getdents(r6, 0x0, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f00000002c0), 0x4, 0x76b, &(0x7f0000001400)="$eJzs3M9rFGcfAPDvjFnjj7xv8sIL/XEoBQUFcZKYi55ML70JgtCrDckkhEyyIbuxbiqoPResubRQKG3PPfZaEPsH9FaEFnovlNamh9LLltn8EGN2E5Poavx8YDLfZ+aZ+T7f3eFJBjITwCvr7fJHEtEXEZcjov+JHkcibq32W3l4Y7xckmg2r/yelIfFSvPREcna+ni0DonXI+J+JeLMR0/mrTWWZsaKIl9Yaw/WZ+cHa42ls9OzY1P5VD43PHJh6PzIyPmhkW1reG2HtZ5878LRuz+8u7z847f1O2/1nE1itFV3rNW2w9M8ldXPpBKjm7bPPYtkXZR02HfkOY4DAIDO0og4FBE9rb9S++NQKwIAAAAOkmZvc1vpel8AAADgJZW4rwcAAIADbv3/ANaf7X1Wz8G289s7ETGwVf6e1jPEEUeiEhHHVpLHnkxIVg+DPbl1OyLujW6+/r4ur7Bbezz30Kb2489IH97j2dkP98r5Z3Sr+SfdmH9ii/mnZ/3dCXvUfv57lP9Qm/nv8g5zfPfFG5W2+W9HvNmzVf5kI3/SJv/7rWj7T+HO8sd32+1rfhVxasvfP8ljuTq8H2J0crro9PqBuP/P6Qed6j/WLn/Suf75bStf9eHKnzPt5pIy/+kTbb7/m+3zl9fEJ2vjSCPi7tq6bC9vynFi9qfvO9U/EdHczff/5Q7r/+Wb3us77AoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtaUT0RZJmG3GaZlnE8Yj4fxxLi2qtfmayujg3Ue6LGIhKOjld5EMR0b/aTsr2cCt+1D63qT0SEf/7+ehq0ukiz8arxUS3iwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDD8YjoiyTNIiKNiL/60zTLInp2cGzvcxgfAAAAsE8Guj0AAAAA4Jlz/w8AAAAH327v/5N9HgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwoF2+dKlcmisPb4yX7YlrjcWZ6rWzE3ltJptdHM/Gqwvz2VS1OlXk2Xh1drvzFdXq/PCFWLw+WM9r9cFaY+nqbHVxrn51enZsKr+aV55LVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADytvtaSpFlEpK04TbMs4j8RMRCVZHK6yIci4r8R8aC/0lu2h7s9aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPZdrbE0M1YU+YJA8FIEh9eu3BdlPLsLbkbECzCMDkGXJyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALqi1liaGSuKfKHW7ZEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQXemvSUSUy6n+k32b9x5O/u5vrSPig8+vfHp9rF5fGC63/7Gxvf7Z2vZz3Rg/AAAAvBIuPk3n9fv09ft4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAnao1lmbGiiJf2FtwMRpLzaRNn27XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7M6/AQAA//8YZLxy")

1.629917611s ago: executing program 6 (id=875):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fallocate(r0, 0x0, 0x0, 0x10fff9)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0xc, r1, 0x18, 0x0, 0x2})

1.5068871s ago: executing program 5 (id=876):
r0 = syz_open_dev$video(&(0x7f0000000100), 0x77a3, 0x8000)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05640, &(0x7f0000000340)={0x9, @raw_data="41bfec31f6608b14743d1990e616b17b93ab544f5bc6e6d173102c3f799e2a6e63e9af00d346e22c3cfb8bc3f18cd2fbdeece7eb23fcfb61e295f52070bbf7e5014c29a5ce625d5b0af07bb0cbf1ac43875093f0cc7b5ddff73c840ab111c1e1ad486fbc9d4813b9e7956580d058a3c95f66380cd97cce2112b700d0dafae2c4f7c8dd9ae3063e219a6660f7ff4cd4bccd010fd37b93b06348502e6c451c6720c3caab7c15ae472c5eabfa8f74c402d28293d421e999d76bbdd5d5005546ed296324428142219ec2"})

1.506659154s ago: executing program 6 (id=877):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x3c, &(0x7f0000005680)=""/4096, &(0x7f0000000280)=0x1000)

1.211252666s ago: executing program 5 (id=878):
sched_setscheduler(0x0, 0x2, 0x0)
syz_mount_image$f2fs(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0x1018085, &(0x7f000000cfc0)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6e6f696e6c696e655f646174612c6261636b67726f756e645f67633d6f6e2c6661756c745f747970653d30303030303030303030303030303030303030362c64697361626c655f726f6c6c5f666f72776172642c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6e6f696e6c696e655f78617474722c6a71666d743d7666736f6c642c6e6f61636c2c00a1a75ac439087a5b11ab7891dd39dd9bc0d7"], 0x1, 0x5509, &(0x7f00000079c0)="$eJzs3E1rY+UXAPCTdjrv//kXceFuLgxCC5PQ9GXQXdUZfMEOZdSFK02TNGQmyS1NmtauXLgUF34TUXDl0s/gwrU7caG4E5Tce6NTX0Bs2kynvx/cnPs8eXLuecIwcO4tCeDcmk9+/rEUN+JKRMxGxPWI7LxUHJn1PDwXETcjYuaxYzz/+8TFiLgaETdGyfOcpeKtT28Pb6398MZPX31z6cK1z778djo7Bp4Ez0dEdyc/3+/mMW3l8WExXxu2s9hdHRYxf6P7qBinedxvbmUZ9mvjdbUsrrTy9enOXn8Utzu1+ii22tvZ/E4vv2B/2BrnyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsgSx+DwTjm882DZr6fnUdZrPcGxXyeN200D0ZxWMTiclFPO42sjq3jfNNPtjfbvb2DZNjc7bfTXrJWqb5Qqd4pV3fTRnPQXC3Xuo07q8lCqzNaVh40a931Vpq2Os1KPe0uJguter1crSYLd5tb7VovqVYrK5Wl8tpicXY7efX+O0mnkSyM4svt3t6g3ekn2+lukn9iMVmurLy4mNyqJm9tbCabD+7d29h8+727795/aeP1V4pFfykrWVheWl4uV5fKy9XFc7T/j4qiJ7h/OJbStAsAOHuO2/+X9P/Af3By/f/ug4iT7/9D/z8RZ6r/Pe/9/wnsH45F/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG59N/f5a9nJfD6+Vsz/r5h6phiXImImIn79G7Nx8UjO2SLP3D+sn/tTDV+XIsswusal4rgaEevF8cv/T/pbAAAAgKfXFx/e/CTv1vOX+WkXxGnKb9rMXH9/QvlKETE3//2Ess2MXp6dULLs3/eFOJhQtuwG1uUJJctvuV2YVLZ/ZfZIuPxYKOVh5lTLAQAATsXRTuB0uxAAAABO08fTLoDpKMX4Ueb4WXD2l/d/PBC8cmQEAAAAnEGlaRcAAAAAnLis//f7fwAAAPB0y3//DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgN/YuZ/bxIEoDsDPBi/sPy1a7X1b2RuUsSXscY8RBaQJCsiBtJAGqIHcUkIEER6HQMQhkse2En2f5EzGMj/eIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABduq/Wi9ur39dtc3b7dvKMBgAAALhkW60X9T+z1P/a3P/e3PrZ9IuIKCPi0tx9FJ/OMkdNTvXy/M3p89WrGu4i6oTDe0ya60tE/Gmuxx9dfwoAAADwcW2Wq3marac/s6ELok9p0ab89jdTXhER1ewhU1p5yPuVKaz+fo/jf6a0egFrmiksLbmNc6W9Sf1zP67aTU+aIjXlxZcdi8w2dgAAoEejs6bfWQgAAAB9+jd0AQyjiOetzONW4CQ1zfbe57MeAAAA8A4VQxcAAAAAdK6e//d0/t/e+X8AAAAwjHT+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF3aVuvFZrmat83Z7dvJMxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACe2J93FAiBMAiDves7k7n/YaVBU1OTKhA+/sZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN7/7y/+JqXEmmXttLD2PJGunxtapsXduHP1hfP0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBif15SIASCIArmjP+d9P0PKwl6BhEioOFRRS0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCLfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBi535e46jiAIC/mdnZ2qq4RtlDRBQ86MVut7W1N/GgBA/+CUJItzV26482B1uKmIs3ybkX0aOIoMRb/4ecE8gl3nLYQwTPyszOZCc/wPXXzCb5fODN++4wzPu+WQj5znsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlEZvT+IkO3TGcVyc29x7uJT1W4f6zOO17fmsZXFUZ9Inw4vVD1G3uUQAAAA4O5Kyvg8h7KTrC1kfd/L6Py2vyWr+b58ex2U9f7juL/uy9s/aLz/vPr8/UGc8TnbTm8vDwaWjqbT+v1nOtmf+8opW/uTzdy9J/oXE760+N0rz5xl9vbHxTjsPz9WRLQDwT1ws+yIofx/K+n6TiQFwZrQqhXdZ/yedZnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqMNoNTxZxlEIYb41iTNbew+Xjusfr23Pl+3ao0dr4cvJPbNbpCGEm8vDwaVaZzPb7t1/cHtxOBzcrT94KYTQ1OhvFdO//cEUF4fQyPMR/EdBXHzZs5LPyQga/KEEAMCplBYtq+t30vWF7Fw0F8If3x2s/1+txGHK+n/3w2ub1bGq9X+/thnOvt7KnU979+4/eH35zuKtwa3Bx29c7r/Zv3L96tXrvfxdSc8bEwAAAP6ddtGq9X88d3T9/0IlDlPW/5990/+iOlai/j/WZNGv6UwAAADOtmdf/v236JjzUbsdPl9cWbnbHx/3P18eHxtI9W87V7Rq/Z/MNZ0VAAAAUIfRanRg/f9GJQ5Trv8/9f0LP1bvmYQQzhfr/xeXPhneqG86M62OPydueo4AAAA063zRquv/ab7/P97f8hCHEF57ZRwX/wZwqvo/eferH6pjVff/X6lvijMp7o6fR953Q2h1m84IAACA0+yJomXF/q/p+sJHP114v23/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDd/gwAAP//lKU+kQ==")

1.094309934s ago: executing program 6 (id=879):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000080)='\x00')

994.26179ms ago: executing program 6 (id=880):
r0 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0xc0045103, 0x0)

993.844076ms ago: executing program 6 (id=881):
io_uring_setup(0x5de1, &(0x7f0000000000)={0x0, 0x6cae, 0x1000, 0x1, 0x1e0})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x20a00, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xe825, 0x3400, 0x1, 0x3c3}, &(0x7f0000000dc0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

673.741447ms ago: executing program 3 (id=882):
r0 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5016, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x40, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x0, 0x1, {0x22, 0xa0}}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

285.894538ms ago: executing program 5 (id=883):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000140)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r1, 0x0)
ioctl$TCSETS(r0, 0x89f0, &(0x7f0000000100)={0xfffffffc, 0x0, 0x0, 0x7ff, 0x0, "5dee0000005940000000000f00"})

10.129705ms ago: executing program 6 (id=884):
openat(0xffffffffffffff9c, 0x0, 0x0, 0x72)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

0s ago: executing program 5 (id=885):
r0 = memfd_create(&(0x7f0000000000)='\x00\xc2\xea\x99\xbb\x1c\xdfjw\x97\x05\xa3\xa2\'\xdd\xe4q\xbf\t\x8c\xe0\x19`\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\b \xff\x13\x96\xe3?\xdfH\x8c\xe4V\xe2\xfe\v8\x04\xa5\xb9\xc4:\xf3\xf6y_w\xd8\xcf\x90k\x05\x00\xf9\x1e\xe8m\xec\x12\xa015\xc2\xb3u|K\x111\xd4\f8\xeb\x18\xad\xbb!1\x85\x96P\x1b\xa1\x9a\x81\xf8\xb1\xecB)\xe5\xaa7\xfe\xdd,_D\xe5|\xb1j^\xaec}\x1a\xb4\x17\xafP\x85I\xd5\xa0I\xb0\xaf\xb5\x8b\\\x05\xd7g\xcbV\x8e\xd0\xac\x87I7\xbd\xc6\x9bI\x92\xb2\x87.\xb3\x1fs\xe7%\xdd+\r\xb4\x117\xa7ei~\xb8\x16\xd1P\xf2\x84\x89K\x16\xd0F|\xa3\x89\xc9~9\x00'/204, 0xa)
fchmod(r0, 0xa0)

kernel console output (not intermixed with test programs):

adv: batadv0: Interface deactivated: batadv_slave_0
[  103.046956][ T7097] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.052775][ T7097] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.055703][ T7097] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.056301][ T7086] loop4: detected capacity change from 0 to 40427
[  103.064379][ T7086] F2FS-fs (loop4): build fault injection rate: 7
[  103.066361][ T7086] F2FS-fs (loop4): build fault injection type: 0x7698c
[  103.073078][ T7086] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  103.076643][ T7086] F2FS-fs (loop4): invalid crc value
[  103.081605][ T7086] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  103.085273][ T7086] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  103.089101][ T7086] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  103.095850][ T7086] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x18f/0xaa0
[  103.107479][ T7086] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  103.155151][ T7086] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x18f/0xaa0
[  103.170729][ T7086] CPU: 0 UID: 0 PID: 7086 Comm: syz.4.323 Not tainted syzkaller #0 PREEMPT(full) 
[  103.170745][ T7086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  103.170750][ T7086] Call Trace:
[  103.170754][ T7086]  <TASK>
[  103.170759][ T7086]  dump_stack_lvl+0x189/0x250
[  103.170776][ T7086]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.170787][ T7086]  ? __pfx_queue_work_on+0x10/0x10
[  103.170797][ T7086]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  103.170809][ T7086]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  103.170825][ T7086]  f2fs_handle_critical_error+0x37c/0x540
[  103.170841][ T7086]  f2fs_get_meta_folio_retry+0x84/0xa0
[  103.170854][ T7086]  f2fs_build_free_nids+0x896/0x11c0
[  103.170877][ T7086]  ? __pfx_f2fs_build_free_nids+0x10/0x10
[  103.170888][ T7086]  ? f2fs_build_node_manager+0x1bc7/0x2db0
[  103.170908][ T7086]  ? f2fs_fill_super+0x4462/0x6ff0
[  103.170924][ T7086]  f2fs_fill_super+0x4462/0x6ff0
[  103.170956][ T7086]  get_tree_bdev_flags+0x40e/0x4d0
[  103.170968][ T7086]  ? __pfx_f2fs_fill_super+0x10/0x10
[  103.170977][ T7086]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  103.170993][ T7086]  vfs_get_tree+0x92/0x2b0
[  103.171005][ T7086]  do_new_mount+0x2a2/0x9e0
[  103.171020][ T7086]  ? ns_capable+0x8a/0xf0
[  103.171028][ T7086]  ? __pfx_do_new_mount+0x10/0x10
[  103.171038][ T7086]  ? path_mount+0x61c/0xfe0
[  103.171049][ T7086]  ? user_path_at+0x44/0x60
[  103.171062][ T7086]  __se_sys_mount+0x317/0x410
[  103.171077][ T7086]  ? __pfx___se_sys_mount+0x10/0x10
[  103.171092][ T7086]  ? do_syscall_64+0xbe/0x3b0
[  103.171102][ T7086]  ? __x64_sys_mount+0x20/0xc0
[  103.171115][ T7086]  do_syscall_64+0xfa/0x3b0
[  103.171125][ T7086]  ? lockdep_hardirqs_on+0x9c/0x150
[  103.171136][ T7086]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.171145][ T7086]  ? exc_page_fault+0x9f/0xf0
[  103.171156][ T7086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.171164][ T7086] RIP: 0033:0x7f0adfd9038a
[  103.171173][ T7086] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.171180][ T7086] RSP: 002b:00007f0ae0c3fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  103.171190][ T7086] RAX: ffffffffffffffda RBX: 00007f0ae0c3fef0 RCX: 00007f0adfd9038a
[  103.171197][ T7086] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 00007f0ae0c3feb0
[  103.171202][ T7086] RBP: 0000200000000000 R08: 00007f0ae0c3fef0 R09: 0000000000000008
[  103.171208][ T7086] R10: 0000000000000008 R11: 0000000000000246 R12: 0000200000000040
[  103.171213][ T7086] R13: 00007f0ae0c3feb0 R14: 0000000000005530 R15: 0000200000000100
[  103.171227][ T7086]  </TASK>
[  103.171230][ T7086] F2FS-fs (loop4): Stopped filesystem due to reason: 2
[  103.253684][ T7107] loop3: detected capacity change from 0 to 512
[  103.264839][ T7086] F2FS-fs (loop4): NAT is corrupt, run fsck to fix it
[  103.288428][ T7086] F2FS-fs (loop4): Failed to initialize F2FS node manager (-117)
[  103.335104][ T7107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.357478][ T7107] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  103.417883][   T33] audit: type=1800 audit(1755569187.747:8): pid=7107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.328" name="file2" dev="loop3" ino=16 res=0 errno=0
[  103.454002][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.574279][ T7122] loop4: detected capacity change from 0 to 2048
[  103.604147][ T7122] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.634937][ T6911] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.648314][ T5898] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  103.817038][ T5898] usb 3-1: Using ep0 maxpacket: 16
[  103.824251][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  103.828622][ T5898] usb 3-1: New USB device found, idVendor=046d, idProduct=c531, bcdDevice= 0.00
[  103.832109][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.857401][ T5898] usb 3-1: config 0 descriptor??
[  103.867060][ T5237] Bluetooth: hci1: command tx timeout
[  104.413803][ T7135] loop3: detected capacity change from 0 to 8192
[  104.693537][ T5315] usb 3-1: USB disconnect, device number 10
[  106.336776][ T7148] loop2: detected capacity change from 0 to 32768
[  106.417525][ T7152] loop4: detected capacity change from 0 to 32768
[  106.421435][ T7152] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.339 (7152)
[  106.449871][ T7152] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  106.452807][ T7152] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  106.455801][ T7152] BTRFS info (device loop4): disk space caching is enabled
[  106.458458][ T7152] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  106.459850][ T7148] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  106.504257][   T33] audit: type=1800 audit(1755569190.827:9): pid=7148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.337" name="file1" dev="loop2" ino=17058 res=0 errno=0
[  106.593441][ T7152] BTRFS info (device loop4): rebuilding free space tree
[  106.606899][ T7152] BTRFS info (device loop4): disabling free space tree
[  106.609120][ T7152] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  106.612211][ T7152] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  106.622628][ T7175] loop3: detected capacity change from 0 to 512
[  106.638913][ T7175] EXT4-fs: Ignoring removed bh option
[  106.659338][ T7175] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  106.766664][ T7175] EXT4-fs (loop3): 1 truncate cleaned up
[  106.776595][ T7179] BTRFS info (device loop4 state M): max_inline set to 4096
[  106.783703][ T7175] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.843690][ T5853] ocfs2: Unmounting device (7,2) on (node local)
[  107.503241][   T33] audit: type=1326 audit(1755569191.827:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.342" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faed358ebe9 code=0x0
[  107.560864][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.563094][ T6911] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  107.809451][ T7191] delete_channel: no stack
[  108.000882][ T7190] loop4: detected capacity change from 0 to 32768
[  108.011991][ T7190] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.344 (7190)
[  108.029485][ T7190] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  108.032603][ T7190] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  108.035223][ T7190] BTRFS info (device loop4): using free-space-tree
[  108.115574][ T6911] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  108.236288][ T7212] netlink: 'syz.4.346': attribute type 9 has an invalid length.
[  108.521036][   T33] audit: type=1326 audit(1755569192.847:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7187 comm="syz.3.343" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fb18ebe9 code=0x7fc00000
[  109.006351][ T7235] random: crng reseeded on system resumption
[  109.477330][   T47] usb 3-1: new low-speed USB device number 11 using dummy_hcd
[  109.644101][   T47] usb 3-1: unable to get BOS descriptor or descriptor too short
[  109.653873][ T7244] loop3: detected capacity change from 0 to 512
[  109.654747][   T47] usb 3-1: config 9 has an invalid interface number: 166 but max is 1
[  109.667608][   T47] usb 3-1: config 9 has an invalid interface number: 224 but max is 1
[  109.683127][   T47] usb 3-1: config 9 has no interface number 0
[  109.685904][   T47] usb 3-1: config 9 has no interface number 1
[  109.687404][ T7244] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.696231][   T47] usb 3-1: config 9 interface 166 has no altsetting 0
[  109.696498][ T7244] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.704860][   T47] usb 3-1: config 9 interface 224 has no altsetting 0
[  109.740330][   T47] usb 3-1: string descriptor 0 read error: -22
[  109.742402][   T47] usb 3-1: New USB device found, idVendor=06f8, idProduct=3002, bcdDevice=d8.0a
[  109.745366][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.761294][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.852662][ T7254] loop4: detected capacity change from 0 to 256
[  109.863259][ T7254] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  109.901090][ T7254] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  109.904384][ T7254] FAT-fs (loop4): Filesystem has been set read-only
[  109.909436][ T7254] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  109.913913][ T7254] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  109.994424][ T6221] usb 3-1: USB disconnect, device number 11
[  110.306076][ T7268] loop4: detected capacity change from 0 to 1024
[  110.331968][ T7268] netlink: 16 bytes leftover after parsing attributes in process `syz.4.367'.
[  110.411798][ T7272] input: syz1 as /devices/virtual/input/input7
[  110.567457][ T7277] loop4: detected capacity change from 0 to 512
[  110.575552][ T7277] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  110.591031][ T7277] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=884ee02c, mo2=0102]
[  110.594504][ T7277] EXT4-fs (loop4): orphan cleanup on readonly fs
[  110.602742][ T7277] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.371: invalid indirect mapped block 2185560079 (level 1)
[  110.612989][ T7277] EXT4-fs (loop4): Remounting filesystem read-only
[  110.624258][ T7277] EXT4-fs (loop4): 1 truncate cleaned up
[  110.631379][ T7277] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback.
[  110.639890][ T7277] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.371: dx entry: limit 0 != root limit 125
[  110.644685][ T7277] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.371: Corrupt directory, running e2fsck is recommended
[  110.666766][ T7277] block device autoloading is deprecated and will be removed.
[  110.690572][ T6911] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  111.009468][ T7293] loop2: detected capacity change from 0 to 1024
[  111.360782][ T7302] loop4: detected capacity change from 0 to 512
[  111.450630][ T7302] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.455084][ T7302] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  111.515040][ T6911] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.022701][ T1023] hfsplus: b-tree write err: -5, ino 8
[  112.268942][ T7327] loop2: detected capacity change from 0 to 1024
[  112.271919][ T7327] EXT4-fs: Ignoring removed nobh option
[  112.273686][ T7327] EXT4-fs: Ignoring removed bh option
[  112.353774][ T7327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.421401][ T7312] loop4: detected capacity change from 0 to 32768
[  112.616946][ T6221] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  112.766999][ T6221] usb 4-1: Using ep0 maxpacket: 32
[  112.771125][ T6221] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[  112.774671][ T6221] usb 4-1: config 0 has no interface number 0
[  112.779360][ T6221] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  112.783742][ T6221] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  112.793526][ T6221] usb 4-1: config 0 interface 126 has no altsetting 0
[  112.799648][ T6221] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  112.803578][ T6221] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.807281][ T6221] usb 4-1: Product: syz
[  112.809082][ T6221] usb 4-1: Manufacturer: syz
[  112.811105][ T6221] usb 4-1: SerialNumber: syz
[  112.817689][ T6221] usb 4-1: config 0 descriptor??
[  112.822069][ T7334] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  112.825311][ T7334] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  112.836637][ T7337] loop4: detected capacity change from 0 to 512
[  112.863116][ T7337] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.870628][ T7337] ext4 filesystem being mounted at /35/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  113.020946][ T6911] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.062677][ T7335] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  113.109025][ T7345] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  113.249384][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.277425][ T6221] ir_usb 4-1:0.126: IR Dongle converter detected
[  113.472191][ T7350] loop4: detected capacity change from 0 to 32768
[  113.476521][ T6221] usb 4-1: IRDA class descriptor not found, device not bound
[  113.517612][ T7350] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  113.684083][ T6221] usb 4-1: USB disconnect, device number 10
[  113.741789][ T7350] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = 
[  113.751163][ T7350] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  113.754561][ T7350] OCFS2: File system is now read-only.
[  113.768246][ T7350] (syz.4.392,7350,0):ocfs2_find_entry_id:407 ERROR: status = -30
[  113.774033][ T7350] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = 
[  113.781464][ T7350] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  113.784886][ T7350] (syz.4.392,7350,0):ocfs2_assign_bh:2417 ERROR: status = -30
[  113.787978][ T7350] (syz.4.392,7350,0):ocfs2_inode_lock_full_nested:2512 ERROR: status = -30
[  113.791117][ T7350] (syz.4.392,7350,0):ocfs2_mknod:275 ERROR: status = -30
[  113.793702][ T7350] (syz.4.392,7350,0):ocfs2_create:678 ERROR: status = -30
[  113.841424][ T6911] ocfs2: Unmounting device (7,4) on (node local)
[  114.073637][ T7376] loop2: detected capacity change from 0 to 32768
[  114.105763][ T7376] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  114.113458][ T7376] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  114.210026][ T7385] loop4: detected capacity change from 0 to 32768
[  114.216961][ T7385] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.402 (7385)
[  114.341139][ T7385] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  114.344150][ T7385] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  114.388396][ T7385] BTRFS info (device loop4): using free-space-tree
[  114.677041][ T5237] Bluetooth: hci0: command 0x040f tx timeout
[  114.689017][   T33] audit: type=1800 audit(1755569199.017:12): pid=7385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.402" name="file0" dev="loop4" ino=258 res=0 errno=0
[  114.774405][ T6911] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  114.794572][ T5853] ocfs2: Unmounting device (7,2) on (node local)
[  115.020732][ T7411] loop3: detected capacity change from 0 to 32768
[  115.086359][ T7431] loop4: detected capacity change from 0 to 256
[  115.091378][ T7411] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.160913][ T7411] XFS (loop3): Ending clean mount
[  115.177916][ T7411] XFS (loop3): Quotacheck needed: Please wait.
[  115.214090][ T7411] XFS (loop3): Quotacheck: Done.
[  115.399437][ T5974] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.746936][    T9] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  115.898981][    T9] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  115.904871][    T9] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  115.909286][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.911922][    T9] usb 5-1: Product: syz
[  115.917123][    T9] usb 5-1: Manufacturer: syz
[  115.918721][    T9] usb 5-1: SerialNumber: syz
[  115.930215][    T9] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  116.173679][ T7468] loop3: detected capacity change from 0 to 32768
[  116.191672][ T7468] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  116.210155][ T7468] XFS (loop3): Ending clean mount
[  116.215384][ T7468] XFS (loop3): Quotacheck needed: Please wait.
[  116.242737][ T7468] XFS (loop3): Quotacheck: Done.
[  116.271624][ T5974] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  116.276884][ T6221] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  116.426983][ T6221] usb 3-1: Using ep0 maxpacket: 8
[  116.431257][ T6221] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  116.442905][ T6221] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  116.446103][ T6221] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  116.450069][ T6221] usb 3-1: Product: syz
[  116.451807][ T6221] usb 3-1: Manufacturer: syz
[  116.453606][ T6221] usb 3-1: SerialNumber: syz
[  116.665886][ T6221] usb 3-1: Handspring Visor / Palm OS: No valid connect info available
[  116.669506][ T6221] usb 3-1: Handspring Visor / Palm OS: port 255, is for unknown use
[  116.673430][ T6221] usb 3-1: Handspring Visor / Palm OS: port 255, is for unknown use
[  116.676350][ T6221] usb 3-1: Handspring Visor / Palm OS: Number of ports: 2
[  116.700003][ T7484] loop3: detected capacity change from 0 to 32768
[  116.709957][ T7484] JBD2: Ignoring recovery information on journal
[  116.754654][ T7484] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  116.758828][ T5237] Bluetooth: hci0: command 0x040f tx timeout
[  116.764768][    T9] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  116.779687][    T9] usb 5-1: USB disconnect, device number 2
[  116.794712][ T7484] (syz.3.419,7484,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 22
[  116.810773][ T7484] ocfs2: Unmounting device (7,3) on (node local)
[  116.874480][ T6221] usb 3-1: palm_os_3_probe - error -71 getting bytes available request
[  116.881486][ T6221] visor 3-1:1.0: Handspring Visor / Palm OS converter detected
[  116.897712][ T6221] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  116.907369][ T6221] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  116.917892][ T6221] usb 3-1: USB disconnect, device number 12
[  116.926197][ T6221] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  116.933086][ T6221] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  116.936784][ T6221] visor 3-1:1.0: device disconnected
[  117.334213][ T7497] loop4: detected capacity change from 0 to 4096
[  117.359802][   T47] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  117.359873][ T7498] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  117.380421][   T33] audit: type=1800 audit(1755569201.707:13): pid=7497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.424" name="file1" dev="loop4" ino=15 res=0 errno=0
[  117.400653][   T33] audit: type=1800 audit(1755569201.727:14): pid=7497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.424" name="file1" dev="loop4" ino=15 res=0 errno=0
[  117.520080][   T47] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  117.522980][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.525395][   T47] usb 4-1: Product: syz
[  117.537091][   T47] usb 4-1: Manufacturer: syz
[  117.538637][   T47] usb 4-1: SerialNumber: syz
[  117.558487][   T47] r8152-cfgselector 4-1: Unknown version 0x0000
[  117.560389][   T47] r8152-cfgselector 4-1: config 0 descriptor??
[  117.696973][ T5885] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  117.791037][ T7508] ieee802154 phy1 wpan1: encryption failed: -22
[  117.828130][ T7510] loop4: detected capacity change from 0 to 128
[  117.841306][ T7510] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002]
[  117.845514][ T7510] System zones: 1-3, 19-19, 35-36
[  117.853093][ T7510] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  117.861725][ T7510] ext4 filesystem being mounted at /49/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  117.871806][ T5885] usb 3-1: Using ep0 maxpacket: 8
[  117.876989][ T5885] usb 3-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  117.879779][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.882183][ T5885] usb 3-1: Product: syz
[  117.883453][ T5885] usb 3-1: Manufacturer: syz
[  117.891482][   T33] audit: type=1800 audit(1755569202.217:15): pid=7510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.429" name="file0" dev="loop4" ino=12 res=0 errno=0
[  117.898139][ T5885] usb 3-1: SerialNumber: syz
[  117.901021][ T5885] usb 3-1: config 0 descriptor??
[  117.902257][   T33] audit: type=1800 audit(1755569202.217:16): pid=7510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.429" name="file0" dev="loop4" ino=12 res=0 errno=0
[  117.917252][ T5885] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  117.922558][ T6911] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  118.013972][ T7519] netlink: 52 bytes leftover after parsing attributes in process `syz.4.431'.
[  118.028015][   T47] r8152-cfgselector 4-1: USB disconnect, device number 11
[  118.817964][   T47] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  118.918112][ T5885] gspca_sonixj: reg_w err -71
[  118.919950][ T5885] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  118.925098][ T5885] usb 3-1: USB disconnect, device number 13
[  118.976997][   T47] usb 4-1: Using ep0 maxpacket: 32
[  118.981225][   T47] usb 4-1: config 0 has an invalid interface number: 247 but max is 0
[  118.983860][   T47] usb 4-1: config 0 has no interface number 0
[  118.987002][   T47] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice= 1.9b
[  118.989924][   T47] usb 4-1: New USB device strings: Mfr=128, Product=0, SerialNumber=0
[  118.992606][   T47] usb 4-1: Manufacturer: syz
[  118.995516][   T47] usb 4-1: config 0 descriptor??
[  119.208004][    T9] usb 4-1: USB disconnect, device number 12
[  119.811239][ T7545] loop3: detected capacity change from 0 to 8
[  119.825996][ T7545] squashfs image failed sanity check
[  120.546962][ T5315] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  120.777030][ T5315] usb 4-1: Using ep0 maxpacket: 8
[  120.782331][ T5315] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  120.785787][ T5315] usb 4-1: config 0 has no interface number 0
[  120.791146][ T5315] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  120.794808][ T5315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.799772][ T5315] usb 4-1: Product: syz
[  120.805161][ T5315] usb 4-1: Manufacturer: syz
[  120.809614][ T5315] usb 4-1: SerialNumber: syz
[  120.815382][ T5315] usb 4-1: config 0 descriptor??
[  121.032783][ T5315] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  121.035523][ T5315] usb 4-1: No valid video chain found.
[  121.240788][    T9] usb 4-1: USB disconnect, device number 13
[  121.573623][ T7568] loop2: detected capacity change from 0 to 40427
[  121.584869][ T7568] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  121.587582][ T7568] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  121.591147][ T7568] F2FS-fs (loop2): invalid crc value
[  121.642431][ T7568] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  121.654008][ T7568] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  121.657199][ T7568] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  121.665741][ T7568] fscrypt (loop2, inode 3): Error -61 getting encryption context
[  121.800904][ T7574] loop3: detected capacity change from 0 to 512
[  121.817114][ T7574] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  121.852184][ T7574] EXT4-fs (loop3): 1 truncate cleaned up
[  121.855884][ T7574] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.899791][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.116436][ T7584] loop4: detected capacity change from 0 to 2048
[  122.173992][ T7584] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  122.824431][ T7589] loop2: detected capacity change from 0 to 32768
[  122.882607][ T7589] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.063741][ T7589] XFS (loop2): Ending clean mount
[  123.121196][ T5853] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.150171][ T7591] loop4: detected capacity change from 0 to 40427
[  123.156200][ T7591] F2FS-fs (loop4): invalid crc value
[  123.368945][ T7591] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  123.372362][ T7591] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  123.451050][ T6911] syz-executor: attempt to access beyond end of device
[  123.451050][ T6911] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  123.457725][ T6911] CPU: 1 UID: 0 PID: 6911 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  123.457739][ T6911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  123.457744][ T6911] Call Trace:
[  123.457748][ T6911]  <TASK>
[  123.457752][ T6911]  dump_stack_lvl+0x189/0x250
[  123.457768][ T6911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.457778][ T6911]  ? __pfx_queue_work_on+0x10/0x10
[  123.457786][ T6911]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  123.457798][ T6911]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  123.457813][ T6911]  f2fs_handle_critical_error+0x37c/0x540
[  123.457829][ T6911]  f2fs_write_end_io+0x886/0xb60
[  123.457844][ T6911]  __submit_merged_bio+0x27a/0x6a0
[  123.457859][ T6911]  __submit_merged_write_cond+0x255/0x530
[  123.457873][ T6911]  f2fs_write_data_pages+0x261d/0x3000
[  123.457884][ T6911]  ? __lock_acquire+0xab9/0xd20
[  123.457910][ T6911]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  123.457952][ T6911]  ? kthread_stop+0x194/0x5c0
[  123.457960][ T6911]  ? kill_f2fs_super+0x137/0x6c0
[  123.457967][ T6911]  ? deactivate_locked_super+0xbc/0x130
[  123.457981][ T6911]  ? __lock_acquire+0xab9/0xd20
[  123.457999][ T6911]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  123.458011][ T6911]  do_writepages+0x32e/0x550
[  123.458052][ T6911]  ? do_raw_spin_unlock+0x4d/0x240
[  123.458064][ T6911]  filemap_fdatawrite+0x199/0x240
[  123.458076][ T6911]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  123.458107][ T6911]  ? do_raw_spin_unlock+0x4d/0x240
[  123.458118][ T6911]  f2fs_sync_dirty_inodes+0x31f/0x830
[  123.458133][ T6911]  f2fs_write_checkpoint+0x95a/0x1df0
[  123.458152][ T6911]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  123.458181][ T6911]  ? kill_f2fs_super+0x298/0x6c0
[  123.458192][ T6911]  kill_f2fs_super+0x2c3/0x6c0
[  123.458202][ T6911]  ? __pfx_kill_f2fs_super+0x10/0x10
[  123.458209][ T6911]  ? radix_tree_delete_item+0x2b6/0x400
[  123.458223][ T6911]  ? shrinker_free+0x2ce/0x3e0
[  123.458233][ T6911]  deactivate_locked_super+0xbc/0x130
[  123.458243][ T6911]  cleanup_mnt+0x425/0x4c0
[  123.458253][ T6911]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.458265][ T6911]  task_work_run+0x1d4/0x260
[  123.458277][ T6911]  ? __pfx_task_work_run+0x10/0x10
[  123.458287][ T6911]  ? __x64_sys_umount+0x122/0x160
[  123.458300][ T6911]  ? exit_to_user_mode_loop+0x40/0x110
[  123.458313][ T6911]  exit_to_user_mode_loop+0xec/0x110
[  123.458324][ T6911]  do_syscall_64+0x2bd/0x3b0
[  123.458335][ T6911]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.458344][ T6911]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.458353][ T6911]  ? exc_page_fault+0x9f/0xf0
[  123.458364][ T6911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.458372][ T6911] RIP: 0033:0x7f0adfd8ff17
[  123.458380][ T6911] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  123.458388][ T6911] RSP: 002b:00007ffd0f67a228 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  123.458397][ T6911] RAX: 0000000000000000 RBX: 00007f0adfe11c05 RCX: 00007f0adfd8ff17
[  123.458403][ T6911] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd0f67a2e0
[  123.458408][ T6911] RBP: 00007ffd0f67a2e0 R08: 0000000000000000 R09: 0000000000000000
[  123.458413][ T6911] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd0f67b370
[  123.458418][ T6911] R13: 00007f0adfe11c05 R14: 000000000001e1c0 R15: 00007ffd0f67b3b0
[  123.458434][ T6911]  </TASK>
[  123.458437][ T6911] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  123.478701][ T7607] loop2: detected capacity change from 0 to 512
[  123.658994][ T7607] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.462: bg 0: block 248: padding at end of block bitmap is not set
[  123.672760][ T7607] Quota error (device loop2): write_blk: dquota write failed
[  123.681353][ T7607] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  123.684620][ T7607] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.462: Failed to acquire dquot type 1
[  123.723348][ T7607] EXT4-fs (loop2): 1 truncate cleaned up
[  123.726409][ T7607] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.737142][ T7607] ext4 filesystem being mounted at /145/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  123.752957][ T7607] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 2 index 2
[  123.767091][ T7607] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 131074
[  123.770346][ T7607] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.462: Failed to acquire dquot type 1
[  123.821279][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.874716][ T7613] loop3: detected capacity change from 0 to 32768
[  123.897898][ T7613] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.465 (7613)
[  124.195538][ T7613] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  124.203274][ T7613] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  124.210763][ T7613] BTRFS info (device loop3): using free-space-tree
[  124.328707][ T5974] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  124.356040][ T7640] loop4: detected capacity change from 0 to 1024
[  124.366132][ T7640] EXT4-fs: Ignoring removed orlov option
[  124.394027][ T7640] EXT4-fs (loop4): Test dummy encryption mode enabled
[  124.413188][ T7640] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.710013][ T6911] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.855992][ T7643] loop3: detected capacity change from 0 to 32768
[  124.859099][ T7643] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.467 (7643)
[  124.870108][ T7643] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  124.873720][ T7643] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  124.876703][ T7643] BTRFS info (device loop3): using free-space-tree
[  125.087859][ T5974] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  125.205422][ T7647] loop4: detected capacity change from 0 to 32768
[  125.355674][ T7647] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  125.355689][ T7647]   allowing incompatible features above 0.0: (unknown version)
[  125.355694][ T7647]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  125.387132][ T7647] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  125.401172][ T7647] bcachefs (loop4): initializing new filesystem
[  125.428909][ T7647] bcachefs (loop4): going read-write
[  125.451018][ T7647] bcachefs (loop4): marking superblocks
[  125.503227][ T7647] bcachefs (loop4): initializing freespace
[  125.505537][ T7689] loop2: detected capacity change from 0 to 2048
[  125.513569][ T7647] bcachefs (loop4): done initializing freespace
[  125.521681][ T7647] bcachefs (loop4): reading snapshots table
[  125.524103][ T7647] bcachefs (loop4): reading snapshots done
[  125.548388][ T7647] bcachefs (loop4): done starting filesystem
[  125.553592][ T7137] Dev loop2: RDB in block 1 has bad checksum
[  125.565251][ T7689] Dev loop2: RDB in block 1 has bad checksum
[  125.609179][ T7691] loop3: detected capacity change from 0 to 2048
[  125.626262][ T7691] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  125.861982][   T33] audit: type=1800 audit(1755569210.187:17): pid=7697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.468" name="file1" dev="loop4" ino=4098 res=0 errno=0
[  126.105396][ T7701] loop3: detected capacity change from 0 to 16
[  126.125548][ T7701] erofs (device loop3): mounted with root inode @ nid 36.
[  126.176385][ T7703] loop3: detected capacity change from 0 to 512
[  126.181634][ T7703] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  126.362559][ T7705] loop3: detected capacity change from 0 to 32768
[  126.395740][ T6911] bcachefs (loop4): shutting down
[  126.402271][ T6911] bcachefs (loop4): going read-only
[  126.405978][ T6911] bcachefs (loop4): finished waiting for writes to stop
[  126.408902][ T6911] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  126.419321][ T7705] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256
[  126.419344][ T7705]   allowing incompatible features above 0.0: (unknown version)
[  126.419353][ T7705]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  126.428177][ T6911] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 4
[  126.429115][ T7705] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  126.441011][ T6911] bcachefs (loop4): clean shutdown complete, journal seq 5
[  126.444841][ T7705] bcachefs (loop3): initializing new filesystem
[  126.446657][ T6911] bcachefs (loop4): marking filesystem clean
[  126.464459][ T7705] bcachefs (loop3): going read-write
[  126.470248][ T7705] bcachefs (loop3): marking superblocks
[  126.470408][ T6911] bcachefs (loop4): shutdown complete
[  126.503940][ T7705] bcachefs (loop3): initializing freespace
[  126.511286][ T7705] bcachefs (loop3): done initializing freespace
[  126.534943][ T7705] bcachefs (loop3): reading snapshots table
[  126.538686][ T7705] bcachefs (loop3): reading snapshots done
[  126.559002][ T7705] bcachefs (loop3): done starting filesystem
[  126.634190][ T5974] bcachefs (loop3): shutting down
[  126.636022][ T5974] bcachefs (loop3): going read-only
[  126.669101][ T5974] bcachefs (loop3): finished waiting for writes to stop
[  126.697672][ T5974] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  126.742331][ T5974] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 2
[  126.756232][ T7719] loop2: detected capacity change from 0 to 512
[  126.761091][ T5974] bcachefs (loop3): clean shutdown complete, journal seq 3
[  126.763895][ T5974] bcachefs (loop3): marking filesystem clean
[  126.776938][ T7719] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  126.785593][ T7719] EXT4-fs (loop2): 1 truncate cleaned up
[  126.788492][ T7719] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.802163][ T5974] bcachefs (loop3): shutdown complete
[  126.843909][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.113392][ T7724] loop2: detected capacity change from 0 to 32768
[  127.125519][ T7724] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  127.157967][ T5853] ocfs2: Unmounting device (7,2) on (node local)
[  127.213706][ T7740] loop2: detected capacity change from 0 to 8
[  127.357125][    T9] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  127.523853][    T9] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  127.527214][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  127.530946][    T9] usb 5-1: config 0 has no interface number 0
[  127.533713][    T9] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10
[  127.538034][    T9] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  127.541692][    T9] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  127.546615][    T9] usb 5-1: config 0 interface 52 has no altsetting 0
[  127.550571][    T9] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  127.554410][    T9] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  127.557871][    T9] usb 5-1: Manufacturer: syz
[  127.569941][    T9] usb 5-1: config 0 descriptor??
[  127.578006][    T9] hub 5-1:0.52: bad descriptor, ignoring hub
[  127.580477][    T9] hub 5-1:0.52: probe with driver hub failed with error -5
[  127.792627][    T9] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  127.796555][    T9] synaptics_usb 5-1:0.52: probe with driver synaptics_usb failed with error -5
[  128.097076][   T47] usb 5-1: USB disconnect, device number 3
[  128.147609][ T5315] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  128.152288][ T7750] loop2: detected capacity change from 0 to 512
[  128.172108][ T7750] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  128.183289][ T7750] EXT4-fs (loop2): 1 truncate cleaned up
[  128.188478][ T7750] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.206876][   T33] audit: type=1800 audit(1755569212.527:18): pid=7750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.499" name="file1" dev="loop2" ino=15 res=0 errno=0
[  128.308805][ T5315] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.312506][ T5315] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.315910][ T5315] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  128.325170][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.333126][ T5315] usb 4-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  128.336982][ T5315] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  128.339441][ T5315] usb 4-1: Product: syz
[  128.354699][ T5315] usb 4-1: config 0 descriptor??
[  128.645457][ T7757] loop4: detected capacity change from 0 to 4096
[  128.653301][ T7757] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  128.678982][ T7757] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  128.686661][ T7757] ntfs3(loop4): Failed to load $UpCase (-22).
[  128.780660][ T5315] waltop 0003:172F:0037.0006: unknown main item tag 0x0
[  128.782830][ T5315] waltop 0003:172F:0037.0006: unknown main item tag 0x0
[  128.784862][ T5315] waltop 0003:172F:0037.0006: unknown main item tag 0x0
[  128.799700][ T5315] waltop 0003:172F:0037.0006: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  128.980450][ T5315] usb 4-1: USB disconnect, device number 14
[  129.070300][ T7765] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  129.072999][ T7765] IPv6: NLM_F_CREATE should be set when creating new route
[  129.186961][ T7767] Bluetooth: hci3: Frame reassembly failed (-84)
[  129.557083][ T5898] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  129.656722][ T7773] loop3: detected capacity change from 0 to 32768
[  129.673415][ T7773] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  129.700231][ T7773] XFS (loop3): Ending clean mount
[  129.706541][ T7773] XFS (loop3): Quotacheck needed: Please wait.
[  129.708729][ T5898] usb 5-1: Using ep0 maxpacket: 8
[  129.711871][ T5898] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  129.720338][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.725207][ T5898] usb 5-1: config 0 descriptor??
[  129.755275][ T7773] XFS (loop3): Quotacheck: Done.
[  129.785482][ T5974] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  129.943265][ T5898] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  129.951025][ T5898] asix 5-1:0.0: probe with driver asix failed with error -71
[  129.955399][ T5898] usb 5-1: USB disconnect, device number 4
[  130.091820][   T33] audit: type=1326 audit(1755569214.417:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.3.512" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79fb18ebe9 code=0x0
[  130.293917][ T7797] loop3: detected capacity change from 0 to 1024
[  130.603451][ T7801] loop3: detected capacity change from 0 to 4096
[  130.626462][ T7807] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  130.653817][ T7801] NILFS error (device loop3): nilfs_dotdot: directory #12 missing '.'
[  130.677473][ T7801] Remounting filesystem read-only
[  130.704098][ T5974] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  130.800435][ T7809] loop3: detected capacity change from 0 to 1024
[  130.815308][ T7809] EXT4-fs: inline encryption not supported
[  130.818917][ T7809] EXT4-fs: Ignoring removed bh option
[  130.839012][ T7809] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.860981][ T7809] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.521: Allocating blocks 257-513 which overlap fs metadata
[  130.872002][ T7809] EXT4-fs (loop3): Remounting filesystem read-only
[  130.906311][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.927653][ T7806] loop4: detected capacity change from 0 to 32768
[  130.934137][ T7806] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.520 (7806)
[  130.950826][ T7806] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  130.954726][ T7806] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  130.968708][ T7806] BTRFS info (device loop4): using free-space-tree
[  131.002762][ T7827] loop3: detected capacity change from 0 to 16
[  131.028363][ T7827] erofs (device loop3): mounted with root inode @ nid 36.
[  131.053408][ T7827] erofs (device loop3): inline data across blocks @ nid 36
[  131.081512][ T6911] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  131.217306][ T7834] netlink: 12 bytes leftover after parsing attributes in process `syz.4.523'.
[  131.237084][ T5237] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  131.491807][ T7842] loop4: detected capacity change from 0 to 4096
[  131.514116][ T7842] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  131.547664][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.530'.
[  131.553049][ T7842] ntfs3(loop4): Failed to load $Extend (-22).
[  131.555359][ T7842] ntfs3(loop4): Failed to initialize $Extend.
[  131.559164][ T7846] netlink: 36 bytes leftover after parsing attributes in process `syz.3.530'.
[  131.641275][ T7850] loop6: detected capacity change from 0 to 63
[  131.646038][ T7850] Buffer I/O error on dev loop6, logical block 0, async page read
[  131.661277][ T7850] Buffer I/O error on dev loop6, logical block 0, async page read
[  131.667164][ T7137] Buffer I/O error on dev loop6, logical block 0, async page read
[  131.670716][ T7137] Buffer I/O error on dev loop6, logical block 0, async page read
[  131.673604][ T7137] Buffer I/O error on dev loop6, logical block 0, async page read
[  131.676404][ T7137] Buffer I/O error on dev loop6, logical block 0, async page read
[  131.689622][ T7137] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.197727][ T5885] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  132.377967][ T5885] usb 4-1: Using ep0 maxpacket: 8
[  132.384132][ T5885] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  132.390764][ T5885] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  132.391131][ T7866] loop2: detected capacity change from 0 to 1024
[  132.393671][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.409571][ T5885] usb 4-1: config 0 descriptor??
[  132.432776][ T5885] iowarrior 4-1:0.0: no interrupt-in endpoint found
[  132.595445][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  132.651819][ T5885] usb 4-1: USB disconnect, device number 15
[  132.894255][ T7870] IPv6: addrconf: prefix option has invalid lifetime
[  133.823884][ T7877] loop3: detected capacity change from 0 to 40427
[  133.835474][ T7877] F2FS-fs: heap/no_heap options were deprecated
[  133.843699][ T7877] F2FS-fs (loop3): build fault injection rate: 19
[  133.845724][ T7877] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  133.866464][ T7877] F2FS-fs (loop3): invalid crc value
[  133.880779][ T7877] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  133.925074][ T7881] loop2: detected capacity change from 0 to 40427
[  133.929601][ T7881] F2FS-fs (loop2): invalid crc value
[  133.987876][ T7881] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  133.991108][ T7881] F2FS-fs (loop2): Start checkpoint disabled!
[  133.996645][ T7881] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  133.996691][ T7877] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  134.013670][ T7877] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  134.022089][ T7877] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  134.033371][ T4743] kworker/u10:7: attempt to access beyond end of device
[  134.033371][ T4743] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  134.041573][ T4743] CPU: 0 UID: 0 PID: 4743 Comm: kworker/u10:7 Not tainted syzkaller #0 PREEMPT(full) 
[  134.041586][ T4743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  134.041591][ T4743] Workqueue: writeback wb_workfn (flush-7:2)
[  134.041606][ T4743] Call Trace:
[  134.041610][ T4743]  <TASK>
[  134.041614][ T4743]  dump_stack_lvl+0x189/0x250
[  134.041627][ T4743]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.041637][ T4743]  ? __pfx_queue_work_on+0x10/0x10
[  134.041645][ T4743]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  134.041656][ T4743]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.041671][ T4743]  f2fs_handle_critical_error+0x37c/0x540
[  134.041686][ T4743]  f2fs_write_end_io+0x886/0xb60
[  134.041707][ T4743]  __submit_merged_bio+0x27a/0x6a0
[  134.041721][ T4743]  __submit_merged_write_cond+0x255/0x530
[  134.041735][ T4743]  f2fs_write_data_pages+0x261d/0x3000
[  134.041762][ T4743]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.041780][ T4743]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  134.041804][ T4743]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  134.041815][ T4743]  ? look_up_lock_class+0x74/0x170
[  134.041830][ T4743]  ? trace_f2fs_writepages+0x7f/0x200
[  134.041841][ T4743]  ? f2fs_write_node_pages+0x478/0x6e0
[  134.041854][ T4743]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  134.041870][ T4743]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.041882][ T4743]  do_writepages+0x32e/0x550
[  134.041895][ T4743]  ? reacquire_held_locks+0x127/0x1d0
[  134.041904][ T4743]  ? writeback_sb_inodes+0x384/0x1010
[  134.041918][ T4743]  __writeback_single_inode+0x145/0xff0
[  134.041928][ T4743]  ? do_raw_spin_unlock+0x4d/0x240
[  134.041940][ T4743]  writeback_sb_inodes+0x6c7/0x1010
[  134.041964][ T4743]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  134.041992][ T4743]  ? rcu_is_watching+0x15/0xb0
[  134.042005][ T4743]  wb_writeback+0x43b/0xaf0
[  134.042019][ T4743]  ? queue_io+0x351/0x590
[  134.042030][ T4743]  ? __pfx_wb_writeback+0x10/0x10
[  134.042044][ T4743]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.042056][ T4743]  wb_workfn+0x409/0xef0
[  134.042071][ T4743]  ? __pfx_wb_workfn+0x10/0x10
[  134.042081][ T4743]  ? __lock_acquire+0xab9/0xd20
[  134.042098][ T4743]  ? process_scheduled_works+0x9ef/0x17b0
[  134.042109][ T4743]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.042118][ T4743]  ? process_scheduled_works+0x9ef/0x17b0
[  134.042125][ T4743]  ? process_scheduled_works+0x9ef/0x17b0
[  134.042133][ T4743]  process_scheduled_works+0xae1/0x17b0
[  134.042154][ T4743]  ? __pfx_process_scheduled_works+0x10/0x10
[  134.042172][ T4743]  worker_thread+0x8a0/0xda0
[  134.042181][ T4743]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.042194][ T4743]  ? __kthread_parkme+0x7b/0x200
[  134.042208][ T4743]  kthread+0x711/0x8a0
[  134.042219][ T4743]  ? __pfx_worker_thread+0x10/0x10
[  134.042227][ T4743]  ? __pfx_kthread+0x10/0x10
[  134.042237][ T4743]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.042268][ T4743]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.042279][ T4743]  ? __pfx_kthread+0x10/0x10
[  134.042288][ T4743]  ret_from_fork+0x3fc/0x770
[  134.042299][ T4743]  ? __pfx_ret_from_fork+0x10/0x10
[  134.042310][ T4743]  ? __switch_to_asm+0x39/0x70
[  134.042319][ T4743]  ? __switch_to_asm+0x33/0x70
[  134.042328][ T4743]  ? __pfx_kthread+0x10/0x10
[  134.042338][ T4743]  ret_from_fork_asm+0x1a/0x30
[  134.042355][ T4743]  </TASK>
[  134.042359][ T4743] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  134.079882][ T7877] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  134.183504][ T5974] syz-executor: attempt to access beyond end of device
[  134.183504][ T5974] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  134.192121][ T5974] CPU: 0 UID: 0 PID: 5974 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  134.192135][ T5974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  134.192141][ T5974] Call Trace:
[  134.192145][ T5974]  <TASK>
[  134.192150][ T5974]  dump_stack_lvl+0x189/0x250
[  134.192170][ T5974]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.192180][ T5974]  ? __pfx_queue_work_on+0x10/0x10
[  134.192189][ T5974]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  134.192201][ T5974]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.192217][ T5974]  f2fs_handle_critical_error+0x37c/0x540
[  134.192233][ T5974]  f2fs_write_end_io+0x886/0xb60
[  134.192272][ T5974]  __submit_merged_bio+0x27a/0x6a0
[  134.192288][ T5974]  __submit_merged_write_cond+0x255/0x530
[  134.192302][ T5974]  f2fs_write_data_pages+0x261d/0x3000
[  134.192332][ T5974]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.192373][ T5974]  ? folios_put_refs+0x559/0x640
[  134.192389][ T5974]  ? __lock_acquire+0xab9/0xd20
[  134.192406][ T5974]  ? do_raw_spin_lock+0x121/0x290
[  134.192421][ T5974]  ? do_raw_spin_unlock+0x4d/0x240
[  134.192431][ T5974]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.192444][ T5974]  do_writepages+0x32e/0x550
[  134.192460][ T5974]  ? do_raw_spin_unlock+0x4d/0x240
[  134.192472][ T5974]  filemap_fdatawrite+0x199/0x240
[  134.192483][ T5974]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  134.192519][ T5974]  ? do_raw_spin_unlock+0x4d/0x240
[  134.192531][ T5974]  f2fs_sync_dirty_inodes+0x31f/0x830
[  134.192547][ T5974]  f2fs_write_checkpoint+0x95a/0x1df0
[  134.192568][ T5974]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  134.192601][ T5974]  ? kill_f2fs_super+0x298/0x6c0
[  134.192617][ T5974]  kill_f2fs_super+0x2c3/0x6c0
[  134.192628][ T5974]  ? __pfx_kill_f2fs_super+0x10/0x10
[  134.192635][ T5974]  ? radix_tree_delete_item+0x2b6/0x400
[  134.192650][ T5974]  ? shrinker_free+0x2ce/0x3e0
[  134.192661][ T5974]  deactivate_locked_super+0xbc/0x130
[  134.192673][ T5974]  cleanup_mnt+0x425/0x4c0
[  134.192683][ T5974]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.192695][ T5974]  task_work_run+0x1d4/0x260
[  134.192707][ T5974]  ? __pfx_task_work_run+0x10/0x10
[  134.192716][ T5974]  ? __x64_sys_umount+0x122/0x160
[  134.192730][ T5974]  ? exit_to_user_mode_loop+0x40/0x110
[  134.192744][ T5974]  exit_to_user_mode_loop+0xec/0x110
[  134.192755][ T5974]  do_syscall_64+0x2bd/0x3b0
[  134.192766][ T5974]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.192775][ T5974]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.192784][ T5974]  ? exc_page_fault+0x9f/0xf0
[  134.192795][ T5974]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.192803][ T5974] RIP: 0033:0x7f79fb18ff17
[  134.192811][ T5974] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  134.192819][ T5974] RSP: 002b:00007ffd61508558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  134.192829][ T5974] RAX: 0000000000000000 RBX: 00007f79fb211c05 RCX: 00007f79fb18ff17
[  134.192834][ T5974] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd61508610
[  134.192839][ T5974] RBP: 00007ffd61508610 R08: 0000000000000000 R09: 0000000000000000
[  134.192845][ T5974] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd615096a0
[  134.192850][ T5974] R13: 00007f79fb211c05 R14: 0000000000020bae R15: 00007ffd615096e0
[  134.192865][ T5974]  </TASK>
[  134.192869][ T5974] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  134.559313][ T7897] loop2: detected capacity change from 0 to 32768
[  134.568424][ T7897] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.550 (7897)
[  134.582495][ T7897] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  134.589298][ T7897] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  134.661782][ T7897] BTRFS info (device loop2): rebuilding free space tree
[  134.685291][ T7897] BTRFS info (device loop2): disabling free space tree
[  134.687639][ T7897] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  134.690774][ T7897] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  134.786491][ T5853] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  134.901070][ T7904] loop3: detected capacity change from 0 to 40427
[  134.912047][ T7904] F2FS-fs (loop3): invalid crc value
[  134.935586][ T7921] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.552'.
[  134.945419][ T7921] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  134.948967][ T7921] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  135.009333][ T7904] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  135.013540][ T7904] F2FS-fs (loop3): Start checkpoint disabled!
[  135.020952][ T7904] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  135.049693][   T33] audit: type=1800 audit(1755569219.377:20): pid=7904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.549" name="file1" dev="loop3" ino=10 res=0 errno=0
[  135.096403][   T65] kworker/u9:3: attempt to access beyond end of device
[  135.096403][   T65] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  135.102327][   T65] CPU: 1 UID: 0 PID: 65 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  135.102348][   T65] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  135.102358][   T65] Workqueue: writeback wb_workfn (flush-7:3)
[  135.102381][   T65] Call Trace:
[  135.102388][   T65]  <TASK>
[  135.102395][   T65]  dump_stack_lvl+0x189/0x250
[  135.102417][   T65]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.102431][   T65]  ? __pfx_queue_work_on+0x10/0x10
[  135.102443][   T65]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  135.102459][   T65]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  135.102485][   T65]  f2fs_handle_critical_error+0x37c/0x540
[  135.102511][   T65]  f2fs_write_end_io+0x886/0xb60
[  135.102539][   T65]  __submit_merged_bio+0x27a/0x6a0
[  135.102556][   T65]  __submit_merged_write_cond+0x255/0x530
[  135.102571][   T65]  f2fs_write_data_pages+0x261d/0x3000
[  135.102607][   T65]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  135.102626][   T65]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  135.102653][   T65]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  135.102665][   T65]  ? look_up_lock_class+0x74/0x170
[  135.102681][   T65]  ? trace_f2fs_writepages+0x7f/0x200
[  135.102693][   T65]  ? f2fs_write_node_pages+0x478/0x6e0
[  135.102706][   T65]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  135.102724][   T65]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  135.102737][   T65]  do_writepages+0x32e/0x550
[  135.102750][   T65]  ? reacquire_held_locks+0x127/0x1d0
[  135.102759][   T65]  ? writeback_sb_inodes+0x384/0x1010
[  135.102774][   T65]  __writeback_single_inode+0x145/0xff0
[  135.102785][   T65]  ? do_raw_spin_unlock+0x4d/0x240
[  135.102797][   T65]  writeback_sb_inodes+0x6c7/0x1010
[  135.102821][   T65]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  135.102853][   T65]  ? rcu_is_watching+0x15/0xb0
[  135.102867][   T65]  wb_writeback+0x43b/0xaf0
[  135.102882][   T65]  ? queue_io+0x351/0x590
[  135.102894][   T65]  ? __pfx_wb_writeback+0x10/0x10
[  135.102908][   T65]  ? _raw_spin_unlock_irq+0x23/0x50
[  135.102921][   T65]  wb_workfn+0x409/0xef0
[  135.102938][   T65]  ? __pfx_wb_workfn+0x10/0x10
[  135.102949][   T65]  ? __lock_acquire+0xab9/0xd20
[  135.102966][   T65]  ? process_scheduled_works+0x9ef/0x17b0
[  135.102978][   T65]  ? _raw_spin_unlock_irq+0x23/0x50
[  135.102987][   T65]  ? process_scheduled_works+0x9ef/0x17b0
[  135.102994][   T65]  ? process_scheduled_works+0x9ef/0x17b0
[  135.103003][   T65]  process_scheduled_works+0xae1/0x17b0
[  135.103027][   T65]  ? __pfx_process_scheduled_works+0x10/0x10
[  135.103045][   T65]  worker_thread+0x8a0/0xda0
[  135.103067][   T65]  kthread+0x711/0x8a0
[  135.103079][   T65]  ? __pfx_worker_thread+0x10/0x10
[  135.103087][   T65]  ? __pfx_kthread+0x10/0x10
[  135.103097][   T65]  ? _raw_spin_unlock_irq+0x23/0x50
[  135.103107][   T65]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.103116][   T65]  ? __pfx_kthread+0x10/0x10
[  135.103126][   T65]  ret_from_fork+0x3fc/0x770
[  135.103137][   T65]  ? __pfx_ret_from_fork+0x10/0x10
[  135.103149][   T65]  ? __switch_to_asm+0x39/0x70
[  135.103159][   T65]  ? __switch_to_asm+0x33/0x70
[  135.103190][   T65]  ? __pfx_kthread+0x10/0x10
[  135.103202][   T65]  ret_from_fork_asm+0x1a/0x30
[  135.103221][   T65]  </TASK>
[  135.103225][   T65] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  135.117251][ T5898] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  135.288439][ T5885] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  135.418614][ T5898] usb 3-1: Using ep0 maxpacket: 32
[  135.422956][ T5898] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  135.426135][ T5898] usb 3-1: config 0 has no interface number 0
[  135.429827][ T5898] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  135.433979][ T5898] usb 3-1: config 0 interface 1 has no altsetting 0
[  135.439303][ T5898] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  135.442860][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.445914][ T5898] usb 3-1: Product: syz
[  135.449186][ T5898] usb 3-1: Manufacturer: syz
[  135.451948][ T5898] usb 3-1: SerialNumber: syz
[  135.456223][ T5898] usb 3-1: config 0 descriptor??
[  135.467259][ T5885] usb 5-1: Using ep0 maxpacket: 16
[  135.474295][ T5885] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=29.00
[  135.477976][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.481253][ T5885] usb 5-1: Product: syz
[  135.482887][ T5885] usb 5-1: Manufacturer: syz
[  135.484575][ T5885] usb 5-1: SerialNumber: syz
[  135.491281][ T5885] usb 5-1: config 0 descriptor??
[  135.496476][ T5885] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  135.500562][ T5885] usb 5-1: Detected FT4233HP
[  135.540916][ T7928] netlink: 'syz.3.555': attribute type 1 has an invalid length.
[  135.544031][ T7928] netlink: 228 bytes leftover after parsing attributes in process `syz.3.555'.
[  135.619244][ T7930] loop3: detected capacity change from 0 to 1024
[  135.637873][   T33] audit: type=1800 audit(1755569219.967:21): pid=7930 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.556" name="file1" dev="loop3" ino=20 res=0 errno=0
[  135.644961][ T7930] syz.3.556: attempt to access beyond end of device
[  135.644961][ T7930] loop3: rw=34817, sector=5778, nr_sectors = 2 limit=1024
[  135.681174][ T5898] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  135.684690][ T5898] cx231xx 3-1:0.1: Not found matching IAD interface
[  135.700951][ T5885] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  135.708158][ T5885] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  135.713099][ T5885] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  135.720371][ T5898] usb 3-1: USB disconnect, device number 14
[  135.746590][ T5885] usb 5-1: USB disconnect, device number 5
[  135.764185][ T5885] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  135.772766][ T5885] ftdi_sio 5-1:0.0: device disconnected
[  136.049023][ T7934] loop3: detected capacity change from 0 to 32768
[  136.062188][ T7934] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.558 (7934)
[  136.075192][ T7934] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  136.080340][ T7934] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  136.083643][ T7934] BTRFS info (device loop3): disk space caching is enabled
[  136.086383][ T7934] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  136.115278][ T7934] BTRFS info (device loop3): rebuilding free space tree
[  136.125604][ T7934] BTRFS info (device loop3): disabling free space tree
[  136.128390][ T7934] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  136.131960][ T7934] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  136.197799][ T5974] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  136.256521][ T7952] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  136.381314][ T7957] loop3: detected capacity change from 0 to 256
[  136.398058][ T7957] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  136.417692][ T7957] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  136.448101][ T7957] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  136.794250][ T7974] loop3: detected capacity change from 0 to 512
[  136.809608][ T7974] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  136.838157][ T7958] loop2: detected capacity change from 0 to 40427
[  136.883075][ T7958] F2FS-fs (loop2): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  136.887285][ T7958] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  136.892286][ T7958] F2FS-fs (loop2): build fault injection type: 0x6
[  136.900444][ T7958] F2FS-fs (loop2): invalid crc value
[  136.982405][ T7958] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  136.986473][ T7958] F2FS-fs (loop2): Start checkpoint disabled!
[  136.993819][ T7958] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  136.996683][ T7958] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  137.035913][   T53] kworker/u9:2: attempt to access beyond end of device
[  137.035913][   T53] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  137.042483][   T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  137.042496][   T53] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  137.042502][   T53] Workqueue: writeback wb_workfn (flush-7:2)
[  137.042518][   T53] Call Trace:
[  137.042521][   T53]  <TASK>
[  137.042525][   T53]  dump_stack_lvl+0x189/0x250
[  137.042540][   T53]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.042549][   T53]  ? __pfx_queue_work_on+0x10/0x10
[  137.042558][   T53]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  137.042575][   T53]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  137.042601][   T53]  f2fs_handle_critical_error+0x37c/0x540
[  137.042618][   T53]  f2fs_write_end_io+0x886/0xb60
[  137.042636][   T53]  __submit_merged_bio+0x27a/0x6a0
[  137.042651][   T53]  __submit_merged_write_cond+0x255/0x530
[  137.042668][   T53]  f2fs_write_data_pages+0x261d/0x3000
[  137.042714][   T53]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  137.042737][   T53]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  137.042783][   T53]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  137.042804][   T53]  ? look_up_lock_class+0x74/0x170
[  137.042823][   T53]  ? trace_f2fs_writepages+0x7f/0x200
[  137.042834][   T53]  ? f2fs_write_node_pages+0x478/0x6e0
[  137.042848][   T53]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  137.042866][   T53]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  137.042883][   T53]  do_writepages+0x32e/0x550
[  137.042906][   T53]  ? reacquire_held_locks+0x127/0x1d0
[  137.042920][   T53]  ? writeback_sb_inodes+0x384/0x1010
[  137.042947][   T53]  __writeback_single_inode+0x145/0xff0
[  137.042966][   T53]  ? do_raw_spin_unlock+0x4d/0x240
[  137.042988][   T53]  writeback_sb_inodes+0x6c7/0x1010
[  137.043067][   T53]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  137.043122][   T53]  ? rcu_is_watching+0x15/0xb0
[  137.043146][   T53]  wb_writeback+0x43b/0xaf0
[  137.043169][   T53]  ? queue_io+0x351/0x590
[  137.043181][   T53]  ? __pfx_wb_writeback+0x10/0x10
[  137.043196][   T53]  ? _raw_spin_unlock_irq+0x23/0x50
[  137.043209][   T53]  wb_workfn+0x409/0xef0
[  137.043226][   T53]  ? __pfx_wb_workfn+0x10/0x10
[  137.043237][   T53]  ? __lock_acquire+0xab9/0xd20
[  137.043255][   T53]  ? process_scheduled_works+0x9ef/0x17b0
[  137.043268][   T53]  ? _raw_spin_unlock_irq+0x23/0x50
[  137.043277][   T53]  ? process_scheduled_works+0x9ef/0x17b0
[  137.043284][   T53]  ? process_scheduled_works+0x9ef/0x17b0
[  137.043293][   T53]  process_scheduled_works+0xae1/0x17b0
[  137.043317][   T53]  ? __pfx_process_scheduled_works+0x10/0x10
[  137.043335][   T53]  worker_thread+0x8a0/0xda0
[  137.043345][   T53]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  137.043359][   T53]  ? __kthread_parkme+0x7b/0x200
[  137.043374][   T53]  kthread+0x711/0x8a0
[  137.043386][   T53]  ? __pfx_worker_thread+0x10/0x10
[  137.043394][   T53]  ? __pfx_kthread+0x10/0x10
[  137.043405][   T53]  ? _raw_spin_unlock_irq+0x23/0x50
[  137.043414][   T53]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.043424][   T53]  ? __pfx_kthread+0x10/0x10
[  137.043434][   T53]  ret_from_fork+0x3fc/0x770
[  137.043445][   T53]  ? __pfx_ret_from_fork+0x10/0x10
[  137.043464][   T53]  ? __switch_to_asm+0x39/0x70
[  137.043473][   T53]  ? __switch_to_asm+0x33/0x70
[  137.043482][   T53]  ? __pfx_kthread+0x10/0x10
[  137.043493][   T53]  ret_from_fork_asm+0x1a/0x30
[  137.043512][   T53]  </TASK>
[  137.043516][   T53] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  137.100812][ T7988] loop3: detected capacity change from 0 to 4096
[  137.175156][ T7988] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  137.328360][ T7989] netlink: 68 bytes leftover after parsing attributes in process `syz.3.575'.
[  137.379516][   T33] audit: type=1800 audit(1755569221.707:22): pid=7989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.575" name="file1" dev="loop3" ino=33 res=0 errno=0
[  137.747904][ T7993] loop2: detected capacity change from 0 to 8192
[  138.617632][ T8011] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  138.651587][ T8013] GUP no longer grows the stack in syz.3.586 (8013): 200000004000-200000005000 (200000002000)
[  138.656568][ T8013] CPU: 0 UID: 0 PID: 8013 Comm: syz.3.586 Not tainted syzkaller #0 PREEMPT(full) 
[  138.656589][ T8013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  138.656598][ T8013] Call Trace:
[  138.656605][ T8013]  <TASK>
[  138.656612][ T8013]  dump_stack_lvl+0x189/0x250
[  138.656639][ T8013]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.656658][ T8013]  ? __pfx__printk+0x10/0x10
[  138.656676][ T8013]  ? find_vma+0xe7/0x160
[  138.656706][ T8013]  __get_user_pages+0x24d0/0x2ce0
[  138.656742][ T8013]  ? mtree_load+0x100/0x700
[  138.656768][ T8013]  get_user_pages_remote+0x2f1/0xad0
[  138.656805][ T8013]  ? __pfx_mtree_load+0x10/0x10
[  138.656832][ T8013]  ? __pfx_get_user_pages_remote+0x10/0x10
[  138.656852][ T8013]  ? __access_remote_vm+0x367/0x7d0
[  138.656877][ T8013]  __access_remote_vm+0x211/0x7d0
[  138.656906][ T8013]  ? __pfx___access_remote_vm+0x10/0x10
[  138.656959][ T8013]  ? alloc_pages_noprof+0xbe/0x190
[  138.656984][ T8013]  proc_pid_cmdline_read+0x430/0x810
[  138.657008][ T8013]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  138.657024][ T8013]  ? rw_verify_area+0x2a6/0x4d0
[  138.657043][ T8013]  vfs_readv+0x5aa/0x850
[  138.657056][ T8013]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  138.657072][ T8013]  ? __pfx_vfs_readv+0x10/0x10
[  138.657097][ T8013]  ? __fget_files+0x2a/0x420
[  138.657114][ T8013]  ? __fget_files+0x3a0/0x420
[  138.657126][ T8013]  ? __fget_files+0x2a/0x420
[  138.657146][ T8013]  __x64_sys_preadv+0x197/0x2a0
[  138.657169][ T8013]  ? __pfx___x64_sys_preadv+0x10/0x10
[  138.657187][ T8013]  ? rcu_is_watching+0x15/0xb0
[  138.657206][ T8013]  ? do_syscall_64+0xbe/0x3b0
[  138.657228][ T8013]  do_syscall_64+0xfa/0x3b0
[  138.657248][ T8013]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.657266][ T8013]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.657282][ T8013]  ? exc_page_fault+0x9f/0xf0
[  138.657303][ T8013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.657318][ T8013] RIP: 0033:0x7f79fb18ebe9
[  138.657333][ T8013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.657348][ T8013] RSP: 002b:00007f79fbf88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  138.657364][ T8013] RAX: ffffffffffffffda RBX: 00007f79fb3b5fa0 RCX: 00007f79fb18ebe9
[  138.657377][ T8013] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  138.657386][ T8013] RBP: 00007f79fb211e19 R08: 00000000fffffff9 R09: 0000000000000000
[  138.657397][ T8013] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000
[  138.657407][ T8013] R13: 00007f79fb3b6038 R14: 00007f79fb3b5fa0 R15: 00007ffd615092c8
[  138.657431][ T8013]  </TASK>
[  138.887501][ T8019] serio: Serial port ptm0
[  139.355176][ T8033] loop2: detected capacity change from 0 to 40427
[  139.388052][ T8033] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  139.391202][ T8033] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  139.408723][ T8033] F2FS-fs (loop2): invalid crc value
[  139.474668][ T8033] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  139.490409][ T8033] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  139.493750][ T8033] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  139.652155][   T33] audit: type=1326 audit(1755569223.977:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.662434][   T33] audit: type=1326 audit(1755569223.977:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.672089][   T33] audit: type=1326 audit(1755569223.997:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.681165][   T33] audit: type=1326 audit(1755569223.997:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.689514][   T33] audit: type=1326 audit(1755569223.997:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.696559][   T33] audit: type=1326 audit(1755569224.007:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.705151][   T33] audit: type=1326 audit(1755569224.007:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.713611][   T33] audit: type=1326 audit(1755569224.007:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8049 comm="syz.4.604" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0adfd8ebe9 code=0x7ffc0000
[  139.947054][   T55] Bluetooth: hci1: command tx timeout
[  139.995938][ T8061] syz.4.608 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  140.055205][ T8065] capability: warning: `syz.4.610' uses deprecated v2 capabilities in a way that may be insecure
[  140.380036][ T8081] loop2: detected capacity change from 0 to 2048
[  140.402117][ T8081] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  140.407081][ T5315] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  140.413702][ T8081] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  140.577018][ T5315] usb 5-1: Using ep0 maxpacket: 32
[  140.587723][ T5315] usb 5-1: config 0 has an invalid interface number: 169 but max is 0
[  140.597108][ T5315] usb 5-1: config 0 has no interface number 0
[  140.600029][ T5315] usb 5-1: config 0 interface 169 has no altsetting 0
[  140.627462][ T5315] usb 5-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49
[  140.630265][ T5315] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.632628][ T5315] usb 5-1: Product: syz
[  140.633955][ T5315] usb 5-1: Manufacturer: syz
[  140.638589][ T5315] usb 5-1: SerialNumber: syz
[  140.646019][ T5315] usb 5-1: config 0 descriptor??
[  140.651344][ T5315] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  140.728797][   T33] kauditd_printk_skb: 3 callbacks suppressed
[  140.728808][   T33] audit: type=1326 audit(1755569225.057:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8088 comm="syz.2.622" exe="/syz-executor" sig=9 arch=c000003e syscall=39 compat=0 ip=0x7faed3585ba7 code=0x0
[  140.789986][ T8052] loop3: detected capacity change from 0 to 131072
[  140.794683][ T8052] F2FS-fs (loop3): Invalid log sectorsize (67108873)
[  140.805413][ T8052] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  140.814865][ T8052] F2FS-fs (loop3): invalid crc value
[  140.875105][ T5315] usb 5-1: USB disconnect, device number 6
[  140.940834][ T8052] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  140.954693][ T8052] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  140.963834][ T8052] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  141.003939][ T8052] fscrypt (loop3, inode 8): Error -61 getting encryption context
[  141.870819][ T8096] loop4: detected capacity change from 0 to 32768
[  141.885543][ T8096] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.624 (8096)
[  141.918164][ T8096] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  141.921992][ T8096] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  141.925225][ T8096] BTRFS info (device loop4): using free-space-tree
[  142.200023][ T6911] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  143.017553][ T8136] loop3: detected capacity change from 0 to 512
[  143.299848][ T8136] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.633: casefold flag without casefold feature
[  143.318410][ T8136] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.633: couldn't read orphan inode 15 (err -117)
[  143.326519][ T8136] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.369254][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.391963][ T8145] loop2: detected capacity change from 0 to 512
[  143.403419][ T8145] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.418825][ T8145] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.434152][ T8145] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz.2.637: lblock 23 mapped to illegal pblock 18 (length 1)
[  143.469788][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 12: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  143.476691][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 13: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  143.484050][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 14: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  143.498432][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 15: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  143.506168][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 16: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  143.513167][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 17: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  143.520034][ T8145] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz.2.637: lblock 23 mapped to illegal pblock 18 (length 1)
[  143.525252][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 19: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  143.534205][ T8145] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 20: comm syz.2.637: path /211/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  143.602413][ T8154] loop3: detected capacity change from 0 to 1024
[  143.609873][ T8154] EXT4-fs: inline encryption not supported
[  143.620194][ T8154] EXT4-fs: Ignoring removed bh option
[  143.649205][ T8154] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.757567][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.760284][ T8158] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  143.812017][ T8160] deleting an unspecified loop device is not supported.
[  143.851673][ T8164] loop3: detected capacity change from 0 to 128
[  143.857963][ T8164] FAT-fs (loop3): bogus sectors per cluster 7
[  143.863635][ T8164] FAT-fs (loop3): Can't find a valid FAT filesystem
[  144.170351][ T8163] loop4: detected capacity change from 0 to 32768
[  144.191132][ T8163] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  144.203695][ T8176] could not open pipe file descriptor
[  144.292910][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.294070][ T8178] syzkaller0: entered promiscuous mode
[  144.298019][ T8163] XFS (loop4): Ending clean mount
[  144.300801][ T8163] XFS (loop4): Quotacheck needed: Please wait.
[  144.302107][ T8178] syzkaller0: entered allmulticast mode
[  144.363930][ T8163] XFS (loop4): Quotacheck: Done.
[  144.603080][ T6911] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  144.956545][ T8193] loop4: detected capacity change from 0 to 512
[  144.980780][ T8193] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.651: bg 0: block 393: padding at end of block bitmap is not set
[  144.986202][ T8193] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  144.989754][ T8193] EXT4-fs (loop4): 2 truncates cleaned up
[  144.994998][ T8193] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.493945][ T8199] loop2: detected capacity change from 0 to 4096
[  146.015675][ T8213] loop2: detected capacity change from 0 to 24
[  146.030208][ T8213] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  146.051270][ T8213] romfs: bad initial checksum on dev loop2.
[  146.153248][ T8215] loop2: detected capacity change from 0 to 512
[  146.170076][ T8215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  146.214219][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.416611][ T8218] loop2: detected capacity change from 0 to 32768
[  146.453432][ T8218] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  146.498247][ T8218] XFS (loop2): Ending clean mount
[  146.949457][ T5853] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  147.058011][ T7528] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.271846][ T5859] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.362373][ T5859] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.458032][ T5859] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.524336][ T5859] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.566536][ T5237] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  147.574664][ T5237] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  147.578163][ T5237] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  147.583456][ T5237] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  147.590505][ T5237] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  147.628821][ T6221] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  147.779931][ T6221] usb 4-1: config 5 has an invalid interface number: 123 but max is 0
[  147.786998][ T6221] usb 4-1: config 5 has no interface number 0
[  147.789494][ T6221] usb 4-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0x6B, changing to 0xB
[  147.794016][ T6221] usb 4-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid wMaxPacketSize 0
[  147.799446][ T8246] chnl_net:caif_netlink_parms(): no params data found
[  147.799979][ T6221] usb 4-1: config 5 interface 123 has no altsetting 0
[  147.809033][ T6221] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  147.812746][ T6221] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.815958][ T6221] usb 4-1: Product: syz
[  147.821160][ T6221] usb 4-1: Manufacturer: syz
[  147.823066][ T6221] usb 4-1: SerialNumber: syz
[  147.898612][ T8246] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.901400][ T8246] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.904281][ T8246] bridge_slave_0: entered allmulticast mode
[  147.908120][ T8246] bridge_slave_0: entered promiscuous mode
[  147.912645][ T8246] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.915465][ T8246] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.918731][ T8246] bridge_slave_1: entered allmulticast mode
[  147.922341][ T8246] bridge_slave_1: entered promiscuous mode
[  147.962082][ T8246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  147.971101][ T8246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.002618][ T8246] team0: Port device team_slave_0 added
[  148.007606][ T8246] team0: Port device team_slave_1 added
[  148.030024][ T8246] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.032386][ T8246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.042526][ T8246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.048737][ T8246] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.050961][ T8246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.060019][ T8246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  148.073174][ T6221] ni6501 4-1:5.123: driver 'ni6501' failed to auto-configure device.
[  148.082821][ T6221] usb 4-1: USB disconnect, device number 16
[  148.115619][ T8246] hsr_slave_0: entered promiscuous mode
[  148.119354][ T8246] hsr_slave_1: entered promiscuous mode
[  148.121861][ T8246] debugfs: 'hsr0' already exists in 'hsr'
[  148.124029][ T8246] Cannot create hsr debugfs directory
[  148.272229][ T8246] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  148.278403][ T8246] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  148.292802][ T8246] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  148.312948][ T8246] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  148.351864][ T8246] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.354996][ T8246] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.359765][ T8246] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.363454][ T8246] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.461714][ T8246] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.483546][ T3036] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.488590][ T3036] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.512539][ T8246] 8021q: adding VLAN 0 to HW filter on device team0
[  148.532008][ T3036] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.534786][ T3036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.543723][ T3036] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.546580][ T3036] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.611738][ T8246] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  148.877818][ T5859] bridge_slave_1: left allmulticast mode
[  148.882863][ T5859] bridge_slave_1: left promiscuous mode
[  148.884700][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.918861][ T5859] bridge_slave_0: left allmulticast mode
[  148.920640][ T5859] bridge_slave_0: left promiscuous mode
[  148.922813][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.437547][ T5859] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.442773][ T5859] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.447168][ T5859] bond0 (unregistering): Released all slaves
[  149.553355][ T8301] loop3: detected capacity change from 0 to 1024
[  149.598243][ T8246] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.599618][ T8303] binder: 8302:8303 unknown command 0
[  149.614292][ T8303] binder: 8302:8303 ioctl c0306201 200000000080 returned -22
[  149.632156][ T5237] Bluetooth: hci1: command tx timeout
[  149.743853][   T26] hfsplus: b-tree write err: -5, ino 3
[  149.752826][ T5974] hfsplus: node 4:3 still has 3 user(s)!
[  150.076209][ T5859] hsr_slave_0: left promiscuous mode
[  150.080516][ T5859] hsr_slave_1: left promiscuous mode
[  150.082576][ T5859] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.085005][ T5859] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.091114][ T5859] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.093397][ T5859] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.111397][ T5859] veth1_macvtap: left promiscuous mode
[  150.113602][ T5859] veth0_macvtap: left promiscuous mode
[  150.115710][ T5859] veth1_vlan: left promiscuous mode
[  150.118909][ T5859] veth0_vlan: left promiscuous mode
[  150.158393][ T5315] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  150.290541][   T47] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  150.310303][ T5315] usb 4-1: Using ep0 maxpacket: 8
[  150.327289][ T5315] usb 4-1: config 0 has an invalid interface number: 246 but max is 0
[  150.330026][ T5315] usb 4-1: config 0 has no interface number 0
[  150.334005][ T5315] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  150.339253][ T5315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.342444][ T5315] usb 4-1: Product: syz
[  150.344037][ T5315] usb 4-1: Manufacturer: syz
[  150.345813][ T5315] usb 4-1: SerialNumber: syz
[  150.356571][ T5315] usb 4-1: config 0 descriptor??
[  150.452873][ T5315] msi2500 4-1:0.246: Registered as swradio24
[  150.454964][ T5315] msi2500 4-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  150.458983][   T47] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[  150.462218][   T47] usb 3-1: config 0 has no interface number 0
[  150.464527][   T47] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  150.470880][   T47] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  150.474944][   T47] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has invalid maxpacket 43776, setting to 64
[  150.484332][   T47] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  150.495381][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.501436][   T47] usb 3-1: Product: syz
[  150.503096][   T47] usb 3-1: Manufacturer: syz
[  150.505858][   T47] usb 3-1: SerialNumber: syz
[  150.517763][   T47] usb 3-1: config 0 descriptor??
[  150.520706][ T8324] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  150.523326][ T8324] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  150.527747][   T47] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  150.534205][   T47] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  150.592938][ T5315] usb 4-1: USB disconnect, device number 17
[  150.741785][   T47] usb 3-1: USB disconnect, device number 15
[  150.756085][ T5859] team0 (unregistering): Port device team_slave_1 removed
[  150.764768][   T47] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  150.781576][   T47] cyberjack 3-1:0.69: device disconnected
[  150.830424][ T5859] team0 (unregistering): Port device team_slave_0 removed
[  151.185848][ T8332] loop3: detected capacity change from 0 to 512
[  151.206177][ T8332] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.696: casefold flag without casefold feature
[  151.211422][ T8332] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.696: couldn't read orphan inode 15 (err -117)
[  151.222652][ T8332] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.331484][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.564807][ T8344] loop2: detected capacity change from 0 to 1024
[  151.581545][ T8246] veth0_vlan: entered promiscuous mode
[  151.608481][ T8344] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  151.619909][ T8246] veth1_vlan: entered promiscuous mode
[  151.662512][ T8246] veth0_macvtap: entered promiscuous mode
[  151.677768][ T8246] veth1_macvtap: entered promiscuous mode
[  151.706147][ T8246] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.712287][ T5237] Bluetooth: hci1: command tx timeout
[  151.729644][ T5853] hfsplus: bad catalog entry type
[  151.748866][ T8246] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.780250][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.818613][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.841017][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.887166][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  152.087021][ T3009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.090114][ T3009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.138113][ T3036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.141131][ T3036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.341326][ T8358] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.350898][ T8358] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.016729][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  153.023501][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  153.027748][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  153.038638][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  153.042739][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  153.135510][   T33] audit: type=1804 audit(1755569237.457:35): pid=8385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.712" name="/newroot/217/file0" dev="tmpfs" ino=1174 res=1 errno=0
[  153.249225][ T8390] loop3: detected capacity change from 0 to 2048
[  153.267085][  T791] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  153.299482][ T8390] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  153.323428][ T8380] chnl_net:caif_netlink_parms(): no params data found
[  153.429167][  T791] usb 6-1: Using ep0 maxpacket: 32
[  153.441067][  T791] usb 6-1: config 64 has an invalid interface number: 110 but max is 0
[  153.446428][  T791] usb 6-1: config 64 has no interface number 0
[  153.457222][  T791] usb 6-1: config 64 interface 110 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  153.461416][  T791] usb 6-1: config 64 interface 110 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  153.471605][  T791] usb 6-1: config 64 interface 110 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  153.483639][  T791] usb 6-1: config 64 interface 110 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  153.490818][  T791] usb 6-1: config 64 interface 110 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  153.494809][  T791] usb 6-1: config 64 interface 110 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  153.500379][  T791] usb 6-1: config 64 interface 110 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  153.515065][  T791] usb 6-1: New USB device found, idVendor=04fc, idProduct=0231, bcdDevice=6f.a9
[  153.523619][  T791] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.530603][ T8380] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.531116][  T791] usb 6-1: Product: syz
[  153.533197][ T8380] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.534760][  T791] usb 6-1: Manufacturer: syz
[  153.539930][ T8380] bridge_slave_0: entered allmulticast mode
[  153.548173][ T8380] bridge_slave_0: entered promiscuous mode
[  153.553016][  T791] usb 6-1: SerialNumber: syz
[  153.560098][ T8380] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.563121][ T8381] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  153.574310][  T791] spcp8x5 6-1:64.110: SPCP8x5 converter detected
[  153.576676][ T8380] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.579395][ T8380] bridge_slave_1: entered allmulticast mode
[  153.582904][ T8380] bridge_slave_1: entered promiscuous mode
[  153.607531][  T791] usb 6-1: SPCP8x5 converter now attached to ttyUSB0
[  153.625432][ T8406] netlink: 96 bytes leftover after parsing attributes in process `syz.3.716'.
[  153.635078][ T8380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.649249][ T8380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.736736][ T8380] team0: Port device team_slave_0 added
[  153.742474][ T8380] team0: Port device team_slave_1 added
[  153.783230][ T8380] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.785930][ T8380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.785995][ T5918] usb 6-1: USB disconnect, device number 2
[  153.794889][ T8380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.797039][   T55] Bluetooth: hci1: command tx timeout
[  153.810370][ T8380] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.810488][ T5918] SPCP8x5 ttyUSB0: SPCP8x5 converter now disconnected from ttyUSB0
[  153.812522][ T8380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.817832][ T5918] spcp8x5 6-1:64.110: device disconnected
[  153.831383][ T8380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.889597][ T8380] hsr_slave_0: entered promiscuous mode
[  153.892925][ T8380] hsr_slave_1: entered promiscuous mode
[  153.987037][  T791] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  154.052743][ T8380] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  154.061429][ T8380] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  154.066442][ T8380] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  154.075067][ T8380] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  154.136934][  T791] usb 4-1: Using ep0 maxpacket: 32
[  154.151645][  T791] usb 4-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0
[  154.158612][  T791] usb 4-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[  154.174372][  T791] usb 4-1: config 0 interface 0 has no altsetting 0
[  154.182854][  T791] usb 4-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00
[  154.200358][  T791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.211032][ T8380] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.215053][  T791] usb 4-1: config 0 descriptor??
[  154.253463][ T8380] 8021q: adding VLAN 0 to HW filter on device team0
[  154.271428][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.274353][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.286084][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.288950][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.575947][ T8436] netlink: 16 bytes leftover after parsing attributes in process `syz.5.720'.
[  154.634454][ T8380] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.662809][  T791] betop 0003:20BC:5500.0007: unbalanced collection at end of report description
[  154.686552][  T791] betop 0003:20BC:5500.0007: parse failed
[  154.689336][  T791] betop 0003:20BC:5500.0007: probe with driver betop failed with error -22
[  154.756532][ T8445] netlink: 4 bytes leftover after parsing attributes in process `syz.5.722'.
[  154.863398][ T6221] usb 4-1: USB disconnect, device number 18
[  154.991257][ T8380] veth0_vlan: entered promiscuous mode
[  155.008767][ T8380] veth1_vlan: entered promiscuous mode
[  155.046258][ T8380] veth0_macvtap: entered promiscuous mode
[  155.051689][ T8380] veth1_macvtap: entered promiscuous mode
[  155.069170][ T8380] batman_adv: batadv0: Interface activated: batadv_slave_0
[  155.076654][ T8380] batman_adv: batadv0: Interface activated: batadv_slave_1
[  155.086765][ T5859] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.093378][ T5859] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.096392][ T5859] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.102390][ T5859] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.147991][   T55] Bluetooth: hci2: command tx timeout
[  155.161435][ T3009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.163825][ T3009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.195748][ T3009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.199732][ T3009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.307309][ T5959] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  155.481452][ T8471] openvswitch: netlink: Missing key (keys=40, expected=100)
[  155.486238][ T5959] usb 6-1: descriptor type invalid, skip
[  155.493980][ T5959] usb 6-1: config 0 has no interfaces?
[  155.498797][ T5959] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=df.40
[  155.513941][ T5959] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  155.516374][ T5959] usb 6-1: Product: syz
[  155.524042][ T5959] usb 6-1: SerialNumber: syz
[  155.534584][ T5959] usb 6-1: config 0 descriptor??
[  155.657783][ T8479] loop6: detected capacity change from 0 to 1024
[  155.661160][ T8479] EXT4-fs: Ignoring removed nomblk_io_submit option
[  155.698026][ T8479] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  155.703606][ T8479] System zones: 0-1, 3-36
[  155.710955][ T8479] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.764523][ T5315] usb 6-1: USB disconnect, device number 3
[  155.779045][ T8487] netlink: 'syz.3.735': attribute type 4 has an invalid length.
[  155.816476][ T8380] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.867472][   T55] Bluetooth: hci1: command tx timeout
[  156.097774][ T6221] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  156.247593][ T6221] usb 4-1: Using ep0 maxpacket: 16
[  156.254049][ T6221] usb 4-1: config 0 has an invalid interface number: 217 but max is 0
[  156.258064][ T6221] usb 4-1: config 0 has no interface number 0
[  156.263670][ T6221] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=32.5e
[  156.268101][ T6221] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.271049][ T6221] usb 4-1: Product: syz
[  156.272820][ T6221] usb 4-1: Manufacturer: syz
[  156.274558][ T6221] usb 4-1: SerialNumber: syz
[  156.298094][ T6221] usb 4-1: config 0 descriptor??
[  156.324262][ T6221] ttusb_dec_send_command: command bulk message failed: error -22
[  156.338659][ T6221] ttusb-dec 4-1:0.217: probe with driver ttusb-dec failed with error -22
[  156.445566][ T8498] loop5: detected capacity change from 0 to 1024
[  156.564206][  T791] usb 4-1: USB disconnect, device number 19
[  156.602808][   T26] hfsplus: b-tree write err: -5, ino 3
[  156.611541][ T8246] hfsplus: node 4:3 still has 1 user(s)!
[  156.690332][   T55] Bluetooth: hci1: ISO packet too small
[  157.210137][ T8517] netlink: 56 bytes leftover after parsing attributes in process `syz.3.746'.
[  157.237334][   T55] Bluetooth: hci2: command tx timeout
[  157.303534][ T8521] loop3: detected capacity change from 0 to 512
[  157.333960][ T8521] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.339450][ T8521] ext4 filesystem being mounted at /235/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.388470][ T5974] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.780886][ T8535] loop5: detected capacity change from 0 to 1024
[  158.231928][ T8559] batman_adv: batadv0: Adding interface: ipvlan2
[  158.234116][ T8559] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.244883][ T8559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.251959][ T8559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.259909][ T8559] batman_adv: batadv0: Interface activated: ipvlan2
[  158.397013][  T791] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  158.415389][ T8570] loop3: detected capacity change from 0 to 8
[  158.533863][ T8572] loop3: detected capacity change from 0 to 4096
[  158.542287][ T8572] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  158.552671][  T791] usb 7-1: config 0 has an invalid interface number: 84 but max is 0
[  158.556188][  T791] usb 7-1: config 0 has an invalid interface number: 66 but max is 0
[  158.559968][  T791] usb 7-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  158.563391][  T791] usb 7-1: config 0 has no interface number 0
[  158.565809][  T791] usb 7-1: config 0 has no interface number 1
[  158.570973][  T791] usb 7-1: config 0 interface 84 altsetting 0 endpoint 0x4 has invalid maxpacket 1560, setting to 64
[  158.575248][  T791] usb 7-1: config 0 interface 84 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  158.576539][ T8572] ntfs3(loop3): ino=19, mi_enum_attr
[  158.580804][  T791] usb 7-1: too many endpoints for config 0 interface 66 altsetting 153: 216, using maximum allowed: 30
[  158.582269][ T8572] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  158.586529][  T791] usb 7-1: config 0 interface 66 altsetting 153 bulk endpoint 0x5 has invalid maxpacket 32
[  158.591031][ T8572] ntfs3(loop3): ino=1a, mi_enum_attr
[  158.599542][  T791] usb 7-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0x12, changing to 0x2
[  158.604275][  T791] usb 7-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0xE6, changing to 0x86
[  158.609324][  T791] usb 7-1: config 0 interface 66 altsetting 153 endpoint 0x86 has invalid maxpacket 34869, setting to 1024
[  158.613821][  T791] usb 7-1: config 0 interface 66 altsetting 153 bulk endpoint 0x86 has invalid maxpacket 1024
[  158.626896][  T791] usb 7-1: config 0 interface 66 altsetting 153 has 3 endpoint descriptors, different from the interface descriptor's value: 216
[  158.632244][  T791] usb 7-1: config 0 interface 66 has no altsetting 0
[  158.641144][  T791] usb 7-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  158.646907][  T791] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.652423][  T791] usb 7-1: Product: syz
[  158.654994][  T791] usb 7-1: Manufacturer: syz
[  158.665130][  T791] usb 7-1: SerialNumber: syz
[  158.669921][  T791] usb 7-1: config 0 descriptor??
[  158.678343][  T791] ljca 7-1:0.84: bulk endpoints not found
[  158.814626][ T8576] overlayfs: failed to get index nlink (file0/file2, err=-61)
[  158.857642][ T8578] loop3: detected capacity change from 0 to 1024
[  158.862523][ T8578] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  158.901313][  T791] ljca 7-1:0.66: probe with driver ljca failed with error -71
[  158.911970][ T8581] loop3: detected capacity change from 0 to 256
[  158.915489][  T791] usb 7-1: USB disconnect, device number 2
[  158.920128][ T8581] exfat: Deprecated parameter 'utf8'
[  158.924597][ T8581] exfat: Bad value for 'gid'
[  158.926155][ T8581] exfat: Bad value for 'gid'
[  159.128930][ T8589] Bluetooth: hci0: invalid length 0, exp 2 for type 17
[  159.307828][   T55] Bluetooth: hci2: command tx timeout
[  159.527861][  T791] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  159.529053][ T8606] tmpfs: Bad value for 'mpol'
[  159.552710][ T5315] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  159.677743][  T791] usb 6-1: Using ep0 maxpacket: 32
[  159.688361][  T791] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  159.692931][  T791] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  159.705630][  T791] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  159.711099][  T791] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.711332][ T5315] usb 4-1: config 0 has an invalid interface number: 170 but max is 0
[  159.714398][  T791] usb 6-1: Product: syz
[  159.721616][  T791] usb 6-1: Manufacturer: syz
[  159.723941][  T791] usb 6-1: SerialNumber: syz
[  159.725716][ T5315] usb 4-1: config 0 has no interface number 0
[  159.729437][ T5315] usb 4-1: config 0 interface 170 altsetting 0 endpoint 0x3 has an invalid bInterval 31, changing to 7
[  159.731252][  T791] usb 6-1: config 0 descriptor??
[  159.736997][ T5315] usb 4-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6
[  159.743797][ T5315] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.752199][  T791] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  159.761504][ T5315] usb 4-1: config 0 descriptor??
[  159.780472][ T5315] HFC-S_USB 4-1:0.170: probe with driver HFC-S_USB failed with error -5
[  159.791877][ T8612] loop6: detected capacity change from 0 to 4096
[  159.813151][ T8612] ntfs3(loop6): $Secure::$SII is corrupted.
[  159.815687][ T8612] ntfs3(loop6): Failed to initialize $Secure (-22).
[  159.960882][ T5859] usb 6-1: Failed to submit usb control message: -71
[  159.960993][ T8413] usb 6-1: USB disconnect, device number 4
[  159.964108][ T5859] usb 6-1: unable to send the bmi data to the device: -71
[  159.975034][ T5859] usb 6-1: unable to get target info from device
[  159.978482][ T5859] usb 6-1: could not get target info (-71)
[  159.978974][ T5959] usb 4-1: USB disconnect, device number 20
[  159.980952][ T5859] usb 6-1: could not probe fw (-71)
[  160.197677][  T791] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  160.369906][  T791] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  160.376556][  T791] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  160.380666][  T791] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  160.383836][  T791] usb 7-1: SerialNumber: syz
[  160.541338][ T8619] loop5: detected capacity change from 0 to 256
[  160.622390][ T8617] loop6: detected capacity change from 0 to 1024
[  160.629938][ T8617] EXT4-fs: Ignoring removed bh option
[  160.686387][ T8617] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback.
[  160.788980][ T8628] EXT4-fs error (device loop6): ext4_iget_extra_inode:5104: inode #15: comm syz.6.791: corrupted in-inode xattr: e_value out of bounds
[  160.827810][  T791] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71
[  160.848239][  T791] usb 7-1: USB disconnect, device number 3
[  161.034907][ T8621] loop3: detected capacity change from 0 to 32768
[  161.078958][ T8621] (syz.3.793,8621,0):ocfs2_initialize_super:2087 ERROR: couldn't mount because of unsupported optional features (4).
[  161.084017][ T8621] (syz.3.793,8621,0):ocfs2_fill_super:1177 ERROR: status = -22
[  161.377596][ T8380] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[  161.392821][   T55] Bluetooth: hci2: command tx timeout
[  161.716389][ T8662] loop6: detected capacity change from 0 to 1024
[  161.753316][ T8662] hfsplus: invalid extended attribute record
[  161.816049][   T40] hfsplus: b-tree write err: -5, ino 8
[  163.519310][ T8744] loop6: detected capacity change from 0 to 32768
[  163.623656][ T8744] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  163.766166][ T8380] ocfs2: Unmounting device (7,6) on (node local)
[  163.883215][ T8765] ip6erspan0: entered promiscuous mode
[  163.997715][ T6221] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  164.167103][ T6221] usb 6-1: Using ep0 maxpacket: 32
[  164.172072][ T6221] usb 6-1: config 0 has an invalid interface number: 16 but max is 0
[  164.175474][ T6221] usb 6-1: config 0 has no interface number 0
[  164.178621][ T6221] usb 6-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  164.182505][ T6221] usb 6-1: config 0 interface 16 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  164.189774][ T6221] usb 6-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  164.193018][ T6221] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.195551][ T6221] usb 6-1: Product: syz
[  164.197250][ T6221] usb 6-1: Manufacturer: syz
[  164.198709][ T6221] usb 6-1: SerialNumber: syz
[  164.201823][ T6221] usb 6-1: config 0 descriptor??
[  164.204162][ T8761] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  164.209626][ T6221] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  164.212625][ T6221] usb 6-1: invalid MIDI in EP 0
[  164.240964][ T6221] snd-usb-audio 6-1:0.16: probe with driver snd-usb-audio failed with error -22
[  164.257860][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  164.316951][ T5315] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  164.366961][  T791] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  164.422456][ T6221] usb 6-1: USB disconnect, device number 5
[  164.473095][ T5315] usb 7-1: config 3 has an invalid interface number: 71 but max is 0
[  164.476662][ T5315] usb 7-1: config 3 has no interface number 0
[  164.479430][ T5315] usb 7-1: config 3 interface 71 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  164.483483][ T5315] usb 7-1: New USB device found, idVendor=0bc7, idProduct=0004, bcdDevice=a7.ac
[  164.488984][ T5315] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.501122][ T5315] ati_remote 7-1:3.71: ati_remote_probe: Unexpected endpoint_in
[  164.529009][  T791] usb 4-1: config 8 has an invalid interface number: 223 but max is 0
[  164.532091][  T791] usb 4-1: config 8 contains an unexpected descriptor of type 0x1, skipping
[  164.535991][  T791] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  164.540092][  T791] usb 4-1: config 8 has no interface number 0
[  164.542421][  T791] usb 4-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64
[  164.546565][  T791] usb 4-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  164.554576][  T791] usb 4-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  164.558533][  T791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.562296][  T791] usb 4-1: Product: syz
[  164.563930][  T791] usb 4-1: Manufacturer: syz
[  164.565685][  T791] usb 4-1: SerialNumber: syz
[  164.708815][   T47] usb 7-1: USB disconnect, device number 4
[  164.791157][  T791] usb 4-1: USB disconnect, device number 21
[  165.023284][ T8801] loop5: detected capacity change from 0 to 512
[  165.048610][ T8801] EXT4-fs (loop5): corrupt root inode, run e2fsck
[  165.051136][ T8801] EXT4-fs (loop5): mount failed
[  165.242623][ T8805] loop5: detected capacity change from 0 to 32768
[  165.252032][ T8805] (syz.5.833,8805,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  165.269818][ T8805] (syz.5.833,8805,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  165.292056][ T8805] JBD2: Ignoring recovery information on journal
[  165.315488][ T8805] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  165.381267][ T8805] (syz.5.833,8805,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  165.437538][ T8246] ocfs2: Unmounting device (7,5) on (node local)
[  165.729031][ T8836] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.750158][ T8836] bond0: (slave rose0): Enslaving as an active interface with an up link
[  166.088336][ T8861] loop6: detected capacity change from 0 to 16
[  166.094278][ T8861] erofs (device loop6): mounted with root inode @ nid 36.
[  166.497123][ T5959] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  166.584093][ T8876] loop3: detected capacity change from 0 to 4096
[  166.636137][ T8879] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  166.666529][ T5959] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.674626][ T5959] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  166.685159][ T5959] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.698717][ T5959] usb 7-1: config 0 descriptor??
[  166.710161][ T5959] pwc: Askey VC010 type 2 USB webcam detected.
[  166.772147][ T5974] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 648518346341351424
[  166.779731][ T5974] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=12)
[  166.801278][ T5974] Remounting filesystem read-only
[  166.803132][ T5974] NILFS (loop3): error -5 truncating bmap (ino=12)
[  166.812262][ T5974] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  167.142582][ T5959] pwc: recv_control_msg error -32 req 02 val 2b00
[  167.170777][ T5959] pwc: recv_control_msg error -32 req 02 val 2700
[  167.177176][ T5959] pwc: recv_control_msg error -32 req 02 val 2c00
[  167.195282][ T5959] pwc: recv_control_msg error -32 req 04 val 1000
[  167.203157][ T8891] loop3: detected capacity change from 0 to 2048
[  167.207002][ T5959] pwc: recv_control_msg error -32 req 04 val 1300
[  167.212266][ T5959] pwc: recv_control_msg error -32 req 04 val 1400
[  167.223397][ T8891] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  167.426912][ T5959] pwc: recv_control_msg error -71 req 02 val 2100
[  167.429456][ T5959] pwc: recv_control_msg error -71 req 04 val 1500
[  167.439065][ T5959] pwc: recv_control_msg error -71 req 02 val 2500
[  167.441649][ T5959] pwc: recv_control_msg error -71 req 02 val 2400
[  167.448733][ T5959] pwc: recv_control_msg error -71 req 02 val 2600
[  167.460413][ T5959] pwc: recv_control_msg error -71 req 02 val 2900
[  167.463034][ T5959] pwc: recv_control_msg error -71 req 02 val 2800
[  167.465788][ T8895] netlink: 8 bytes leftover after parsing attributes in process `syz.3.860'.
[  167.471477][ T5959] pwc: recv_control_msg error -71 req 04 val 1100
[  167.479989][ T5959] pwc: recv_control_msg error -71 req 04 val 1200
[  167.486233][ T8895] netlink: 'syz.3.860': attribute type 1 has an invalid length.
[  167.487938][ T5959] pwc: Registered as video103.
[  167.503664][ T5959] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input10
[  167.518909][ T8895] netlink: 'syz.3.860': attribute type 2 has an invalid length.
[  167.525509][ T5959] usb 7-1: USB disconnect, device number 5
[  167.621353][ T8905] netlink: 64985 bytes leftover after parsing attributes in process `syz.5.864'.
[  167.835821][ T8916] JFS: charset not found
[  168.952525][ T8953] loop6: detected capacity change from 0 to 128
[  168.970031][ T8953] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  168.989389][ T8953] ext4 filesystem being mounted at /48/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  169.029203][ T8380] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  169.284374][ T8966] loop3: detected capacity change from 0 to 2048
[  169.302187][ T8966] EXT4-fs (loop3): #clusters per group too big: 32768
[  169.819932][ T8965] loop5: detected capacity change from 0 to 40427
[  169.831140][ T8965] F2FS-fs (loop5): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  169.853143][ T8965] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  169.865864][ T8965] F2FS-fs (loop5): build fault injection type: 0x6
[  169.892188][ T8965] F2FS-fs (loop5): invalid crc value
[  169.958927][ T8965] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  169.963956][ T8965] F2FS-fs (loop5): checkpoint=disable on readonly fs
[  170.137064][ T5959] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  170.287746][ T5959] usb 4-1: Using ep0 maxpacket: 16
[  170.292879][ T5959] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.306063][ T5959] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  170.320938][ T5959] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.337342][ T5959] usb 4-1: config 0 descriptor??
[  170.569869][ T8994] 
[  170.570976][ T8994] =============================
[  170.572536][ T8994] WARNING: suspicious RCU usage
[  170.574362][ T8994] syzkaller #0 Not tainted
[  170.576166][ T8994] -----------------------------
[  170.578528][ T8994] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage!
[  170.582067][ T8994] 
[  170.582067][ T8994] other info that might help us debug this:
[  170.582067][ T8994] 
[  170.585913][ T8994] 
[  170.585913][ T8994] rcu_scheduler_active = 2, debug_locks = 1
[  170.589373][ T8994] 1 lock held by syz.6.884/8994:
[  170.591342][ T8994]  #0: ffffffff8e13a080 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80
[  170.595279][ T8994] 
[  170.595279][ T8994] stack backtrace:
[  170.598036][ T8994] CPU: 0 UID: 0 PID: 8994 Comm: syz.6.884 Not tainted syzkaller #0 PREEMPT(full) 
[  170.598057][ T8994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  170.598067][ T8994] Call Trace:
[  170.598073][ T8994]  <TASK>
[  170.598080][ T8994]  dump_stack_lvl+0x189/0x250
[  170.598106][ T8994]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.598124][ T8994]  ? __pfx__printk+0x10/0x10
[  170.598156][ T8994]  lockdep_rcu_suspicious+0x140/0x1d0
[  170.598174][ T8994]  get_callchain_entry+0x2b6/0x3c0
[  170.598200][ T8994]  get_perf_callchain+0xa1/0x6b0
[  170.598222][ T8994]  ? rcu_read_lock_sched_held+0x89/0x100
[  170.598247][ T8994]  ? __pfx_get_perf_callchain+0x10/0x10
[  170.598274][ T8994]  ? preempt_schedule+0xae/0xc0
[  170.598296][ T8994]  __bpf_get_stack+0x3fc/0xa60
[  170.598325][ T8994]  ? __pfx___bpf_get_stack+0x10/0x10
[  170.598347][ T8994]  ? __lock_acquire+0xab9/0xd20
[  170.598373][ T8994]  bpf_get_stack+0x33/0x50
[  170.598393][ T8994]  ? bpf_prog_d43750871481577d+0x46/0x4e
[  170.598408][ T8994]  bpf_get_stack_raw_tp+0x1a9/0x220
[  170.598430][ T8994]  bpf_prog_d43750871481577d+0x46/0x4e
[  170.598444][ T8994]  bpf_prog_run_pin_on_cpu+0x6a/0x150
[  170.598469][ T8994]  bpf_prog_test_run_syscall+0x312/0x4b0
[  170.598493][ T8994]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  170.598513][ T8994]  ? __fget_files+0x2a/0x420
[  170.598530][ T8994]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  170.598552][ T8994]  bpf_prog_test_run+0x2c7/0x340
[  170.598605][ T8994]  __sys_bpf+0x581/0x870
[  170.598628][ T8994]  ? __pfx___sys_bpf+0x10/0x10
[  170.598663][ T8994]  ? rcu_is_watching+0x15/0xb0
[  170.598683][ T8994]  __x64_sys_bpf+0x7c/0x90
[  170.598701][ T8994]  do_syscall_64+0xfa/0x3b0
[  170.598720][ T8994]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.598739][ T8994]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.598754][ T8994]  ? exc_page_fault+0x9f/0xf0
[  170.598773][ T8994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.598787][ T8994] RIP: 0033:0x7f360478ebe9
[  170.598801][ T8994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.598816][ T8994] RSP: 002b:00007f360569d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  170.598849][ T8994] RAX: ffffffffffffffda RBX: 00007f36049b5fa0 RCX: 00007f360478ebe9
[  170.598860][ T8994] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a
[  170.598870][ T8994] RBP: 00007f3604811e19 R08: 0000000000000000 R09: 0000000000000000
[  170.598880][ T8994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  170.598888][ T8994] R13: 00007f36049b6038 R14: 00007f36049b5fa0 R15: 00007ffe3270f548
[  170.598913][ T8994]  </TASK>
[  170.773695][ T5959] kye 0003:0458:5016.0008: control desc unexpectedly large
[  170.785543][ T5959] input: HID 0458:5016 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5016.0008/input/input11
[  170.800630][ T5959] input: HID 0458:5016 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5016.0008/input/input12
[  170.898289][ T5959] kye 0003:0458:5016.0008: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.3-1/input0
[  171.220846][   T47] usb 4-1: USB disconnect, device number 22

VM DIAGNOSIS:
02:07:35  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000e9e RDI=0000000000000e9f RBP=00000000000003f8 RSP=ffffc90003e772b0
R8 =ffff888106e80237 R9 =1ffff11020dd0046 R10=dffffc0000000000 R11=ffffffff854f0230
R12=dffffc0000000000 R13=ffffffff99af98e4 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854f02ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f360569d6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c3aa895 CR3=0000000117104000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f3604987498 00007f3604987470 XMM03=00007f36049874a8 00007f36049874a0
XMM04=00007f36054ed100 00007f3604987460 XMM05=00007f3604987478 00007f36049874c0
XMM06=00007f36049874b8 00007f36049874b0 XMM07=00007f36049874a8 00007f36049874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f3604812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000007 RBX=0000000000000004 RCX=ffffffff93490888 RDX=0000000000000008
RSI=ffff888105e9a850 RDI=ffff888105e99cc0 RBP=0000000000000000 RSP=ffffc900001e0648
R8 =0000000000000000 R9 =ffffffff8172c195 R10=ffffc900001e0898 R11=ffffffff81ac3910
R12=0000000000000003 R13=0000000000000001 R14=ffff888105e9a850 R15=0000000000000000
RIP=ffffffff819d6629 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005624a589e950 CR3=0000000114806000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f3604812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
