last executing test programs:

3m2.039044133s ago: executing program 2 (id=27):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000200)={'ip_vti0\x00', &(0x7f0000000100)={'gretap0\x00', 0x0, 0x40, 0x8000, 0x4, 0x9, {{0x5, 0x4, 0x0, 0x4, 0x14, 0x67, 0x0, 0x83, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x13}, @private=0xa010102}}}})

3m1.968569392s ago: executing program 2 (id=28):
syz_mount_image$nilfs2(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1080c, &(0x7f00000006c0)=ANY=[@ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRES64=0x0, @ANYRES64, @ANYRES32, @ANYBLOB="e5f0986a95b4a041c6140884aa3ee1b8a51a2f195aca4ce79a3b534f3fa12c4e1790181917f9b22d45f7d86339c33c4a5e4f7224ec19", @ANYRESOCT=0x0, @ANYRESHEX, @ANYRESOCT, @ANYRESOCT], 0x1, 0xa7a, &(0x7f0000000980)="$eJzs3UuMHEcZAODu3Z21nTh4HGxinJDYBJIIyG68a8zDgjiKL1gx4hYp4mI5TrBwDMKRIFEkbJ+4kcgyN8RDnHKJACGRC7Jy4hKJWOKSU+DAActIkThAgj1oZ6tmZ37PpGe9j97Z+T6ppqa7arqqZ3t6+1VVBTC2Jtqvjfbr5TcvHf3nQ//YtvD+8U6OZvt1qmtqIXeZpqfC8t6bXIxvvP/KyX5xWcy1X/P0ZNdn7yyK4nyxr7hSNIu9l6++9vbcU8cvHLu4/53XD19bg1UHAICx860rhw/u/ttf7t35wRv3Hym2dObn4/Nmmt6ejvuPpAP/hWiqzOcPS+cDZVfoNh3yTaUwEfJN9slXdOVr5Hxbez8Xy58Oy20MyLelovzJcI5ShvrAKMvbcbMoJ2Z6picmZmYWz8mL9nn9dDlz9vSZ587VVFFg1f37gaIo9gnCuIXWjs6PoPa61Be6vgWAWsX7hbc4H68srExnaVPDlX/9iYn+n+/VWM06Mj7We/tXflx+bz3Wu/yq9f/NhTVef8bK8FvT1jWtx2rL65V/R9vTdLyPEJ9fWu7+Jy9vMixv2AOAQfcRRuX+wqB6Tq5zPW7XoPrH7WKz+lqK8/fw9ZDe/fuJf9NR+RsD/f1nw13/37ZUudrrIgibO7Tq3PkA9ao4rY/PzbWSnB6f64vpWyrSt1akb6tIv6Mi/c6KdBhnv3/xp8WrZdG3PV6xeP7f/rEMez0sX2e7K8UfW2Z94vXI5V6Pi8/9LtdKy4/PE8NG9scTT5/68rPPXF18/r/sbP830/a+L00302/rSsqQrxfG6+qdZ/+bveVMDMh3d6jPXX3yt9/v6s1X7lpaTtG1n7mlHnt6P7djUL77evM1Q75tKcTDpXh8ckf4XD7+yPvV/H1NhfVthPWYDvXI+5WdKR6tuzFsVHl7HPT8f94+9xSN8rnTZ049lqbzdvrnycaWhfkH1rnewMoN2/5nT9Hb/md7Z35jonu/sGNpftm9X2iG+XMD5s+n6fx/7juT29rzZ05+78yzq73yMObOvfTyd0+cOXPqB9544403nTd175mAtTb74gvfnz330suPnn7hxPOnnj91dv7Qofm5uUNfmT842z6un+0+ugc2k6V/+nXXBAAAAAAAAAAAABjWD48dvfrXt7707mL7/6X2f7n9f37yN7f//0lo/x/byed28Lkd4M4+6e08oYPV6ZCvkcLHQ313hXJ2h899IsWdcfxS+/9cXOzXNdfnnjA/9t+b84XuBG7pL2U69EESxwv8dIovpvjXBdSo/Hn/2Smu6t86b+u5fwr9Uoym/HfL/Znkfkxy++9B/Trl/f/O/ov98WrXk9W1Hs0J615HoL9/bbj+v9ckLHX4WXtdus4Yaq+LsNHCjVartZ7ltVofNYqHsaaA9VP3+J/5umeOz/7pG1sXQs52/Yne/WXsvxRWou7xL2srP19YHNf1H7L81R7/szP+3dD7vzBiXvP2yv3vL66921VssXdg+VuKnvLj+ud+oHctr/wPUvl5bR4uBpXfu/6tX4Xy4w2hIX0Yyr9jyPLj+l9absGpwP+l8vPX9siDw5a/uIByorce8bpxvv8XrxtnN8L65749l7v+tztQ481UPoyzURlndrl6xv+90Fr/8X9XOMJQfA7ji2k67wjzcw5xvJPl1j8/X5H/D+wOyy8r/r8Z/3e0fTXFVb+HPP5v3h6bfaYnuqYbfb7bzbqvgVH13qrd/+t6Ym4D3EcRxieUtrnbDq1Wq9abfO4w1qvu77/u84S6y6/7+68Sx/+Nx/Bx/N+YHsf/jelx/N+Y3r6u+OHSoL3x+4rj/8b0OP5vTL8nlBvHB95Tkf7JivS9Fen3VqTfV5H+qYr0/RXp91ekP1CRfndF+oMV6Z8Jf/GY/tmKzz9Ukf7IR6fP/6ji85tdbo8yrusP4yy2z/P7h/GR7/8M+v3vqkgHRtfP3jjw5DO/+3Zzsf3/dOd6SL6PdyRNN9K5czxfitdPJlPaW2n67yF9o1/vgHES+8+I/98frkgHRld+zsvvG8ZQ2b/HnmH7rRp0nM9o+VyKP5/iL6T40RTPpHg2xQdSPLdO9WNtPPnbPxx+tVw6398R0od9njy2B4r9RM0PWZ94fWC5z7PHfvyWa6Xl32ZzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNpMtF8PHtxTFsXlNy8dffr46dmFOY93cjTbr1NdU43O54risRRPpviX6c2N91852R3fTHFZzBVlUXbmF9+83inpzqIozhf7iitFs9h7+eprb889dfzCsYv733n98LW1+wYAAABg8/t/AAAA//9N2hwq")
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')

3m1.968206678s ago: executing program 2 (id=30):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34325842, 0x0, 0x0, [{}, {}, {0x0, 0x2000}, {}, {}, {}, {0x87f}]}})

3m1.899902005s ago: executing program 2 (id=31):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000000), 0xfc, 0x582, &(0x7f0000000b40)="$eJzs3d9rW+UbAPDnpO3W/fh+28EY6oUUduFkLl1bf0zwYl6J6HCg9zO0WRlNl9GkY60Dtwt3440MQcSB6L33Xg7/Af+KgQ6GjKIX3lROctKFNunSLF2z5vOBs73vOSd9z5P3PG/ek5OQAAbWRPpPLuLliPgmiRhr2jYc2caJ+n5rj2/OpksS6+uf/pVEkq1r7J9k/x/JKi9FxG9fRZzObW23srK6UCiViktZfbK6eG2ysrJ65spiYb44X7w6PTNz7q2Z6Xffebtnsb5+8Z/vP7n/4bmvT65998vDY3eTOB9Hs23NcTyDW82ViZjInpOROL9px6keNNZPkr0+ALoylOX5SKRjwFgMZVnf0vrY8zw0YJd9maY1MKAS+Q8DqjEPaFzb9+g6+IXx6P36BdDW+Ifr743EaO3a6PBaUr8yOljfml7vjveg/bSNX/+8dzddot37EAd70BDAJrduR8TZ4eGt41+SjX/dO9vBPpvbGLTXH9hL99P5zxut5j+5jflPNM9/Mkda5G43np7/uYc9aKatdP73Xsv578ZNq/GhrPa/2pxvJLl8pVRMx7b/R8SpGDmY1qci4oPWN0E+z609WG/XfvP8L13S9htzwew4Hg5vmv/NFaqFZ4+87tHtiFdazn+Tjf5PWvR/+nxc7LCNE8V7r7bb9vT4d9f6TxGvtez/J52ZbH9/crJ2Pkw2zoqt/r5z4vd27W8b/2jPw90i7f/D28c/njTfr63svI0fR/8tttvW7fl/IPmsVj6QrbtRqFaXpiIOJB9vXT/95LGNemP/NP5TJ7cf/1qd/4fSxO4w/jvH7zTvOrqz+HdXGv/cjvp/54UHH33xQ7v2O+v/N2ulU9maTsa/Tg/wWZ47AAAAAAAA6De5iDgaSS6/Uc7l8vn65zuOx+FcqVypnr5cXr46F7Xvyo7HSK5xp3us6fMQU9nnYRv16U31mYg4FhHfDh2q1fOz5dLcXgcPAAAAAAAAAAAAAAAAAAAAfeJIxGir7/+n/hhq/Zg2q4EX0TY/+Q3sc+3zP9vSi196AvqS138YXF3kv/cAYJ/w+g+DS/7D4JL/MLjkPwwu+Q+Dayf5//OFXTwQAAAAAAAAAAAAAAAAAAAAAAAAAAAA2B8uXriQLutrj2/OpvW56yvLC+XrZ+aKlYX84vJsfra8dC0/Xy7Pl4r52fLi0/5eqVy+NjUdyzcmq8VKdbKysnppsbx8tXrpymJhvnipOPJcogIAAAAAAAAAAAAAAAAAAIAXS2VldaFQKhWXFBS6Kgz3x2H0YSHXH4fRZWGvRyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOK/AAAA//92vTrs")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

3m1.719599826s ago: executing program 2 (id=32):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000200)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)

3m0.049518203s ago: executing program 2 (id=43):
syz_mount_image$nilfs2(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x1014800, &(0x7f0000000180)=ANY=[], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x0)
setresuid(0x0, r1, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x41009432, 0x0)

2m59.879715946s ago: executing program 32 (id=43):
syz_mount_image$nilfs2(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x1014800, &(0x7f0000000180)=ANY=[], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x0)
setresuid(0x0, r1, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x41009432, 0x0)

2m49.528020188s ago: executing program 0 (id=152):
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x808000, &(0x7f00000002c0)=ANY=[@ANYBLOB="00cd067ca5fe94f358a97d3799d10d6a0f0d49553970899fa347aa76be1b2509f63779954a38f01042f578e036051ee7d6d1fb7e07c209e650464433ce970000000900000014c931bb00000000", @ANYRESOCT=0x0], 0x1, 0xa3, &(0x7f0000000200)="$eJzs172JAkEYx+H/7X0Htw1cYAfWYCtiqJmRImhDtmIJgliBmZisrLuLWoL6PDDv8PJLJ5nNaf2fMqmW+UxS3ZrO5uPhpJn5y51BeAZFku8kP0l6ZbN/XcqufQXJ9rAYdacub8euAAAAj6RIv77e67FK9tfykeS3/Qc0GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMArOgcAAP//v+0zQA==")

2m49.399275154s ago: executing program 0 (id=157):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x7b, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x68}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000e80)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="200004000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2m46.596446796s ago: executing program 0 (id=188):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nodioread_nolock}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKU2aRJfKnioR9FiQe91SaahdNMt2U1pYsH2YC9epAgiFsS73j0W/wH/ioIWipSgBy+R2czmpdlNtukmu+1+PjDheWZm93memfk+eZ6dWTaAvjWS/SlEvBwR3yQRRyIiybcVI984srLf0uObU9mSxPLyp38l9f2yfOO9Gq87lGdeiojfvoo4VdhcbnVh8UqpXE7n8vxYbfbaWHVh8fTl2dJMOpNenZicPPv25MR7777Tsba+ceGf7z+5/+HZr08sfffLw6N3kzgXh/Nt69vxDG6tz4zESH5MBuPcEzuOd6CwXpJ0uwLsyEAe54OR9QFHYiCPeuDF92VELAN9KhH/0Kca44DG3L5D8+DnxqMPViZAm9tfXPlsJPbX50YHl5INM6NsvjvcgfKzMn79897dbInOfQ4BsK1btyPiTLG4uf9L8v5v5860sc+TZej/YO/cz8Y/bzYb/xRWxz/RZPxzqEns7sT28V942IFiWsrGf+/n5e7fUP7qTavhgTz3v/qYbzC5dLmcZn3b/yPiZAzuy/Jb3c85u/RgudW29eO/bMnKb4wF83o8LO7b+JrpUq30LG1e79HtiFeajn+T1fOfNDn/2fG40GYZx9N7r7Xatn37d9fyTxGvN53/rN3RSra+PzlWvx7GGlfFZn/fOf77xjVrR7Lb7c/O/8Gt2z+crL9fW336Mn7c/2/aatuG9kf71/9Q8lk9PZSvu1Gq1ebGI4aSjzevn1h7bSPf2D9r/8kTW/d/za7/AxHxeZvtv3Ps51fban+Xzv/0U53/p088+OiLH1qV317/91Y9dTJf007/124Fn+XYAQAAAAAAQK8pRMThSAqjq+lCYXR05fmOY3GwUK5Ua6cuVeavTkf9u7LDMVho3Ok+su55iPH8edhGfuKJ/GREHI2IbwcO1POjU5XydLcbDwAAAAAAAAAAAAAAAAAAAD3iUIvv/2f+GOh27YBd18ZPfg/tRT2Avbdt/Hfil56AntTG/3/gBSX+oX+Jf+hf4h/6l/iH/iX+oX+Jf+hf4h8AAAAAAAAAAAAAAAAAAAAAAAAAAAA66sL589myvPT45lSWn76+MH+lcv30dFot5LvMXRudqVRmyunoVGV2u/crVyrXxidi/sZYLa3WxqoLixdnK/NXaxcvz5Zm0ovp4K63CAAAAAAAAAAAAAAAAAAAAJ4/1YXFK6VyOZ2TkNhRotgb1ehSotgb1diFRLd7JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY818AAAD//0h7Mcc=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x2, 0x96)
pwrite64(r0, &(0x7f0000000140)='2', 0x155c2, 0x8000c64)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f0000000100)={0x17c04, 0xffffffffffffffff, 0x9, 0x800007ff, 0x1})

2m46.536203673s ago: executing program 0 (id=189):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@usrjquota}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080))
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
fsync(r0)

2m46.444600894s ago: executing program 0 (id=190):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2814714, &(0x7f0000000500), 0x1, 0x4ac, &(0x7f0000000b40)="$eJzs3M9rXNUeAPDvnWT6u528vr6+175Wo1Va/JE0adUuXKgouFAQdFGXMUlr7bSRJoItQaNIBTdScC8uBf8Cd25EXYjgVsGlFIoGoWlXkTv33mQynaRJOsmYzOcDkzln5syc851zz9xz78mdADpWb/onidgVEb9ERCXLLizQm93NTE8O35qeHE5idvbVP5JauZvTk8NF0eJ1O/PMsVJE6aMknknurHf88pXzQ9Xq6KU83z9x4e3+8ctXHj93Yejs6NnRi4OnTp08MfDUk4NPtCTONK6bB98bO3TgxdevvTx8+tob33+VNmv/4bztUyt4s1tNAmqiN/3U/pytaXzu4RVUtxHsrksn3W1sCCvSFRFpd5Vr478SXTHfeZV44cO2Ng5YU+m+aeviT0/NAptYEu1uAdAexY4+PY4vbus09fhHuPFsxJY8PTM9OTwzF393lPLHy2tYf29EnJ66/Xl6i4bzKXW2rWETAIAOU5vbPNZs/leK/bX7bK1jT76G0hMR/4qIvRHx74jYFxH/iaiV/W9E/C978WxlmfX3NuTvnP+Urjdtc4uk87+n6+Z+M3Xx53c9XXludy3+cnLmXHX0eP6ZHIvy1jQ/sEQd3zz/86eLPVc//0tvaf3FXDBvwPXuhhN0I0MTQ636EG58EHGwey7+ynz8ydxKQLoFHIiIgyt76z1F4twjXx5arNDd419CC9aZZr+IOJr1/1Qs6P/5Nb5k6fXJ/m1RHT3en24Ft5us9EX88NPVVxar/57ib4G0/3cs3P4bSlT+SrL12nJUq6OXxldex9VfP170mHK12/+W5LXamvWPb2aPvTs0MXFpIGJL8lItXxzT1R4fnH9tkS/Kp/EfO9J8/O/NX5PG//+ISDfiwxFxX0Tcn7f9gYh4MCKOLBH/d8899NYS8SeRRFv7f6Tp99/c9t+T1K/XryLRdf7brxdbMV9e/5+Mqdp3bab2/XcXy23gPX58AAAAsCGUImJXJKW+LN27K0qlvr7sf/j3xY5SdWx84tEzY+9cHMmuEeiJcqk4/1mpOx86MPcP9Fl+MD9XXDx/Ij9v/FnX9lq+b3isOtLm2KHT7Vw4/qMY/6nfu9rdOmDNuV4LOlfj+C+1qR3A+lvO/t+xAGxOTcb/9na0A1h/jv+hczUb/+835M3/YXO6c/z/1vRCFmDzMf+HzrX68e80IWx09v/Qke7luv7VJ4qLBVb/PtuWfYV/CxPliFj3SpebKH7xYi3r2h7zj0Sp7SF3UCIdMUuWOfpJ1v0tq3T+N1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2sr8DAAD//2OP47w=")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)

2m46.20812659s ago: executing program 0 (id=192):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x4, &(0x7f0000006680))
sched_setaffinity(0xffffffffffffffff, 0x0, 0x0)
inotify_rm_watch(0xffffffffffffffff, 0x0)

2m46.134830023s ago: executing program 33 (id=192):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x4, &(0x7f0000006680))
sched_setaffinity(0xffffffffffffffff, 0x0, 0x0)
inotify_rm_watch(0xffffffffffffffff, 0x0)

1m41.328475421s ago: executing program 1 (id=926):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file1\x00', 0x0, &(0x7f0000000100)={[{@compress_algo={'compress', 0x3d, 'lzo'}}]}, 0x1, 0x559a, &(0x7f0000005680)="$eJzs3X2QVWUdB/Bzd1lYZGI3BMGBFShfQEIhpVRS7kBBuDJtkjU2GQtioaAwzBI1ii04WLgam1kz5QxCiwjDUmszGmXlygyQk9PWjIPIgjLThjG9SMXEFjU2e+99Lveey+5eyVxfPh9m99zn/s7znOeeOX/c72WfcyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIoujgjtr/rB1ZV75+06hFt199cPSq0RNWVDWdHHWg+rzdl/absWjovuntdw6b0bH6SPX65tsu6IyiRKpfItN/3vSPX/+FufPmlIcBaz+Z3lZWdnfIdNfD6Ub/vCe7+uX/zI+iqCw2QGlmu7s0p52IHyBaXjhgj8pmbVsycEGyduvmp+ouX7J1XOFLp0t5X0+gr2Suq45T11Iy9bsktke2nXPpJfIu0XT/+AX3prwIAOB1mVST2mTfjmbe4mbb9fF6rJ2MtRtj7fAOoTG3cSbS4/bvbp5j4vU+mmcyHRUGdDvPWD1z/rPtmnj/WDsWNV7HPPN3zUSa8u7muSxW76t5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyVvFa3Ys34z714sOyX549bvfLk4WvLL3zoq/8uWXrzS68dqlnzl7ah+6a33zlsRsfqI9Xrm2+7oDOKKlP9EunuiWknXr1kYvWcUeuf+N7ETc+OP16aGTds++XsHO0PD66siKIFOZWOMOzRwVFUk19INaPvFhZuTT2YHQoAAAC8k5yb+l2SbafjYFleO5FKk4nUvyAdFstmbVsycEGyduvmp+ouX7J13JmPV9PNeMnTjpdtV576SeQE4xB/4+OdqoddlxeM07P4iPE8P+X5l1+oGHHtT5+pOu+mlde/NPKax9tmfnP48UX7K+8YtGrc2CsK8n9lz/k/nDn5HwAAgP+F/B8fp2e95f/PzK+75Y5HvnJszD2HVw66+8H9G4eVH7nplsn7/jj8hosvvqz2xoL8PybvkAX5P8w45P+S6MzyPwAAALyV/b/zf7JgnJ71lv/bhzff/MB7Di2sbOt4evtlK/b0X3j1RUMOPHTR3In3XjdozPkNBfl/UnH5v1/utMOTz4UJL66IoknFn1QAAAAgT/h/91MfLYS8nv7kIJ7XW+dtGd3y6swvTxj78KH6P1Vtnvj5jUMe37lh5jd2PXf3/RPbzi7I/8ni8n/Zm/NyAQAAgCI0HTpnxNBPJ38e3X/01vnf/+yuR+9b+sWrLtnbOWvC2l9UP72jviD/1xSX/wf0zcsBAAAATuPE+GsW/mPnkd9e1/yJ+5qO/v5Lq0p/NaNp9/62hqZ/bh81e/XkgvxfW1z+Pyuzzax8SHfaE/4K4VsVUVTe9WBZurA3apyWLQAAAABvkJDT75ryfMm9A6edu2Xub06Me+KFPZ/aN3vxhnPWTGp69n2tiz9y4WMF+X9Zz/f/D3c6COv/8+7/V7D+P6eQvuvfVDcGAAAA4N2ocD1/uD1++psLuvv+/WLX///w6xv+mqiqf/ID8342q/P9zT/Z2zr1wZNVf5hz/OGW5MgnL32xIP/XF5f/S3O3b+T3/wEAAMAZeLt9/9+NBeP0rLf7/7c980j1o1d+6GtXza2buuN3H77iz68Mn9qwPXpl+UfbFx342K5fF+T/xuLyf9gOyn15reH83FMRRSO6HmTuJrgtTHdxrNBSllNIn/hYj7mhR6bQMiCnkLIs1uODFVE0tutBfazw3lBojBWODc4UNsYKbaGQuR6yhR/ECq3hSvvO4Mx044Ufh0JmgUVLWEExKLskItbj79316Cqctkd79uAAAADvKiE8Z7JsWX4zikfZlkRvO5zV2w4lve1Q2tsO/WI7xHfs7vmoNr8Qnv/Rt294ecBdD2yom7Jl04KqhrPX/euxyZNuX7Z2Z93SziF/W7euIP9vLC7/h1PRP73pbv1/FNb/Z77XMLv+vzYUKmOFllCoid8xoCYcIx12G8IxKmsyPY6NyBYAAADgHS18LlDax/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7J373FW1nXiwL8zzIUZhplRMS+RISaKwTCMKYaZID/TnwQOq6WFJgSDjgxCXEzQTUTd1VzB2+ZtE0jdtIwoNbVUeGnekspLsKl5SfHSK41lS5Js133NnPM9nPOcOc5BQBn3/f5jzvecz/f6nMuc7/M85/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/N2z85GVfeHmfj/xg3cKBi1eP+krfI4cMn3DMNTceu/jhb0/e777f//8+aw575sydR60955XRi245de+3QmjuKFeSKl5y6F/XNQwePabvotuvGbz0kYF/qUjXm46HXu1/StN3zoutru0dwh0lIZQlA4NrUoHy9P2aWF/fmhB2CJsCmRIt1akSyYbDA1UhLAmbApmq7qoKoSYrcOwT9624uD1xRVUIe4cQKpNtPFuZaqMqGRhQkQpUJwPTy1KBv76TkgncWZoKwBaLb4bMi355c26G+s7LFXj9lW+1jn2wksPrERP1hfO9MXIbdypLRfKB5i162vKqY5vIe3us9G7rBu+2vO18iact+4tU+hvKO5tClaF0csuUiXPaZsdHSkNDQ49CNW2j5/np9WdN2px0t3kdxg7Ub5XX4aoLe49d/OhRw2+tG35Dn0ELN25pNwtt3m2tMqRfc93meYxG+DzpBm+/vG9J/XzpCiHsf9v42798wcs3L7h87K4HPbHTsDc+u/vdLT+75YTxxx++fsVXf//jvPl//bvP/+PLOd6W5uSOrb5dm5qbx0dqYmJdbWpuDgAAAN1Gd9hr+srq/5722X3HDX185OrqW2+659SL7/v8tT9r3a/t4bE77fj8vvN+lDf/71fc8f94yL8me7QrQxjRkTi3LoRdOx5PBW6O3flqXQh7dqSacwMjE4GVIezWkRiYqSpRomcs0S8ReLU2HRiRCDwYA82JwI0xcEkicF4MLE8EJsXAykTgsBgIrbnj2K82PY6iA1UxMCG1EZfHsxD+XBtbS2yrZzJVAQAAbCXp2WF57t2scx22NEOcXi6v6ipDPAO7YIbKRA3JGWxmWlWwhrKuaijtqobMuOe/+/Dzai7pqua80zBKcjNcWXXLpT8aNumNu2e8tOG0Iz7x2quP1S/96afXXfPGU9Mr79/j8ofz5v+N7z7/r+ykIyV5x/9DGNfxN+YuTUfaMvEJzTkZAAAAgC3w1sADvvydsq/NfeH3jwz75K+vfez1lQ9/dO8zb1v7/Bk/+NZ3au4fnTf/H1Hc+f9xn0iPrMxhVdwNMbUuhMbcQKrag/MDqaPevdIBAAAA6A4yx+Mzx8Jb07epU7ST8+n8/M2bmT8e+B/Raf7131p2/Y6feGT2Q7W3zXhqw+NfWTl64bEz3xh05dmP7HvoQU+N/Gze/L+5uPP/q3NvU514MPbi8roQemYFHoq9bA906BcDLxyaG0iP/8G4AS6KVaVPTMhUdVEsMSEGGhOBJYVKPJYpsWtuIP1kZRo/NzOO1nSJrAAAAAC87+LugHhcPp7/v2LBXZf9x41/umzVgUtnnzz98de+V1H5zknL7zyxzwX39li008hJefP/CZt3/n/HPDjv9P62XiEMKQuhR/KHAauqUwsDxkBNSTpxT3Wqrh7JqhZUh3Bw+8CSVb2YXv+/LLnG4JNVqapiYNf+N60f0J64oSqEIdmBNeOXHtCemJMIZBr/YlUIH28fbbLxn/RMNV6ebPyqniHskRXIVDWpZwjtjVUkq7q/Mn0dg2RVyytD2CkrkKlqWGUIcwMA3VX8Xzo5+8FZc+dNndjW1jJzGybiTvyqMKW1raVh0vS2yZUF+jQ50eecdYzOyR9TsZe++V16jaLVx0ytKyad+aFgY3Zb6R35eWcOpu/HL0PlHeNsKs+5u39yyPvuld9EyPoqVWjIpdt4yNXZlWx6EvPqj/krQq/Qc86slpkNZ0ycPXvm0NTfYrM3pf7G40ypbTU0ua2qO+tbES+PgstlJbzXbTUgu5Ihs6fNGDJr7rzBrdMmntxycstpwz7VNKxp6P5NjUPaB5X+28VIB3RWc2Kk7ywtclhbcaS7l2VV8n58aEhISHS3xE2Xj39m0UcXV3538UmXPHH++WefcvrOt1057ft9p48fdOXnlkz9et78f8a7z//jp0784E+vz1Do+H99PMyfenzTYf4JMbCk2OP/9YWO5mdODOiXCMyPgfkO8wMAAPDhEHdHxr2Zcad07SvfOP1/Tjii9NA/HP2LpqGDdrnw1qkDbnx94+kf23vekmvLKvKv/ze/uN//b6X1/zNL1x9VaJn/gbFEY6H1/5PL/GfW/59faP3/5DL/mfX/l3wA6//PyQQSm+TP1v8HAAA+DN6/9f+7XN4/eYGAvAxdLu+fvEBAXoYul/Ev9gIBm73+/89/XrbDx47YrW/ZF56YuNedB/7mpGkP7vKjUVev+3RT/TfPWPPzZXnz/0uKm/9buB8AAAC2Hyfs+6UBC14a8vVzpj/ww8Ezdn7purOfH3HPL4/75MYxfddVr+v76bz5/5Li5v/v//p/odD5//0KBZoLLQxo/T8AAAC6qULr//3t42d987p+O24Y1O/M29+6emrJ8L2fO/XXbRc9NOrwj435xyWTrs2b/y8vbv4fT7sozckde/N2bWpNu5Bc025dbeYnAwAAANA9lIaGhvIi8+YsjDryvbf5dHop0HdLZ9vtE6vWnHvvdX8fcvP5C9Ydf3rtQUf+oeyQOydf99KCU/boX/Pc2rz5/8ri5v85v8tYdWHvsYsfPWr427fWDb+hz6CFGzcd/wcAAAC2nWL3SwAAAAAAAAAAAAAAAB+8Y1b95Kz/+uWY4+4cNu/qR3d+/OT//PqsM1on/aLtiHUHPLv0hk/tk/f7/zCuo1yh3//H6/7F3xf0yckdW+16/b/0/WNHL5vbsWThqtoQ9soOTF0wdYeQvjb/PtmBFScO3KU9sSBZ4u7nDnu5PXFSMnDk4B03tCc+kwhMiIsk7pYMxKsqbuidCMTlFZ9MBuL2WJ4MVKQDF/ZOjaMkua3+UJPaViXJbfV0TQh1WYHMtrqjJtVGSXKAVyQCmQF+LRmIAxybDpQme7WsV6pXMVATiy7uleoVAADbrfgtsDxMaW1raYxf4ePt7mW5t1HOkmXn5FdbUmTzv0svTbb6mKl1xaR7JL+LbrrWeHmobB/C0Lyvq9lZSjpGuXVq6WLT9Skw5K5WeystUC5pczddReERVaVG1DBpetvk8i4Hvn/XWZrKuswyNG+yk52ltGOTFlFLEX0pYkRFbpsiuhzvl4aGhh6JXMNjsD7k6OoVUezv9bPX+Sv0KsjOs3zUQQOOW/bcgRMWPXnQtKnhI5e9M2Li5FmHXPHiU0vnjxw0oUfe/L++uPl/Zfa4NqQvBjA/Xlnv4LoQJhQ5IgAAAPjwO+W05y674P5LX32hecDL04dcuuK3c6+aV1Z783mHP3336W+OX3jSlsYHDHtj6Kl3/ebcjU2jHrqy99X3X7PTkXU//H/Vvea+tWLQmy/cvVfe/L9fcfP/uAcrfSg4tbdjZbz+/7l1IXRcWr8+Fbg5DverdSHs2ZFqjiVSF9Q/KpZoTAVujjtMBsYSE5pzq+oZA8sTgVdr04GVicCDMZDeS3FTSO/KubQ2hAM6UuNyS8yIJeoTgaNjoF8i0BADjYlA7xgYkQi83jsdaE4EHo2B0Jq7rW7tnd5WAAAAmyM9zyrPvRuS87zlZV1lKOkqQ3VXGUq7ylDZVYZCo4j3fxwzlCdOXinJylSerLUqUUtehngx/M3uV16G8FhuzmTBvKbj+QeZ8w1KcjNccWbF9Dc/33/R8UPGrB/ftPhzc38a/uHtOW9d8OYvz6977pqNJXnz/8bi5v/Vubep1h+M8/9N1/9LBR6K3bs8njreLwZeODQ3kN4x8GCc7F6Uqao5XSI9ab8olhgRA/0SgRkxMCIRmDAuHViyS24gPdPONH5upvHWdImsAAAAALzv4g6CuJsmzv+fXTv+iWnjf3vQZX1nLzx/+VFffvrXx736i3t73v3d/osebitZuzpv/j+iuPl/bK9XdmPnxd6s7R3CHSWbepMJDK5JBeJ+jJr48/i+NSHskLWDI1OipTpVoiLRcHigKvUL9YpkVXdVpdYYiPePfeK+FRe3J66oCmHvrL0vmTaerUy1UZUMDKhIBaqTgellqUDc85MJ3FmaCsAWy+wVjC+o9KkuGfWdlyvw+vuwXBM0Oby8faCd5OvsN1fbSmXygfQ+1YzNe9ryqmObyHt7rPRu647vtnrvtuwvUulvKO9sClWG0sktUybOaZsdH8n+JWuebfQ8Z/9KtZj0Vngdzn/vve1aZbIDjYmPj8bOy3X+OiyJ1a26sPfYxY8eNfzWuuE39Bm0cGPR3Sgg/lB45rCr6rM377ZWGdKvuW73edLs86Q7/hvo52kLIYy7d+xFjYfcuHDSiP7X73xH7fDLvzT4lkMbnx1XM2eXw8e89sV5efP/5uLm/2WJ2w4b48acVRfCvlkbd1Xc/KPqUp+DWYHUp+RO+YHUIfeXagt+cgIAAMDWltndkdlf0Jq+TZ0Qnpwn5+dv3sz8cX/FiE7zF9vv/lecsnL0hAN/23f8XoccvM9Zdy04er+/Tbz+tT9Wj5z0wPd+tfr6vPn/hHef//dMdNPxf8f/2UYc/+/U9r4rumfygflbtCs6rzq2Ccf/O7W9v9sc/++U4/+O/3fG8f8uOP7fqe39acv7ljTDl64Qwr9f/vm/vX3Pbv02LC393pQH5vU//rLvL1r2k52f+efH/mn69H33/FXe/H9GcfN/6/91vmhfZv2/CYXW/5tRaP2/+db/AwAAtqkCC80l53l5q/flZUiu3peXocsFArtcYtD6f5u9/t+L/3Lpgr2mjv3GiWc9dnDvR+tHrRkz6O8nvbrnmuuevHLoIyf8/dt58//5xc3/48uhV3br3WX9v37jClR1SQzMsDAgAAAA26NCOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YJ31xynnjVjw+J+ap39l/fLx32nd8fGHprzefMQPRy87es0pu5xyb581hz1z5s6j1p7zyuhFt5y691shtHaUK0kVLzn0r+saBo8e03fR7dcMXvrIwL9UpustT99+NCd3bPXt2hCWZD1SExPratvvbAocO3rZ3LL2xKraEPbKDkxdMHWH9sSNtSHskx1YceLAXdoTC5Il7n7usJfbEyclA0cO3nFDe+Iz6UBJsrv/1jvV3ZJkdy/uHUJdViDT3VN751aVaeOIdKA02cZ3a1JtxEBNLHpVTaqNGGiLJVp7hjCkLIQeyaoeqUxV1SNZ1U8rU1X1SFZ1dmUIB4cQypJVPV+RqqosOfLHKlJVxcCu/W9aP6A9sbQihCHZgTXjlx7QnpiZCGQaP6YihI+3v2SSjd9anmq8PNn4v5aHsEcIoSJZ4s2yVImKZIkXy0LYKSuwaSOWhTA38OEQP30mZz84a+68qRPb2lpmbsNERbqtqjClta2lYdL0tsmViT4VUpKVfuec9z72360/a1L77epjptYVky5Llyvv6HJTec7d/bf33sd+VWdXsun5yKs/5q8IvULPObNaZjacMXH27JlDU3+Lzd6U+tsjHU1tq6HdZVsNyK5kyOxpM4bMmjtvcOu0iSe3nNxy2rBPNQ1rGrp/U+OQ9kGl/26NkS59/0e6e1lWJe/H+19CQqK7JUpzPt0at/fP8bwv+ps6Wh4qOz6g86YV2VlKOka5NQY98j2O+L18TelyREPzJg55WZq6zrJ/3mRiU5aqVJaOr3V5k8Psmko7Nmm8XxoaGnoU2g71uXezN+8bW7B5n05vumLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//+GI8JI=")
openat(0xffffffffffffff9c, 0x0, 0xc4042, 0x1ff)
syz_mount_image$nilfs2(&(0x7f0000000100), &(0x7f0000000080)='./bus\x00', 0x800, &(0x7f0000000040)=ANY=[], 0x1, 0xb16, &(0x7f0000001800)="$eJzs3V2MXFXhAPAzszvbXSj/Tvm3spYKrSjgB1u6XetHY1rSxoSGEuMLCfGlKQUba03ERCUktn3yTQipiU9+hCceQDQm8kIannghkSbEyINBH3ygKUrigxbbMTt7zt2ZszN7d7eze3c7v19y58y959x7zp25c+Z+nhOAoVVvv87MTNZCuPDaC0fev/fvE7NTDhYpmu3X0Y6xRgihFsdHs+W9NzIXXvvw2RO9wlqYbr+m8fDolWLeW0MIZ8OucDE0w44Ll55/a/qRY+eOnt/99ksHLq/O2gMAwHD5+sUDM9v/+sc7t1595a5DYVMxPe2fN+P45rjffyju+Kf9/3roHq91DJ3GsnSjcahPdKcb6ZGuM59Glm60T/5jWf6NPuk2hcXzH+mY1mu9YSNL23Ez1OpTXeP1+tTU3DF5aB/Xj9Wmzpw6/eTTFRUUGLh/3R1C2NUxHD7fPb7ehoProAzzw/zeyxLSt6ov7+oN/1jFZR9au/W42ppT+ee5RkNrS6XVD0C08PzDAmfzMws3pljaaHe+/fK/8lC99/wwAGXb36C3/2XlP1Zx/uHmy/83aX9zifm/eE6Nw+DcrFtTWq/0O9ocx/PrCPn9S/1/f/mVju6p+fWIxhLL2e86wka5vtCvnCNrXI6V6lf+fLu4WX01hrOfw5/fXBjf+fvJv9ON8h0Dvf07P/9vWO/Dy38JlZfBUOXQ/f03bmRZrWqrH2Ady++ba2Xnq/L7+vL4TSXx4yXxEyXxt5TE31oSD8Psd9//aXiuNn+cnx/TL/d8eDrPdlsM/2+Z5cnPRy43//y+34UWv+PhRvPP7yeG9ewPxx87+aUnHr80d/9/rdj+r8ftPR1uNONv62JMkM6b5ufVi3v/m9351Pukuz0rz2090rffb+tOV9s2v5zQUc8sKMdk93xb+qXb2Z2umaWbiMN4Vt58/+SWbL60/5Hq1fR5jWbr28jWYywrR6pXtsYwLwesRNoe+93/n7bPydCoPXnq9MkH43jaTt8caWyanb6359I3ylUsGE5Lff5nMnQ//7O5mN6oF/VCx85vqi/2hlfj8rqnTxf5dE/fF8fT/9y3Riba06dOfPf0E4NffRhqT//omW8fP3365Pe8SW/Srnp54i1zab5WfZmX+yYdtqyX8niz7t5UWCkBa2LPj+d2Ah449Z3jT5186uSZffv375ue3v/lfTN72vv1ezqP+judraC0wCDN/+kvKfkHq14gAAAAAAAAAAAAoNQPjh659M4bX3x37vn/+ef/0vP/6c7f9Pz/T7Ln//Pn5NNz8Ok5+6094ttpsgZWx7J0jTj8f1bebVk+27P5PhbDoh+/+Px/yi5v1zWV545seqPPaNacwIL2UsayNkjy/gI/GcPzMfx1gArVJnpPjmFZ+9ZpW0+P/na0S9HSPvDGkb63tDWkdkzS898923Xq+LK3rkEZGbyBPCpYXzxN1esI9PbBULX//c/5Fa+8LIb+w+ha5bW5Hf482yaGaPto9d1LX2oPNgCDsbC93axF31Xu/zOd90zhmY8eHj/z+sPFke6Vh7rry7z9UliOP73TPT5s/V/m8n771jr/qtd/rfv/LFpona3/Xt5cTC/qv9fz+i9r07XZb8m9zysn//nF5XdDx/nkHf3q3zz/fP1TO9DbFs1ugasx/7Q294Wl5d/6VZZ/fkFoiT7K8r9lifkvWP+dK8v/vzH/9LHdf09J/iMp/7kS117sLkd+3jhd/8vPGyfXsvVPbXsusv7feKbX+q+wo8brMX8YZl21+eJV9oaS7UcUO+0r7/83OjvY/n+LwmbVWn4fxhfiePojSPc55P2dLLf86f6K9D+wPVt+reT/Tf+/G9tXYlj2e0j9/6btsRlri47x9meZxhs9Plu9AcD68t5QXf8b/DA++GWOV71OhmUNrZEVzFd0lbFouolVL3+r1VrdE1ol2pm/X2UJhlulX36vA7Oq8q9I1Z9/mbz/3/xryvv/zePz/n/z+Lz/3zx+In5D/eLz/n/zzzPv/zePvyNbbt4/8GRJ/MdL4nf0ji8O2+8smX9nSfwnSuJ3F/EHu1Kk+LtK5r+7JP72kvh7SuI/VRL/6ZL4e0vi7++I7+wDOsV/pmT+m116HmXZ67/eKy6gVP583rDVfzDM0vWffr//bSXxwMb1s1f2Hn78t99szj3/P1acD0nX8Q7F8Ubc5f9hHM+ve4eO8dm4N+L437J4hw2wfuTtZ+T/7/eVxAMbV7rPy+8bhlBtvPfkGJa1W9VvP5+N5bMx/FwMPx/DB2I4FcM9Mdwbw+k1Kh+r4/Crvz/wXG3+eH9LFr/U+8lr9e4j+652okII+5ZYnvz8wHLvZ8/b8VuuG81/hY+DAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVKbefp2ZmayFcOG1F448duzUntkpB4sUzfbraMdYo5gvhAdjOBLDX8Y31z589kRneD2GtTAdaqFWTA+PXilyujWEcDbsChdDM+y4cOn5t6YfOXbu6Pndb7904PLqfQIAAABw8/tfAAAA//9EBxRn")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x8c)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000000)={@desc={0x1, 0x0, @auto='\x00\x00&\x00'}})

1m40.711929797s ago: executing program 1 (id=933):
syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x2012, 0x0, 0x1, 0x0, 0x0)
mount(0x0, &(0x7f0000005880)='./file0\x00', &(0x7f00000058c0)='sysfs\x00', 0x18010, 0x0)
mount$cgroup(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1290029, 0x0)

1m40.481467307s ago: executing program 1 (id=937):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e1b0d0302000100000000000003ff09a307d902000000000000000580ecc459a31000010000000000000a04090603010001ffffffffffff37340d2ceb605665462d85c4353b3ccc1bde245b56db30c9208fe2ddcee8feccce274555971570d67dc5c1e0cc118ec111f81a291e8e870b1000000000000000000d00060e090300630000000000009511c457f1f39fa67ce5c613c49eb38d4d16e1e12a072558e9c31c49a710873e80df8394497ce362d367e4bd4fb64dce500f0027850c509f5d59231d4ad4d08d0e3d4cc2b1e318849287ed226e700cfa00fcefa0f21bbf1203cb744d86d4f57ff4c0ec852b3a7eb2334dc0e3f284f58b5558596eb1264e6be6057a63855bdb2a90b8d8eb29742c3f43df1d"], 0x11e)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

1m39.6678294s ago: executing program 1 (id=952):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file1\x00', 0x800010, &(0x7f0000000480)={[{@umask={'umask', 0x3d, 0xffff}}, {@gid}, {@umask={'umask', 0x3d, 0x7f}}, {@unhide}, {@volume={'volume', 0x3d, 0x4}}, {@noadinicb}, {@gid_forget}, {@nostrict}, {@uid_forget}, {@nostrict}]}, 0x1, 0xc29, &(0x7f0000001940)="$eJzs3U9sHOd5B+D32yEtUm6ateMof5TDAg4QV44NUpQtFnIAKmKIGBBkwRRzMFCAK5FSFyaXFEkVclCkKpCgCNIWKnLIsQKcAL1VpxYIGkA9uUUQgOip6KFQW0dwb5sAaYsezGJ2vyWXtCSylkRS1vMI0m929p3db9Z8uTPrmZ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Eih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7SvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//fHez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fmOgfXs1Ir4YER+ulX8i/mdtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+v2Vu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9ufBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN/9/n2+fApDt713Piy7k8jxej/Hst11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfxYpjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/2+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zl59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/PlI8+3uba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/ZNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/r5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT48+tfynWd3jua73+m/e9G/38/UvzOpzbXvpJrn92oHd7pasFeKvv/HyPF6u1/Xv+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfI//O1gCfN8jvffrs+Nze7ZMKECRPrE3v9mwl41Mrt//+KFF+7XKTufmze/v+tzq2N/f///s7G9v+JLbluj7b/n+2ZdyLvtfT3RQyszC/2fy5iYPmdb7/UmK9fmr002xwZGT3+u8eGjx4f7n+qu3O/MbXj1w4ed2X/vx0pfvLX/7T+Ofbm/f+7f/53cEuu26P+/0zvOm3ar9nxSwFPnLL//ypS/MuND9b/f9P9Pv/rfs73wvObc7BbtEf9/1zPvFr+Z7Rn3gtFxMmdPhcAAAAAAAAAADwmDqYifhYp/qb1D+vXvN98/E98uVvbe/zfveyH6/8DAPdXvv9PRoqfH/xq6n6HzE6O/5/Zkuv26PjfQz3zZnbpvOYdv8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAxpSjiQKR49wetdLsob3cMnG40r1ydGp+4+2KDKVJUomjXl38Hho+OHHvl1eOj3bz/8g/bF+KNyXMna6cW5heXZpeXZ2dqU83GhYWZ2R0/woMuv9WR9gtQm3/7yszFi8u1oy+PbLr7avXOgacPVU+MHh55q1s7NT4xMdlT09f/sZ/9I9LDeyg+QZ6KIn4eKd576YP0b0VEJR68F7b53fGoDUZf2X/tlZgan2ivyFyj3lwp70yVXNUXUe1ZaKzbI7vQiw9kLOJaRFTKAR8pV29ysb5UPz83WztbX1pprDQWmqnSGW25PtWoxGiKWIyIVrHXg2e/6Y8i/jZS3Pl1K/17EVF0++DFM5NvDo1s/wB9uzDIezxttYhYjcegZ2GfOhBFPBcpfjg9FP9RdPqq3TbvR3ylzNciLpd5K8X1fDuVvyBGI37l/QQea31RxNlIsZBa6f0i9357u/L0t2qvNy8udMr+KNrbzvkd9XHfP9hNtk3YxwaiiF+2t/hb6ZfezwEAAAAAAAAAAABgnyvia5Hi5vwLqX1+6Po5pY3mpdq5+vm5zmH93WP/a3mptbW1tWrqZC3nUM6xnGdzTudczHkt5/WcN3LezHkr52rO2zlbOaOSnz9nLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5w3HSAAAAAAAAAAAAAAAAAAA8IpUo4nuR4ke/aaW1onN92eno5G3nucIn2v8FAAD//+X2R4U=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

1m39.596026612s ago: executing program 1 (id=953):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file1\x00', 0x2008000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bc, &(0x7f0000000440)="$eJzs3EFrE08Yx/Hn37RNmtImfxBBQX3Qi16WNr4ADdKCGFBqU9SDsLUbDVmTshsiEbG5iFdfR/HoTVDfQC/ixbu3IgheehBXupttk5rWbU2a2H4/UGa2M7/OLN2WZwud9TuvHpcKrlEwqzKUUBkSaciGSHqz1/Rfsx3y+6PSqiGXxr9/PnP77r0b2VxuZk51Njt/OaOqk+fePXn2+vyH6vjCm8m3cVlL31//lvmydnLt1PrP+UdFV4uulitVNXWxUqmai7alS0W3ZKjesi3TtbRYdi2nbbxgV5aX62qWlyaSy47lumqW61qy6lqtaNWpq/nQLJbVMAydSMrxNhxhTn51bs7M7jrsxbq6I3RfvP1yrNMcx8k2Og/mV3u1LwAAMLj2rv+DWn/3+j+3ELRdrv9FqP97pNF29Yf6H0eC42TNZPPntx31PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t5npcK2/AjLiIJEQmv+71P9MYBv/9X+rRddFnLP+4lROyXtXwtH7TBeLYgRbHFkilJyQ//eWgK+rPXczNT6htpfsnN/EotH/PPJvDzoXSn/Nn/p4O8yvvNXK2ZH5Fk6/oZScmJzutntvPhcQgrtfyoXLzQkjckJR8fSEVsWfKf6+3882nVazdzO9Yf8+ftJsrpGgAAAAAADApDt6Tb33+Dsx8Nf0JCfh8P8vv4+8CO9+thOc1LNAAAAAAAh8KtPy2Ztm05B+jEReQv4ke1E5OB2MaOzlUROfRFRaTRn1tOiEjwGT1I/OtWPFLKizBnWEQG4kmI2On3byYAAAAA3bZd9O8j9OlFD3cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDxE/U8sHB+yVuRtvPtwoE94i3LxQ79BgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAB8isAAP//0KwZYw==")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000001c0)='.\x00', 0x4000423)
r1 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
sendmmsg(0xffffffffffffffff, &(0x7f0000000940)=[{{&(0x7f0000000400)=@tipc=@id={0x1e, 0x3, 0x0, {0x4e21, 0x1}}, 0x80, 0x0, 0x0, &(0x7f0000000bc0)}}, {{&(0x7f0000000800)=@phonet={0x23, 0x7, 0x3, 0x5}, 0x80, &(0x7f0000000900)}}], 0x2, 0x20008000)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r7, &(0x7f0000000000)=0x8, r7, 0x0, 0x4, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x3, 0x1, 0x5, 0xa, 0x3, 0x1, {0x5, 0x17d, 0x8, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x20000000, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080)=0x2, 0x7f03)

1m38.49922393s ago: executing program 1 (id=964):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000001a0000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r2, &(0x7f0000000500), &(0x7f0000000100)=@udp6=r0, 0x1}, 0x20)

1m38.471993448s ago: executing program 34 (id=964):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000001a0000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r2, &(0x7f0000000500), &(0x7f0000000100)=@udp6=r0, 0x1}, 0x20)

1.239488309s ago: executing program 3 (id=2484):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x3d, 0x2, 0x1, 0x28f1}]})

1.239335048s ago: executing program 3 (id=2485):
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000100)={0x200000, 0x200000, 0x0, 0x0, 0x8})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

1.160016957s ago: executing program 3 (id=2486):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.159869515s ago: executing program 3 (id=2487):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='sessionid\x00')
read$FUSE(r0, 0x0, 0x0)

1.159504632s ago: executing program 3 (id=2488):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000005a40)={[{@metadata_ratio={'metadata_ratio', 0x3d, 0x2}}, {}, {@compress_force}, {@nodiscard}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@clear_cache}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x67, 0x2d, 0x33, 0x74, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000f3c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x101042, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000080)={0x0, 0xfffffffffffff800, 0x7, 0x8, 0x0, [0x200c54, 0xd, 0x1, 0x1000]})

1.008688246s ago: executing program 4 (id=2492):
r0 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0x200, 0x0, 0xfffffdfa})

1.008406532s ago: executing program 4 (id=2493):
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
r2 = socket(0x200000000000011, 0x2, 0x0)
bind$packet(r2, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14)
syz_emit_ethernet(0x3e, &(0x7f00000010c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @multicast2, @local}, @redirect={0x3, 0x4, 0x0, @broadcast=0x1000000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xfffffffe, @rand_addr=0x64010102}}}}}}, 0x0)

947.134617ms ago: executing program 4 (id=2494):
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r1, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

946.865384ms ago: executing program 4 (id=2495):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
close(r0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x80c4)
clock_gettime(0x0, 0x0)
futimesat(r0, 0x0, 0x0)

733.452889ms ago: executing program 3 (id=2498):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="12015001020000102505a1a440000102030109025c0002010000000904000001020d00000524060001052400a2000d240f01f9fffffffdff18000006241a00003b090581030004000900090401"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000540)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x7, 0x84, 0x0, 0x0, 0xaf78, 0x0, 0x3264, 0x4993, 0x8, 0x7, 0x8001, 0x3}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

500.618624ms ago: executing program 5 (id=2500):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x880)

500.491896ms ago: executing program 5 (id=2501):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000001200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0xa, [@enum={0x2, 0x1, 0x0, 0x6, 0x4, [{0x6}]}]}, {0x0, [0x0, 0x61, 0x61, 0x2e, 0x2e, 0x5f, 0x30, 0x61]}}, 0x0, 0x36, 0x0, 0x1}, 0x28)

500.43251ms ago: executing program 5 (id=2502):
r0 = syz_open_dev$vivid(&(0x7f0000000180), 0x3, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000300)=@overlay={0x7, 0xb, 0x4, 0x100000, 0x1, {}, {0x4, 0x2, 0x0, 0xfd, 0x8, 0x7, "4f1510e6"}, 0x6, 0x3, {}, 0x6})

440.635744ms ago: executing program 5 (id=2503):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

440.388499ms ago: executing program 5 (id=2504):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x1008000, &(0x7f0000005780)=ANY=[@ANYBLOB="6e6f757365725f78617474722c6a71666d743d7666736f6c6400696e6c696e655f78617474725f73697a653d304fb23030303030303030303030306361372c6e6f71756f74612c64697361626c655f6578745c4964656e746966792c66617374626f6f742c6e6f61636cf5f8440630c5403499932c7265736769643de6ceb2f73cf94abb79a6a84a5d1e3e742ae8d8c206d235f5dfa3e4eea111eebdce7a13fd12bb2541d0b4c39a77ad39900369f63b12a124ed6c39d30740dcb78cbdf8b5f8bf7ccf7d73954d36ca4847d629bea1d23228de731f87842081d8d81238ef31a696213ea804bd1966fee0ac45e5ac5120fb0baab70a273e66d0816a8e83f7fe00eabe5754838f8c46577f32a49324e4e990e3dcdf876d7ec17aa56afe2a9a5af2bea152", @ANYRESHEX=0x0, @ANYBLOB="2c6e6f6508106500745f637c6368652c6e000000f30800000000"], 0x1, 0x54fd, &(0x7f0000000280)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd1Vn8AU7lFEXrjRN0pCZJLc0aVq7cuFSXPhNRMGVSz+DC9fuxIXiTlByz61OfQGhaeNMfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAqrKTwXEVcjYu6xo1LO/z5xNiIuRsSVSfKUs1K+9en18bXbP7zx01ffnDtz6bMvv53droFZez4i+lvpfLefYt5J8WE53xh3i9i/NS5jeqP/qBznKe62N4oMu42DdY0i3uyk9fnWznASN3uN5iR2upvF/NYgXXA47hzkKT7wsLFdjFvtjSJ2h3kRO/uprr399H/b/nCU8rTKfB8U6WM0Oohpvr3XTvvZelTE5mBUzqe8eau9N4njMpaXi2beaxV1bBzlm/5ve7M72NnLxu3tYTcfZLdr9Rdq9TvV+nbeao/at6qNfuvOrWyp05ssq47ajf5qJ887vXatmfeXs6VOs1mt17Olu+2NbmOQ1eu1m7Ub1dvL5dn17NX772S9VrY0iS93Bzujbm+YbebbWfrEcrZSu/nicnatnr21tp6tP7h3b2397ffuvnv/pbXXXykX/aWsbGnlxspKtX6julJfPkX7/6gseor7hyOpzLoAgCeP/h+YhePr/7cfRBx//x/6/6mYef97Vv8/y/3Dkej/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOre8WPn+tOFlM40vl/P/KqWfKcSUi5iLi178xH2cP5Zwv8yz8w/qFP9XwdSWKDJNrnCuPixGxWh6//P+4vwUAAAB4en3x4dVPUreeXhZnXRAnKd20mbv8/pTyVSJiYfH7KWWbm7w8O6Vkxb/vM7E3pWzFDazzU0qWbrmdmVa2f2X+UDj/WKikMHei5QAAACficCdwsl0IAAAAJ+njWRfAbFTi4FHmwbPg4i/v/3ggeOHQCAAAAHgCVWZdAAAAAHDsiv7f7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sXM/t4kDURyAnw1e2H9atNr7trI3KGNL2OMeIwpIE5RAWkgD1EBuKSGCCI+DQkSiSB7bCvo+yQxjwY8ZBId5Iw0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECX7qr14ubq93XbnN2+nTyzAQAAAM7ZVutF/WSW+l+b+9+bWz+bfhERZUScW7uP4tNJ5qjJqV55ffViDLcRdcLhMybN9SUi/jTXw4+uvwUAAAC4XJvlap5W6+lhNvSA6FMq2pTf/mbKKyKimt1nSisPeb8yhdW/73H8z5RWF7CmmcJSyW2cK+1d6r/7sWo3fdYUqSnffn+2uQMAAD0anTT9rkIAAADo07+hB8AwinjayjxuBU5S02zvfT7pAQAAAB9QMfQAAAAAgM7V63/n/wEAAMBlS+f/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KVttV5slqt525zdvp08swEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAR/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB487u//J+YGmeSudfG0vNIsnZqbJ0ae+fG0R/G168BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J+XFAiBIIiCOeN/J33/w0qCnkGECGh4VFGLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7od7/8n5gaZ5K508bS8UiydtXYumrsPWgcPRhv/wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42Lmf1ziqOADgb2Z2trYqrlH2EBEFD3qx221t7U08KMGDf4IQ0m2N3fijzcGWIuSgN8m5F9GjiKDEW/6HnBPIJd5y2EMEz8rMziSTH+CqdGaTfD7w5n13GOZ93yyEfOe9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0ujdgzjJDp1xHBfnNvceLWT91pE+s766PZu1LI7qTPp0eLn6Ieo2lwgAAADnR1LW9yGEnXRtLuvjTl7/p+U1Wc3//bPjuKznj9b9ZV/W/ln77dfdF/cH6ozHyW56e3E4uHI8ldaTm+V0e+4fr2jlTz5/95LkX0j8wcoLozR/ntG3GxvvtfPwQh3ZAgD/xeWyL4Ly96Gs7zeZGADnRqtSeJf1f9JpNicAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAOoxWwtNlHIUQZlsHcWZr79HCSf366vZs2W48frxavWd2izSEcHtxOLhS41ym3f0HD+/OD4eDe/UHr4QQmhr9nWL6dz+a4OIQGnk+ZzhY+jqE+gaNiy97OuZ+WoIGfygBAHAmpUXL6vqddG0uOxfNhPDXD4fr/9crcZiw/t/9+MZmdaxq/d+vbYbTr7e89Hnv/oOHby4uzd8Z3Bl8+tbV/tv9azevX7/Zy9+V9LwxAQAA4P9pF61a/8czx9f/L1XiMGH9/8V3/a+qYyXq/xMdLPo1nQkAAMD59vyrf/4RnXA+arfDl/PLy/f64+P+56vjYwOp/msXilat/5OZprMCAAAA6jBaiQ6t/9+qxGHC9f9nfnzp5+o9kxDCxWL9//LCZ8Nb9U1nqtXx58RNzxEAAIBmXSxadf0/zff/x/tbHuIQwhuvjePi3wBOVP8n73/zU3Ws6v7/a/VNcSrF3fHzyPtuCK1u0xkBAABwlj1VtKzY/z1dm/vkl0sftu3/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjb3wEAAP//vOk9Uw==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)

140.717658ms ago: executing program 5 (id=2505):
syz_mount_image$xfs(&(0x7f0000000200), &(0x7f0000000100)='./file1\x00', 0x8000, &(0x7f0000000040), 0x4, 0x9836, &(0x7f0000009b80)="$eJzs3Qm8rXPBuP11ODjmoUQqZEqjMUNK5qGkjJE5c8aQUOahDBUlVBSKpBRCReZZZjLP8zzP4/s5ziGdLvL83+d59Liu62PvNd177Xv9vvfvtte+91lrhUWWWWAwmGgwoldP/9FZ+92y6rLjL7HZ8fsMvfqgPZe8f+TVY444mXi+kafzjzxdYDAYDBl5P0NGXDd03uOOH20wdDD8v3803tjjjDbeYDDOyIsj72cw54iTcQ9/dbmXR4lXdOrh326PER+vNP7wOxl+ZuXVX9x4MBgMe93XD1+vmf/lgUpbYf5FF/mH1Wtuo428ecg/bnvldOiIj3EPHQzGPXjwxtvH8GXHeN3X/m82/HtONO1guVvehu/9f64V5l908VH8h8/F0UdeN+fwOT7qHDQ26na+5zIb3DtyCIeMHLihr5svb8d2///UCvMvssTgjefxYMmFt73n5Vf2m0MXGgyGLjwYDF1kMBi66NvtUf89va0bX1VVVb0tzb/AbMOfs482ys8Dw179uZZ+LjzvhVnuGAyGLjnieeLQ1V99LlhVVVVVVVVV/5nNv8BsC8Lz/4ne7Pn/1CftMnHP/6uqqqqqqqr+77T4/AvMNvy5/ijP/yd/s+f/j9x31GEj/vZ/vjlHfNVLb++DqKqqqqqqqqo3bZHF8fn/1G/2/P+C46a+uOf/VVVVVVVVVf93Wnq2RRYcvO519kZePeOrt9Pz/5PvvmmVt2t9q6qqqqqqquq/3ksPnnjKP17zfcrBKK/3/kojfy8w5OjTLr30bVvR/4yG/OvvQ3Z4u9fp/2/DnYcdOfVgsPFyb/eq1NvQ/5nXqq//kfJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3FvcPz/tdf/P/nYNV99L/gPTT/bNSf+4ytfee//oUsu/uCOb9Oqvx29U4//D9YfMhiM9J1o/cFgsOT8Sy8742AwOPGa2aafbvDabXMNv22eSUZ/5Q3iX/1nIgtPzHe8wzQjTodvKIN3v3YfR79y/4u/fMjoQ0ZZidc18QmHHbbeCk/PPurpDG/8OEZ77dz4x9/36r9lGW2UhYa9wRe/ev+vPpZRnUeu+4zD132mLTbadKbNt97m4+tvtMa6a6+79sZzzzrHLLPPPfccc8y0zvobrj3ziM9vNGZTv/J5wbcyZuONOmYPzv/6MRv1sb3RmE395mP2yj3ue/6wz746ZkP/i2O24JuP2dTrj/xGE883xmD1V8ZmyGAw8UJjDLYafmGWsQaDiRceuezkw5f99CSjDQZ7/+OBDj831mvb4JAdhi+zwiLLLDBiNzUY/OP0H73B+9mPOXLN5xt5Ov/I0wVGfJuJBv/YFIfOe9zxow0fi38ajvHGHme08QaDcUZeHHk/g7lHnIxz0qvLvcH7rI+yoq+8zMoeIz5eafzBYDDu8DNTrnHyrsOH/n/hfdr/n/7//y9ecw15bXscMvJj5DIjvOZfdPF/fK9XhmH42I0+8ro5h5v8N7+1/T/1L+s79bDB1G+yvm/yujivRNvXhidOutN/1+vi0PpO/ibr+yav4/uG67v8HQfcO+Ku/tvWd5R93RKvfJ7vrezrBm++rxud7mDtiz4w6r7u82+8iv+0u3x1jMYaZaE32tdNfuBUOwy///nefF+3xPB1H+Of9nWjDQYTL/jqvm74jm+RMQZ7D78w6/ALi44xOGL4hdleuTD24LThFz6x5iYbrjX8isX+dTuYccg//YEmzLNFRplnQ1732IeM8vedQ0ecjnvoq+/h9Ab7zSEjH9a/3VfQdjvRm6zvm7z/FI7z8OvWOmbYpP9d7z9F6zvszdf3jd4v+w3Xd6+nTr7lv3l9X5tnY7xuuBZ7K/Ns6n+eZ8Mf4uivmxlv9eewtWD5Eecnf+3ettzuvtd+phhjlPv9dz9TLPbm82yi9Uf5ut0PHgx5s7FZ9K2Mzfv/ZR+04+vH5q3+vDXjtCNuH/1NxmasuVed4dWxGfO/ODaL/lfHZr7B6P88NkMHCw8Gg+lG7h8WeStjM/mbj81b3W7GgeVHnF/7tasW2vPIc14dm1HH4t+NzSL/1bGZ+rXtZrpXbptmtMGYYw62WmOLLTabZcTnVy/OOuLzm8/Bhd7KWE703zOWUwx9o7H8x6Y63h0XH/pv5uC/7NNfvf+F/qtjOXhtLAfrjzpZ6j+1fv/nLn93+bvL313+7vJ3l7+4Nzj+/9rr/+8/0Tz7jPzlxhgXTzXZbm/3+r7NvaOP/4/0/afj/7tNNtXFow1eu+1Nj8+OWOY/8vjsnCNOxj381eVGPT7IK/rGx2cPnnvOXf6Xjs/+P/XqXH0Lv4dr/+8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vIX9wbH/2d+9e8A7p5lqcdGHggd4/6dV1rq7V7ft7l39PH/kb7/dPx/qZV2vn+0wWu3venx/xHLOI7/3/b8Inv9Jx//f3Wudvy//k35u0P/UV8DpN6xNf/d5e8uf3f5u8vfXf7u8neXv7v83eXvLn9xb3D8f75X/w7gqKMO2ObVvwe4cuI9Tny71/dt7p16/L/3//fW/t9d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eUvbuTx/8Eob2/5pbYLDI7//9/uDfyXyh+z+C+dPzXaYODwXyZ/zDL/l80fs/gvlz9m8V8+f8zi/+X8MYv/CvljFv8V88cs/l/JH7P4r5Q/ZvFfOX/M4r9K/pjFf9X8MYv/avljFv/V88cs/mvkj1n8v5o/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv9188cs/uvlj1n8188fs/h/LX/M4r9B/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8N80fs/h/PX/M4r9Z/pjFf/P8MYv/FvljFv9v5I9Z/LfMH7P4fzN/zOK/Vf6YxX/r/DGL/zb5Yxb/b+WPWfy/nT9m8d82f8ziv13+mMV/+/wxi/8O+WMW/x3zxyz+O+WPWfx3zh+z+O+SP2bx3zV/zOK/W/6Yxf87+WMW/+/mj1n8d88fs/jvkT9m8d8zf8ziv1f+mMX/e/ljFv/v549Z/H+QP2bx3zt/zOK/T/6Yxf+H+WMW/x/lj1n8980fs/j/OH/M4r9f/pjFf//8MYv/AfljFv+f5I9Z/H+aP2bx/1n+mMX/wPwxi/9B+WMW/5/nj1n8f5E/ZvE/OH/M4n9I/pjF/9D8MYv/L/PHLP6/yh+z+B+WP2bxPzx/zOL/6/wxi/8R+WMW/9/kj1n8j8wfs/j/Nn/M4v+7/DGL/1H5Yxb/3+ePWfz/kD9m8T86f8zif0z+mMX/2Pwxi/8f88cs/sflj1n8j88fs/ifkD9m8f9T/pjF/8/5Yxb/v+SPWfxPzB+z+J+UP2bx/2v+mMX/5Pwxi/8p+WMW/1Pzxyz+p+WPWfxPzx+z+J+RP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7n5Y9Z/M/PH7P4X5A/ZvH/W/6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/3/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzxyz+L+WPWfxfzh+T+A8Z5I9Z/Ifkj1n8R8sfs/iPnj9m8R+aP2bxHyN/zOI/Zv6YxX+s/DGL/7D8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+78ofs/i/O3/M4j9p/pjF/z35Yxb/yfLHLP6T549Z/N+bP2bxnyJ/zOL/vvwxi//788cs/h/IH7P4T5k/ZvGfKn/M4j91/pjF/4P5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4v+h/DGL/4z5Yxb/D+ePWfw/kj9m8f9o/pjF/2P5Yxb/j+ePWfw/kT9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/9nyxyz+s+ePWfw/mT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/0/lj1n858kfs/h/On/M4v+Z/DGL/7z5Yxb/z+aPWfznyx+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvH/XP6Yxf/z+WMW/yXyxyz+X8gfs/gvmT9m8f9i/pjF/0v5Yxb/pfLHLP5L549Z/JfJH7P4L5s/ZvFfLn/M4r98/pjF/8v5Yxb/FfLHLP4r5o9Z/L+SP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP6r549Z/NfIH7P4fzV/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvH/Wv6YxX+D/DGL/4b5Yxb/jXT+Y7+lpSz+G+v831oW/03yxyz+m+aPWfy/nj9m8d8sf8ziv3n+mMV/i/wxi/838scs/lvmj1n8v5k/ZvHfKn/M4r91/pjFf5v8MYv/t/LHLP7fzh+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4v+d/DGL/3fzxyz+u+ePWfz3yB+z+O+ZP2bx3yt/zOL/vfwxi//388cs/j/IH7P4750/ZvHfJ3/M4v/D/DGL/4/yxyz+++aPWfx/nD9m8d9vhP8Ub9dq/adm8d+/+Y9Z/A/IH7P4/yR/zOL/0/wxi//P8scs/gfmj1n8D8ofs/j/PH/M4v+L/DGL/8H5Yxb/Q/LHLP6H5o9Z/H+ZP2bx/1X+mMX/sPwxi//h+WMW/1//s/9d/+vr9R+axf+I5j9m8f9N/pjF/8j8MYv/b/PHLP6/yx+z+B+VP2bx/33+mMX/D/ljFv+j88cs/sfkj1n8j80fs/j/MX/M4n9c/pjF//j8MYv/CfljFv8/5Y9Z/P+cP2bx/0v+mMX/xPwxi/9J+WMW/7/mj1n8T84fs/ifkj9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/zP/jf+w/+n1+g/N4n9W8x+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHJP6vlP+/JvEfcmH+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf/v+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6jNHTkqcP/hvwxy/y/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxif8rZ/P/1yz+Q/LHLP6j5Y9Z/EfPH7P4D80fs/iPkT9m8R8zf8ziP1b+mMV/WP6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv935Y9Z/N+dP2bxnzR/zOL/nvwxi/9k+WMW/8nzxyz+780fs/hPkT9m8X9f/pjF//35Yxb/D+SPWfynzB+z+E+VP2bxnzp/zOL/wfwxi/80+WMW/2nzxyz+0+WPWfynzx+z+M+QP2bx/1D+mMV/xvwxi/+H88cs/h/JH7P4fzR/zOL/sfwxi//H88cs/p/IH7P4z5Q/ZvGfOX9syFn7jTEYDN7x/rPkj1nm/6z5Yxb/2fLHLP6z549Z/D+ZP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/T+WPWfznyR+z+H86f8zi/5n8MYv/vPljFv/P5o9Z/OfLH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/wvljFv9F8scs/ovmj1n8F8sfs/gvnj9m8f9c/pjF//P5Yxb/JfLHLP5fyB+z+C+ZP2bx/2L+mMX/S/ljFv+l8scs/kvnj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/y/ljFv8V8scs/ivmj1n8v5I/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/qvnj1n818gfs/h/NX/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8f9a/pjFf4P8MYv/hvljFv+N8scs/hvnj1n8N8kfs/hvmj9m8f96/pjFf7P8MYv/5vljFv8t8scs/t/IH7P4b5k/ZvH/Zv6YxX+r/DGL/9b5Yxb/bfLHLP7fyh+z+H87f8ziv23+mMV/u/wxi//2+WMW/x3yxyz+O+aPWfx3yh+z+O+cP2bx3yV/zOK/a/6YxX+3/DGL/3fyxyz+380fs/jvnj9m8d8jf8ziv2f+mMV/r/wxi//38scs/t/PH7P4/yB/zOK/d/6YxX+f/DGL/w/zxyz+P8ofs/jvmz9m8f9x/pjFf7/8MYv//vljFv8D8scs/j/JH7P4/zR/zOL/s/wxi/+B+WMW/4Pyxyz+P88fs/j/In/M4n9w/pjF/5D8MYv/ofljFv9f5o9Z/H+VP2bxPyx/zOJ/eP6Yxf/X+WMW/yPyxyz+v8kfs/gfmT9m8f9t/pjF/3f5Yxb/o/LHLP6/zx+z+P8hf8zif3T+mMX/mPwxi/+x+WMW/z/mj1n8j8sfs/gfnz9m8T8hf8zi/6f8MYv/n/PHLP5/yR+z+J+YP2bxPyl/zOL/1/wxi//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v+3/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+/549Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cPybxH32QP2bxH5I/ZvEfLX/M4j96/pjFf2j+mMV/jPwxi/+Y+WMW/7Hyxyz+w/LHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/i/K3/M4v/u/DGL/6T5Yxb/9+SPWfwnyx+z+E+eP2bxf2/+mMV/ivwxi//78scs/u/PH7P4fyB/zOI/Zf6YxX+q/DGL/9T5Yxb/D+aPWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4fyxyz+M+aPWfw/nD9m8f9I/pjF/6P5Yxb/j+WPWfw/nj9m8f9E/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8Z8sfs/jPnj9m8f/km/uP9T++Xv+hWfznaP5jFv8588cs/nPlj1n8584fs/h/Kn/M4j9P/pjF/9P5Yxb/z+SPWfznzR+z+H82f8ziP1/+mMV//vwxi/8C+WMW/wXzxyz+C+WPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/+fyxyz+n88fs/gvkT9m8f9C/pjFf8n8MYv/F/PHLP5fyh+z+C+VP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP5fzh+z+K+QP2bxXzF/zOL/lfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOK/Rv6Yxf+r+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6YxX/9/DGL/9fyxyz+G+SPWfw3zB+z+G+UP2bx3zh/zOK/Sf6YxX/T/DGL/9fzxyz+m+WPWfw3zx+z+G+RP2bx/0b+mMV/y/wxi/8388cs/lvlj1n8t84fs/hvkz9m8f9W/pjF/9v5Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvHfMX/M4r9T/pjFf+f8MYv/LvljFv9d88cs/rvlj1n8v5M/ZvH/bv6YxX/3/DGL/x75Yxb/PfPHLP575Y9Z/L+XP2bx/37+mMX/B/ljFv+988cs/vvkj1n8f5g/ZvH/Uf6YxX/f/DGL/4/zxyz+++WPWfz3zx+z+B+QP2bx/0n+mMX/p/ljFv+f5Y9Z/A/MH7P4H5Q/ZvH/ef6Yxf8X+WMW/4Pzxyz+h+SPWfwPzR+z+P8yf8zi/6v8MYv/YfljFv/D88cs/r/OH7P4H5E/ZvH/Tf6Yxf/I/DGL/2/zxyz+v8sfs/gflT9m8f99/tg73n/YK2dH/0P+2Dvef0SjH50/ZvE/Jn/M4n9s/pjF/4/5Yxb/4/LHLP7H549Z/E/IH7P4/yl/zOL/5/wxi/9f8scs/ifmj1n8T8ofs/j/NX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+P8tf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf/v+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj0n8hw7yxyz+Q/LHLP6j5Y9Z/EfPH7P4D80fs/iPkT9m8R8zf8ziP1b+mMV/WP6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv935Y+96v/8sS+/0jvV/935Y5b5P2n+mMX/PfljFv/J8scs/pPnj1n835s/ZvGfIn/M4v++/DGL//vzxyz+H8gfs/hPmT9m8Z8qf8ziP3X+mMX/g/ljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8zi/6H8MYv/jPljFv8P549Z/D+SP2bx/2j+mMX/Y/ljFv+P549Z/D+RP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/2fLHLP6z549Z/D+ZP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/T+WPWfznyR+z+H86f8zi/5n8MYv/vPljFv/P5o9Z/OfLH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/wvljFv9F8scs/ovmj1n8F8sfs/gvnj9m8f9c/pjF//Nv4m/eLiz+S8id3yiL/xfyxyz+S+aPWfy/mD9m8f9S/pjFf6n8MYv/0vljFv9l8scs/svmj1n8l8sfs/gvnz9m8f9y/pjFf4X8MYv/ivljFv+v5I9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv818scs/l/NH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8v5Y/ZvHfIH/M4r9h/pjFf6P8MYv/xvljFv9N8scs/pvmjw05a7+hg8HgHe//9fwxy/zfLH/M4r95/pjFf4v8MYv/N/LHLP5b5o9Z/L+ZP2bx3yp/zOK/df6YxX+b/DGL/7fyxyz+384fs/hvmz9m8d8uf8ziv33+mMV/h/wxi/+O+WMW/53yxyz+O+ePWfx3yR+z+O+aP2bx3y1/zOL/nfwxi/9388cs/rvnj1n898gfs/jvmT9m8d8rf8zi/738MYv/9/PHLP4/yB+z+O+dP2bx3yd/zOL/w/wxi/+P8scs/vvmj1n8f5w/ZvHfL3/M4r9//pjF/4D8MYv/T/LHLP4/zR+z+P8sf8zif2D+mMX/oPwxi//P88cs/r/IH7P4H5w/ZvE/JH/M4n9o/pjF/5f5Yxb/X+WPWfwPyx+z+B+eP2bx/3X+mMX/iPwxi/9v8scs/kfmj1n8f5s/ZvH/Xf6Yxf+o/DGL/+/zxyz+f8gfs/gfnT9m8T8mf8zif2z+mMX/j/ljFv/j8scs/sfnj1n8T8gfs/j/KX/M4v/n/DGL/1/yxyz+J+aPWfxPyh+z+P81f8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4/y1/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/+/5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePSfzHGOSPWfyH5I9Z/EfLH7P4j54/ZvEfmj9m8R8jf8ziP2b+mMV/rPwxi/+w/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/u/KH7P4vzt/zOI/af6Yxf89+WMW/8nyxyz+k+ePWfzfmz9m8Z8if8zi/778MYv/+/PHLP4fyB+z+E+ZP2bxnyp/zOI/df6Yxf+D+WMW/2nyxyz+0+aPWfynyx+z+E+fP2bxnyF/zOL/ofwxi/+M+WMW/w/nj1n8P5I/ZvH/aP6Yxf9j+WMW/4/nj1n8P5E/ZvGfKX/M4j9z/pjFf5b8MYv/rPljFv/Z8scs/rPnj1n8P5k/ZvGfI3/M4j9n/pjFf678MYv/3PljFv9P5Y9Z/OfJH7P4fzp/zOL/mfwxi/+8+WMW/8/mj1n858sfs/jPnz9m8V8gf8ziv2D+mMV/ofwxi//C+WMW/0Xyxyz+i+aPWfwXyx+z+C+eP2bx/1z+mMX/8/ljFv8l8scs/l/IH7P4L5k/ZvH/Yv6Yxf9L+WMW/6Xyxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOK/fP6Yxf/L+WMW/xXyxyz+K+aPWfy/kj9m8V8pf8ziv3L+mMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfzXyB+z+H81f8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx/1r+mMV/g/wxi/+G+WMW/43yxyz+G+ePWfw3yR+z+G+aP2bx/3r+mMV/s/wxi//m+WMW/y3yxyz+38gfs/hvmT9m8f9m/pjFf6v8MYv/1vljFv9t8scs/t/KH7P4fzt/zOK/bf6YxX+7/DGL//b5Yxb/HfLHLP475o9Z/HfKH7P475w/ZvHfJX/M4r9r/pjFf7f8MYv/d/LHLP7fzR+z+O+eP2bx3yN/zOK/Z/6YxX+v/DGL//fyxyz+388fs/j/IH/M4r93/pjFf5/8MYv/D/PHLP4/yh+z+O+bP2bx/3H+mMV/v/wxi//++WMW/wPyxyz+P8kfs/j/NH/M4v+z/DGL/4H5Yxb/g/LHLP4/zx+z+P8if8zif3D+mMX/kPwxi/+h+WMW/1/mj1n8f5U/ZvE/LH/M4n94/pjF/9f5Yxb/I/LHLP6/yR+z+B+ZP2bx/23+mMX/d/ljFv+j8scs/r/PH7P4/yF/zOJ/dP6Yxf+Y/DGL/7H5Yxb/P+aPWfyPyx+z+B+fP2bxPyF/zOL/p/wxi/+f88cs/n/JH7P4n5g/ZvE/KX/M4v/X/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zi/7f8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/7/nj1n8r8ofs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/JvEfc5A/ZvEfkj9m8R8tf8ziP3r+mMV/aP6YxX+M/DGL/5j5Yxb/sfLHLP7D8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMV/gvwxi/+E+WMW/4nyxyz+E+ePWfwnyR+z+L8rf8zi/+78MYv/pPljFv/35I9Z/CfLH7P4T54/ZvF/71vwH/o/uV7/oVn8p2j+Yxb/9+WPWfzfnz9m8f9A/pjFf8r8MYv/VPljFv+p88cs/h/MH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8P5Y9Z/GfMH7P4fzh/zOL/kfwxi/9H88cs/h/LH7P4fzx/zOL/ifwxi/9M+WMW/5nzxyz+s+SPWfxnzR+z+M+WP2bxnz1/zOL/yfwxi/8c+WMW/znzxyz+c+WPWfznzh+z+H8qf8ziP0/+mMX/0/ljFv/P5I9Z/OfNH7P4fzZ/zOI/X/6YxX/+/DGL/wL5Yxb/BfPHLP4L5Y9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/5/LHLP6fzx+z+C+RP2bx/0L+mMV/yfwxi/8X88cs/l/KH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/cvljFv/l88cs/l/OH7P4r5A/ZvFfMX/M4v+V/DGL/0r5Y+9Q/yGjWI+5cv7YO9T/lV4//1fJH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/V/PHLP5r5o9Z/NfKH7P4r50/ZvFfJ3/M4r9u/pjFf738MYv/+vljFv+v5Y9Z/DfIH7P4b5g/ZvHfKH/M4r9x/pjFf5P8MYv/pvljFv+v549Z/DfLH7P4b54/ZvHfIn/M4v+N/DGL/5b5Yxb/b+aPWfy3yh+z+G+dP2bx3yZ/zOL/rfwxi/+388cs/tvmj1n8t8sfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi//O+WMW/13yxyz+u+aPWfx3yx+z+H8nf8zi/938MYv/7vljFv898scs/nvmj1n898ofs/h/L3/M4v/9/DGL/w/yxyz+e+ePWfz3yR+z+P8wf8zi/6P8MYv/vvljFv8f549Z/PfLH7P4758/ZvE/IH/M4v+T/DGL/0/zxyz+P8sfs/gfmD9m8T8of8zi//P8MYv/L/LHLP4H549Z/A/JH7P4H5o/ZvH/Zf6Yxf9X+WMW/8Pyxyz+h+ePWfx/nT9m8T8if8zi/5v8MYv/kfljFv/f5o9Z/H+XP2bxPyp/zOL/+/wxi/8f8scs/kfnj1n8j8kfs/gfmz9m8f9j/pjF/7j8MYv/8fljFv8T8scs/n/KH7P4/9nnv/1bWcji/xef/1vK4n9i/pjF/6T8MYv/X53+D/+7BSz+Jzv9/20W/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M9z+c9xx1tc0OJ/vsv/LWfxvyB/zOL/t/wxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/v+ePWfyvyh+z+F+dP2bxvyZ/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Y6/4DwbveP8n8h+MDddZ5v+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549J/Mca5I9Z/Ifkj1n8R8sfs/iPnj9m8R+aP2bxHyN/zOI/Zv6YxX+s/DGL/7D8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+Y9s2D9dsvhPkj9m8X9X/pjF/935Yxb/SfPHLP7vyR+z+E+WP2bxnzx/zOL/3vwxi/8U+WMW//flj1n8358/ZvH/QP6YxX/K/DGL/1T5Yxb/qfPHLP4fzB+z+E+TP2bxnzZ/zOI/Xf7YO9F/8MLLr/R6/+nzx96J/jT/Z8gfs/h/KH/M4j9j/pjF/8P5Yxb/j+SPWfw/mj9m8f9Y/pjF/+P5Yxb/T+SPWfxnyh+z+M+cP2bxnyV/zOI/a/6YxX+2/DGL/+z5Yxb/T+aPWfznyB+z+M+ZP2bxnyt/zOI/d/6Yxf9T+WMW/3nyxyz+n84fs/h/Jn/M4j9v/pjF/7P5Yxb/+fLHLP7z549Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8P5c/ZvH/fP6YxX+J/DGL/xfyxyz+S+aPWfy/mD9m8f9S/pjFf6n8MYv/0vljFv9l8scs/svmj1n8l8sfs/gvnz9m8f9y/pjFf4X8MYv/ivljFv+v5I9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv818scs/l/NH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8v5Y/ZvHfIH/M4r9h/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8v54/ZvHfLH/M4r95/pjFf4v8MYv/N/LHLP5b5o9Z/L+ZP2bx3yp/zOK/df6YxX+b/DGL/7fyxyz+384fs/hvmz9m8d8uf8ziv33+mMV/h/wxi/+O+WMW/53yxyz+O+ePWfx3yR+z+O+K/m0RFv/d0sYs/t/JH7P4fzd/zOK/e/6YxX+P/DGL/575Yxb/vfLHLP7fyx+z+H8/f8zi/4P8MYv/3kb/sf79Ihb/fYz+byGL/w/zxyz+P8ofs/jvmz9m8f9x/pjFf7/8MYv//vljFv8D8scs/j/JH7P4/zR/zOL/s/wxi/+B+WMW/4Pyxyz+P88fs/j/In/M4n9w/pjF/5D8MYv/ofljFv9f5o9Z/H+VP2bxPyx/zOJ/eP6Yxf/X+WMW/yPyxyz+v8kfs/gfmT9m8f9t/pjF/3f5Yxb/o/LHLP6/zx+z+P8hf8zif3T+mMX/mPwxi/+x+WMW/z/mj1n8j8sfs/gfnz9m8T8hf8zi/6f8MYv/n/PHLP5/yR+z+J+YP2bxPyl/zOL/1/wxi//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v+3/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+/549Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cPybxHzbIH7P4D8kfs/iPlj9m8R89f8ziPzR/zOI/Rv6YxX/M/DGL/1j5Yxb/YfljFv+x88cs/uPkj1n8x80fs/iPlz9m8R8/f8ziP0H+mMV/wvwxi/9E+WMW/4nzxyz+k+SPWfzflT9m8X93/pjFf9L8MYv/e/LHLP6T5Y9Z/CfPH7P4vzd/zOI/Rf6Yxf99+WMW//fnj1n8P5A/ZvGfMn/M4j9V/pjFf+r8MYv/B/PHLP7T5I9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjF/0P5Yxb/GfPHLP4fzh+z+H8kf8zi/9H8MYv/x/LHLP4fzx+z+H8if8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+s+WPWfxnzx+z+H8yf8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+n8ofs/jPkz9m8f90/pjF/zP5Yxb/efPHLP6fzR+z+M+XP2bxnz9/zOK/QP6YxX/B/DGL/0L5Yxb/hfPHLP6L5I9Z/BfNH7P4L5Y/ZvFfPH/M4v+5/DGL/+fzxyz+S+SPWfy/kD9m8V8yf8zi/8X8MYv/l/LHLP5L5Y9Z/JfOH7P4L5M/ZvFfNn/M4r9c/pjFf/n8MYv/l/PHLP4r5I9Z/FfMH7P4fyV/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP6r5Y9Z/FfPH7P4r5E/ZvH/av6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvFfP3/M4v+1/DGL/wb5Yxb/DfPHLP4b5Y9Z/DfOH7P4b5I/ZvHfNH/M4v/1/DGL/2b5Yxb/zfPHLP5b5I9Z/L+RP2bx3zJ/zOL/zfwxi/9W+WMW/63zxyz+2+SPWfy/lT9m8f92/pjFf9v8MYv/dvljFv/t88cs/jvkj1n8d8wfs/jvlD9m8d85f8ziv0v+mMV/1/wxi/9u+WMW/+/kj1n8v5s/ZvHfPX/M4r9H/pjFf8/8MYv/XvljFv/v5Y9Z/L+fP2bx/0H+mMV/7/wxi/8++WMW/x/mj1n8f5Q/ZvHfN3/M4v/j/DGL/375Yxb//fPHLP4H5I9Z/H+SP2bx/2n+mMX/Z/ljFv8D88cs/gflj1n8f54/ZvH/Rf6Yxf/g/DGL/yH5Yxb/Q/PHLP6/zB+z+P8qf8zif1j+mMX/8Pwxi/+v88cs/kfkj1n8f2PxX/Ox/9LiFv8jLf7/xSz+v80fs/j/Ln/M4n9U/pjF//f5Yxb/P+SPWfyPzh+z+B+TP2bxPzZ/zOL/x/wxi/9x+WMW/+Pzxyz+J+SPWfz/lD9m8f9z/pjF/y/5Yxb/E/PHLP4n5Y9Z/P+aP2bxPzl/zOJ/Sv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8/5Y/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/hfkT9m8b8yf8zi//f8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHJP5jD/LHLP5D8scs/qPlj1n8R88fs/gPzR+z+I+RP2bxHzN/zOI/Vv6YxX9Y/pjFf+z8MYv/OPljFv9x88cs/uPlj1n8x88fs/hPkD9m8Z8wf8ziP1H+mMV/4vwxi/8k+WMW/3flj1n8350/ZvGfNH/M4v+e/DGL/2T5Yxb/yfPHLP7vzR+z+E+RP2bxf1/+mMX//fljFv8P5I9Z/KfMH7P4T5U/ZvGfOn/M4v/B/DGL/zT5Yxb/afPHLP7T5Y9Z/KfPH7P4z5A/ZvH/UP6YxX/G/DGL/4fzxyz+H8kfs/h/NH/M4v+x/DGL/8fzxyz+n8gfs/jPlD9m8Z85f8ziP0v+mMV/1vwxi/9s+WOv+E81GAze4f6z549Z5v8n88cs/nPkj1n858wfs/jPlT9m8Z87f8zi/6n8MYv/PPljFv9P549Z/D+TP2bxnzd/zOL/2fwxi/98+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bxXzh/zOK/SP6YxX/R/DGL/2L5Yxb/xfPHLP6fyx+z+H8+f8ziv0T+mMX/C/ljFv8l88cs/l/MH7P4fyl/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP7L5Y9Z/JfPH7P4fzl/zOK/Qv6YxX/F/DGL/1fyxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6YxX/1/DGL/xr5Yxb/r+aPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/9fPHLP5fyx+z+G+QP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/TfPHLP5fzx+z+G+WP2bx3zx/zOK/Rf6Yxf8b+WMW/y3zxyz+38wfs/hvlT9m8d86f8ziv03+mMX/W/ljFv9v549Z/LfNH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/TvljFv+d88cs/rvkj1n8d80fs/jvlj9m8f9O/pjF/7v5Yxb/3fPHhpy131Mjz76j/ffIH7PM/z3zxyz+e+WPWfy/lz9m8f9+/pjF/wf5Yxb/vfPHLP775I9Z/H+YP2bx/1H+mMV/3/wxi/+P88cs/vvlj1n8988fs/gfkD9m8f9J/pjF/6f5Yxb/n+WPWfwPzB+z+B+UP2bx/3n+mMX/F/ljFv+D88cs/ofkj1n8D80fs/j/Mn/M4v+r/DGL/2H5Yxb/w/PHLP6/zh+z+B+RP2bx/03+mMX/yPwxi/9v88cs/r/LH7P4H5U/ZvH/ff6Yxf8P+WMW/6Pzxyz+x+SPWfyPzR+z+P8xf8zif1z+mMX/+Pwxi/8J+WMW/z/lj1n8/5w/ZvH/S/6Yxf/E/DGL/0n5Yxb/v+aPWfxPzh+z+J+SP2bxPzV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv+/5Y9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/j/PX/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGJ/ziD/DGL/5D8MYv/aPljFv/R88cs/kPzxyz+Y+SPWfzHzB+z+I+VP2bxH5Y/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv/x88cs/hPkj1n8J8wfs/hPlD9m8Z84f8ziP0n+mMX/XfljFv93549Z/CfNH7P4vyd/zOI/Wf6YxX/y/DGL/3vzxyz+U+SPWfzflz9m8X9//pjF/wP5Yxb/KfPHLP5T5Y9Z/KfOH7P4fzB/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/D+UP2bxnzF/zOL/4fwxi/9H8scs/h/NH7P4fyx/zOL/8fwxi/8n8scs/jPlj1n8Z84fs/jPkj9m8Z81f8ziP1v+mMV/9vwxi/8n88cs/nPkj1n858wfs/jPlT9m8Z87f8zi/6n8MYv/PPljFv9P549Z/D+TP2bxnzd/zOL/2fwxi/98+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bxXzh/zOK/SP6YxX/R/DGL/2L5Yxb/xfPHLP6fyx+z+H8+f8ziv0T+mMX/C/ljFv8l88cs/l/MH7P4fyl/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP7L5Y9Z/JfPH7P4fzl/zOK/Qv6YxX/F/DGL/1fyxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6YxX/1/DGL/xr5Yxb/r+aPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/9fPHLP5fyx+z+G+QP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/TfPHLP5fzx+z+G+WP2bx3zx/zOK/Rf6Yxf8b+WMW/y3zxyz+38wfs/hvlT9m8d86f8ziv03+mMX/W/ljFv9v549Z/LfNH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/TvljFv+d88cs/rvkj1n8d80fs/jvlj9m8f9O/pjF/7v5Yxb/3fPHLP575I9Z/PfMH7P475U/ZvH/Xv6Yxf/7+WMW/x/kj1n8984fs/jvkz9m8f9h/pjF/0f5Yxb/ffPHLP4/zh+z+O+XP2bx3z9/zOJ/QP6Yxf8n+WMW/5/mj1n8f5Y/ZvE/MH/M4n9Q/pjF/+f5Yxb/X+SPWfwPzh+z+B+SP2bxPzR/zOL/y/wxi/+v8scs/oflj1n8D88fs/j/On/M4n9E/pjF/zf5Yxb/I/PHLP6/zR+z+P8uf8zif1T+mMX/9/ljFv8/5I9Z/I/OH7P4H5M/ZvE/Nn/M4v/H/DGL/3H5Yxb/4/PHLP4n5I9Z/P+UP2bx/3P+mMX/L/ljFv8T88cs/iflj1n8/5o/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfz/lj9m8b8wf8zif1H+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOL/9/wxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/oPB6P96lcX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyT+4w7yxyz+Q/LHLP6j5Y9Z/EfPH7P4D80fs/iPkT9m8R8zf8ziP1b+mMV/WP6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv935Y9Z/N+dP2bxnzR/zOL/nvwxi/9k+WMW/8nzxyz+780fs/hPkT9m8X9f/pjF//35Yxb/D+SPWfynzB+z+E+VP2bxnzp/zOL/wfwxi/80+WMW/2nzxyz+0+WPWfynzx+z+M+QP2bx/1D+mMV/xvwxi/+H88cs/h/JH7P4fzR/zOL/sfwxi//H88cs/p/IH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/bPljFv/Z88cs/p/MH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/p/LHLP7z5I9Z/D+dP2bx/0z+mMV/3vwxi/9n88cs/vPlj1n8588fs/gvkD9m8V8wf8ziv1D+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+H8uf8zi//n8MYv/EvljFv8v5I9Z/JfMH7P4fzF/zOL/pfwxi/9S+WMW/6Xzxyz+y+SPWfyXzR+z+C+XP2bxXz5/zOL/5fwxi/8K+WMW/xXzxyz+X8kfs/ivlD9m8V85f8ziv0r+mMV/1fwxi/9q+WMW/9Xzxyz+a+SPWfy/mj9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+H8tf8ziv0H+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfw3zR+z+H89f8ziv1n+mMV/8/wxi/8W+WMW/2/kj1n8t8wfs/h/M3/M4r9V/pjFf+v8sXeu/xUvv95/m/yxd67/P8//b+WPWfy/nT9m8d82f8ziv13+mMV/+/wxi/8O+WMW/x3zxyz+O+WPWfx3zh+z+O+SP2bx3zV/zOK/W/6Yxf87+WMW/+/mj1n8d88fs/jvkT9m8d8zf8ziv1f+mMX/e/ljFv/v549Z/H+QP2bx3zt/zOK/T/6Yxf+H+WMW/x/lj1n8980fs/j/OH/M4r9f/pjFf//8MYv/AfljFv+f5I9Z/H+aP2bx/1n+mMX/wPwxi/9B+WMW/5/nj1n8f5E/ZvE/OH/M4n9I/pjF/9D8MYv/L/PHLP6/yh+z+B+WP2bxPzx/zOL/6/wxi/8R+WMW/9/kj1n8j8wfs/j/Nn/M4v+7/DGL/1H5Yxb/3+ePWfz/kD9m8T86f8zif0z+mMX/2Pwxi/8f88cs/sflj1n8j88fs/ifkD9m8f9T/pjF/8/5Yxb/v+SPWfxPzB+z+J+UP/aq/2DYYPBO9v9r/phl/p+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/n/LH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8f/7v/q3OYj8rwocs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35YyP8B4PBDu9s/zvyxyzz/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88ck/uMN8scs/kPyx97J/q/zHm+0/LF3sv/r5//o+WMW/6H5Yxb/Md7A/+prRl/tf2vV/hOz+I/Z/Mcs/mPlj1n8h+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/P+lHUT+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6Yxf9d+WMW/3fnj1n8J80fs/i/J3/M4j9Z/pjFf/L8MYv/e/PHLP5T5I9Z/N+XP2bxf3/+mMX/A/ljFv8p88cs/lPlj1n8p84fs/h/MH/M4j9N/pjFf9r8MYv/dPljFv/p88cs/jPkj1n8P5Q/ZvGfMX/M4v/h/DGL/0fyxyz+H80fs/h/LH/M4v/x/DGL/yfyxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOI/W/6YxX/2/DGL/yfzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOL/qfwxi/88+WMW/0/nj1n8P5M/ZvGfN3/M4v/Z/DGL/3z5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/p/LH7P4fz5/zOK/RP6Yxf8L+WMW/yXzxyz+X8wfs/h/KX/M4r9U/pjFf+n8MYv/MvljFv9l88cs/svlj1n8l88fs/h/OX/M4r9C/pjFf8X8MYv/V/LHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjFf/X8MYv/GvljFv+v5o9Z/NfMH7P4r2X0fwsP2OK/ttH/LWTxXyd/zOK/bv6YxX+9/DGL//r5Yxb/r+WPWfw3yB+z+G+YP2bx3yh/zOK/cf6YxX+T/DGL/6b5Yxb/r+ePWfw3yx+z+G+eP2bx3yJ/zOL/jfwxi/+W+WMW/2/mj1n8t8ofs/hvnT9m8d8mf8zi/638MYv/t/PHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4r9j/pjFf6f8MYv/zvljFv9d8scs/rvmj1n8d8sfs/h/J3/M4v/d/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4fy9/zOL//fwxi/8P8scs/nvnj1n898kfs/j/MH/M4v+j/DGL/775Yxb/H+ePWfz3yx+z+O+fP2bxPyB/zOL/k/wxi/9P88cs/j/LH7P4H5g/ZvE/KH/M4v/z/DGL/y/yxyz+B+ePWfwPyR+z+B+aP2bx/2X+mMX/V/ljFv/D8scs/ofnj1n8f50/ZvE/In/M4v+b/DGL/5H5Yxb/3+aPWfx/lz9m8T8qf8zi//v8MYv/H/LHLP5H549Z/I/JH7P4H5s/ZvH/Y/6Yxf+4/DGL//H5Yxb/E/LHLP5/yh+z+P85f8zi/5f8MYv/ifljFv+T8scs/n/NH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+f8sfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bx/3v+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljEv/xB/ljFv8h+WMW/9Hyxyz+o+ePWfyH5o9Z/MfIH7P4j5k/ZvEfK3/M4j8sf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6YxX+S/DGL/7vyxyz+784fs/hPmj9m8X9P/pjFf7L8MYv/5PljFv/35o9Z/KfIH7P4vy9/zOL//vwxi/8H8scs/lPmj1n8p8ofs/hPnT9m8f9g/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/h/KH/M4j9j/pjF/8P5Yxb/j+SPWfw/mj9m8f9Y/pjF/+P5Yxb/T+SPWfxnyh+z+M+cP2bxnyV/zOI/a/6YxX+2/DGL/+z5Yxb/T+aPWfznyB+z+M+ZP2bxnyt/zOI/d/6Yxf9T+WMW/3nyxyz+n84fs/h/Jn/M4j9v/pjF/7P5Yxb/+fLHLP7z549Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8P5c/ZvH/fP6YxX+J/DGL/xfyxyz+S+aPWfy/mD9m8f9S/pjFf6n8MYv/0vljFv9l8scs/svmj1n8l8sfs/gvnz9m8f9y/pjFf4X8MYv/ivljFv+v5I9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv818scs/l/NH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8v5Y/ZvHfIH/M4r9h/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8v54/ZvHfLH/M4r95/pjFf4v8MYv/N/LHLP5b5o9Z/L+ZP2bx3yp/zOK/df6YxX8bq/+wN7/Z4v8tq/+/yeL/7fwxi/+2+WMW/+3yxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOK/c/6YxX+X/DGL/675Yxb/3fLHLP7fyR+z+H83f8ziv3v+mMV/j/wxi/+e+WMW/73yxyz+38sfs/h/P3/M4v+D/DGL/975Yxb/ffLH3qn+w0bx/2H+2DvVfzCK/4/yxyz+++aPWfx/nD9m8d8vf8ziv3/+mMX/gPwxi/9P8scs/j/NH7P4/yx/zOJ/YP6Yxf+g/DGL/8/zxyz+v8gfs/gfnD9m8T8kf8zif2j+mMX/l/ljFv9f5Y9Z/A/LH7P4H54/ZvH/df6Yxf+I/DGL/2/yxyz+R+aPWfx/mz9m8f9d/pjF/6j8MYv/7/PHLP5/yB+z+B+dP2bxPyZ/zOJ/bP6Yxf+P+WMW/+Pyxyz+x+ePWfxPyB+z+P8pf8zi/+f8MYv/X/LHLP4n5o9Z/E/KH7P4/1XpP+zfLmHxP1np/++z+J+SP2bxPzV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv+/5Y9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/j/PX/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735f9KU49y2eJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePSfwnGOSPWfyH5I9Z/EfLH7P4j54/ZvEfmj9m8R8jf8ziP2b+mMV/rPwxi/+w/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/u/KH7P4vzt/zOI/af6Yxf89+WMW/8nyxyz+k+ePWfzfmz9m8Z8if8zi/778MYv/+/PHLP4fyB+z+E+ZP2bxnyp/zOI/df6Yxf+D+WMW/2nyxyz+0+aPWfynyx+z+E+fP2bxnyF/zOL/ofwxi/+M/+z/8uj/6yv2n5nF/8PNf8zi/5H8MYv/R/PHLP4fyx+z+H88f8zi/4n8MYv/TPljFv+Z88cs/rPkj1n8Z80fs/jPlj9m8Z89f8zi/8n8MYv/HPljFv8588cs/nPlj1n8584fs/h/Kn/M4j9P/pjF/9Ov+rcR/FMW/89Ej1n8580fs/h/Nn/M4j9f/pjFf/78MYv/AvljFv8F88cs/gvlj1n8F84fs/gvkj9m8V80f8ziv1j+mMV/8fwxi//n8scs/p/PH7P4L5E/ZvH/Qv6YxX/J/DGL/xfzxyz+X8ofs/gvlT9m8V86f8ziv0z+mMV/2fwxi/9y+WMW/+Xzxyz+X84fs/ivkD9m8V8xf8zi/5X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8V89f8ziv0b+mMX/q/ljFv8188cs/mvlj1n8184fs/ivkz825Kz9VpxwxNl3tP+6+WOW+b9e/pjFf/38MYv/1/LHLP4b5I9Z/DfMH7P4b5Q/ZvHfWO+/PV5r8d9E789Z/DfNH7P4fz1/zOK/Wf6YxX/z/DGL/xb5Yxb/b+SPWfy3zB+z+H8zf8ziv1X+mMV/6/wxi/82+WMW/2/lj1n8v50/ZvHfNn/M4r9d/pjFf/v8MYv/DvljFv8d88cs/jvlj1n8d84fs/jvkj9m8d81f8ziv1v+mMX/O/ljFv/v5o9Z/HfPH7P475E/ZvHfM3/M4r9X/pjF/3v5Yxb/7+ePWfx/kD9m8d87f8ziv0/+mMX/h/ljFv8f5Y9Z/PfNH7P4/zh/zOK/X/6YxX///DGL/wH5Yxb/n+SPWfx/mj9m8f9Z/pjF/8D8MYv/QfljFv+f549Z/H+RP2bxPzh/zOJ/SP6Yxf/Q/DGL/y/zxyz+v8ofs/gflj9m8T88f8zi/+v8MYv/EfljFv/f5I9Z/I/MH7P4/zZ/zOL/u/wxi/9R+WMW/9/nj1n8/5A/ZvE/On/M4n9M/pjF/9j8MYv/H/PHLP7H5Y9Z/I/PH7P4n5A/ZvH/U/6Yxf/P+WMW/7/kj1n8T8wfs/iflD9m8f9r/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bx/1v+mMX/wvwxi/9F+WMW/4vzxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGJ/5DBYIf8IYn/BFc1/zGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMS/wkH+WMW/yH5Yxb/0fLHLP6j549Z/Ifmj1n8x8gfs/iPmT9m8R8rf8ziPyx/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/CfIH7P4T/j/sXP/4VrX9R3Hb36T5fRjm7q04dCYazMSGY1aiIri8ccpE838jXoEEkR+SIKpuNFKHZsudbNkUwvHnK1a4nBz/VrRsKzZGrG1yimuhTHmYKE5Y9eBc4hz9vZcnS/7fi3ej8cfcO77+L5DntfL++biutI/lKX/vvqHsvQv+oey9N9P/1CW/q/UP5Sl/8/qH8rS/+f0D2Xpv7/+oSz9D9A/lKX/gfqHsvT/ef1DWfq/Sv9Qlv4H6R/K0v9g/UNZ+r9a/1CW/r+gfyhL/xH6h7L0P0T/UJb+v6h/KEv/kfqHsvQ/VP9Qlv6H6R/K0v81+oey9B+lfyhL/1/SP5Sl/+H6h7L0/2X9Q1n6v1b/UJb+v6J/KEv/X9U/lKX/EfqHsvR/nf6hLP1H6x/K0v/1+oey9D9S/1CW/mP0D2Xpf5T+oSz9x+ofytL/1/QPZek/Tv9Qlv5v0D+Upf+v6x/K0n+8/qEs/d+ofyhL/zfpH8rS/zf0D2Xp/2b9Q1n6T9A/lKX/0fqHsvSfqH8oS/9j9A9l6X+s/qEs/Y/TP5Sl/yT9Q1n6H69/KEv/E/QPZek/Wf9Qlv4n6h/K0r9N/1CW/ifpH8rS/2T9Q1n6n6J/KEv/U/UPZenfrn8oS/+36B/K0v+t+oey9D9N/1CW/m/TP5Sl/+n6h7L0n6J/KEv/M/QPZel/pv6hLP3frn8oS/+z9A9l6f8O/UNZ+p+tfyhL/3P0D2Xpf67+oSz9z9M/lKX/+fqHsvS/QP9Qlv4X6h/K0n+q/qEs/S/SP5Sl/8X6h7L0v0T/UJb+HfqHsvS/VP9Qlv7T9A9l6T9d/1CW/jP0D2Xp/079Q1n6X6Z/KEv/mfqHsvSfpX8oS//L9Q9l6T9b/1CW/lfoH8rSf47+oSz95+ofytJ/nv6hLP3n6x/K0v9K/UNZ+i/QP5Sl/7v0D2Xpf5X+oSz9F+ofytJ/kf6hLP2v1j+Upf+79Q9l6X+N/qEs/a/VP5Sl/3X6h7L0X6x/KEv/6/UPZen/m/qHsvT/Lf1DWfov0T+Upf979A9l6f/b+oey9H+v/qEs/d+nfyhL/xv0D2Xpf6P+oSz9b9I/lKX/7+gfytJ/qf6hLP1/V/9Qlv6/p38oS/+b9Q9l6X+L/qEs/X9f/1CW/u/XP5Sl/636h7L0v03/UJb+t+sfytL/D/QPZen/h/qHsvS/Q/9Qlv4f0D+Upf8H9Q9l6X+n/qEs/ZfpH8rS/4/0D2Xp/8f6h7L0v0v/UJb+d+sfytL/Hv1DWfp/SP9Qlv4f1j+Upf/y3v1HNPzr+gmVpf+99h/K0v9P9A9l6b9C/1CW/n+qfyhL//v0D2Xp/2f6h/bE/oO6vty1//36h/bE/tH+P6J/KEv/P9c/lKX/R/UPZen/Mf1DWfp/XP9Qlv5/oX8oS/9P6B/K0v8B/UNZ+q/UP5Sl/4P6h7L0/0v9Q1n6r9I/lKX/Q/qHsvT/K/1DWfr/tf6hLP0f1j+Upf/f6B/K0v+T+oey9P+U/qEs/T+tfyhL/8/oH8rS/7P6h7L0/1v9Q1n6f07/UJb+n9c/lKX/av1DWfp/Qf9Qlv5/p38oS/81+oey9H9E/1CW/l/UP5Sl/5f0D2Xp/6j+oSz9v6x/KEv/r+gfytL/7/UPZen/mP6hLP2/qn8oS/9/0D+Upf/X9A9l6f+P+oey9F+rfyhL/6/rH8rSf53+oSz9/0n/UJb+/6x/KEv/b+gfytL/X/QPZen/Tf1DWfp/S/9Qlv7f1j+Upf/j+oey9P9X/UNZ+j+hfyhL/yf1D2Xpv17/UJb+T+kfytL/3/QPZen/Hf1DWfr/u/6hLP2/q38oS/8N+oey9H9a/1CW/t/TP5Sl/0b9Q1n6/4f+oSz9N+kfytL/P/UPZen/jP6hLP3/S/9Qlv6b9Q9l6b9F/1CW/v+tfyhL/+/rH8rSf6v+oSz9n9U/lKX/c/qHsvT/gf6hLP2f1z+Upf//6B/K0v8F/UNZ+v9Q/1CW/tv0DyXpv29L/1CW/gP0D2XpP1D/UJb+g/QPZek/WP9Qlv5D9A9l6T9U/1CW/sP0D2XpP1z/UJb+L9M/lKX/XvqHsvR/uf6hLP1foX8oS/+99Q9l6f8z+oey9N9H/9Ae1x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAnzbyFiy6bOnNmx1xf+MIXvtj5xUv9XyYAAOD/248+9L/UvxIAAAAAAAAAAAAAAAAAAADIq4n/O7GX+t8RAAAAAAAAAAAAAAB+2rW1H7Nx0IAeTw3a9cGrH+3Y/vPYrWdNX778wdL9c9e3Tw5ecuCuD7Zt27Zt2TMTJnU9HNZqtTr/1/btejy893Hn6y8eceeBOx6ViZ+7/fHzp+x9ytyVtwz++rKb2p8esv3ZIa0LL50xs+P1A1utctyQ1lWdD44c0GqVE4a0bu58MKbzweQhrRWdD47a/uBlrU93PnjdxbNnXtL5xImVf89gT9HWvrg1qMdiWz3+a7Dr/hePeGJ69899vGT3qw1ude1/5MovHtDre91eZP/dr1+O6b3/fv8LAi+qf/t/bl33z3285P95///Qmq2Lou+9+P67X78ca/9Qn+Dzf4+N9v7c3+vz/yHBS+68P3r4mls79992xn0Hdz01+Mf5/P+j1y/H9d7/wB6f/zs/x0/q/vw/rNUqx+/mbwek0tZ+/ca+3v/73v/gV/W6GbDr/u/58vpXdO7/3udbS7qeGtLP/U/q6/3/hl6/VqB/2trv3tbr/b8f+2+NCl5y5/43rNx7++f/9fdfvP8u3+vP/o/vvf/R82ddMXrewkVHzJg1dVrHtI7Lx48Zd+TY8ePHjRu9/RPBjh938zcFkti99//WXr1uBrRaHTvvV99306TO/W96aMmHu54a3s/9n9Dn+/8h3v8hNHJga+jQ1lVT58+fe+SOH7sfjtnx445/LNh/P/78f+jhXf9Y998ZDmi1Dtx5P+r88cM693/1nLKq66mh/dz/5D73P7Hn31UC/bOb7/+X9Lrpsf+jN1y7oHP/h31/v/VdT/X3z/8n9rn/u7z/w+5oa2/V+ibauf+jhl1/UrXr0ubv/6A+Tex/xOabt1S7LifZP9Snif1PWfqmi6pdl5PtH+rTxP4fnHXB0mrX5RT7h/o0sf8XXrnloGrX5VT7h/o0sf/HvvPU8mrXpd3+oT5N7P8Dd7QfVe26vMX+oT5N7P+IK5+dUO26vNX+oT5N7P/Sl5++otp1Oc3+oT5N7P+kbcfuX+26vM3+oT5N7H/A9d9dXO26nG7/UJ8m9v/k1KWzq12XKfYP9Wli/ytGjHqu2nU5w/6hPk3sf8nTb5hc7bqcaf9Qnyb2/5Xb7nys2nV5u/1DfZrY/8fP3e/OatflLPuH+jSx/x+MfGivatflHfYP9Wli/2vXrnig2nU52/6hPk3sf9mKQSOrXZdz7B/q08T+rztx2qPVrsu59g/1aWL/Y8d96Zxq1+U8+4f6NLH/Az/7zaeqXZfz7R/q08T+T394wbxq1+UC+4f6NLH/BQd97IfVrsuF9g/1aWL/b+44aHq16zLV/qE+Tey/3LLX2mrX5SL7h/o0sf+zN909sdp1udj+oT5N7H/VPp//aLXrcon9Q32a2P/mOZePr3ZdOuwf6tPE/r/9nuveW+26XGr/UJ8m9n/r818r1a7LNPuH+jSx/w1jzj632nWZbv9Qnyb2f/cpzzxS7brMsH+oTxP7X7rq8fnVrss77R/q08T+V68++Ylq1+Uy+4f6NLH/w0aN3rvns8/+mNdlpv1DfZrY/+yzlnyw2nWZZf9Qnyb2f9z9t72m2nW53P6hPk3sf/hXJ3yi2nWZbf9Qnyb2/6kJ7/tktetyhf1DfZrY/5aJhx5e7brMsX+oTxP7X/fAmNurXZe59g/1aWL/73/kjorXZZ79Q32a2P+c176wqdp1mW//UJ8m9v/GKWcurHZdrrR/qE8T+9//rslfqHZdFtg/1KeJ/Z/3re+dVu26vMv+oT5N7P/QAy46uNp1ucr+oT5N7H/6jDU3VrsuC+0f6tPE/ictWze22nVZZP9Qnyb2v8+T8+6pdl2utn+oTxP73zjogFOrXZd32z/Up4n933vNw9+odl2usX+oTxP7v/GGj3RUuy7X2j/Up4n9f2br0M3Vrst19g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCxAAAAAIAwf+sgejcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKMAAAD//5dZ8pE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000400)="ba", 0x1}], 0x1, 0xf5, 0x8, 0x8)

337.655µs ago: executing program 4 (id=2506):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, <r1=>0x0, <r2=>0x0}, &(0x7f0000000180)=0xc)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000280)={[{@nobarrier}, {@gid={'gid', 0x3d, r2}}, {@creator={'creator', 0x3d, "cf44eee4"}}, {@creator={'creator', 0x3d, "64eb8ba9"}}, {@nodecompose}, {@umask}, {@uid={'uid', 0x3d, r1}}, {@nodecompose}]}, 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")
removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00')

0s ago: executing program 4 (id=2507):
syz_emit_vhci(&(0x7f0000009c40)=ANY=[@ANYBLOB="04140003c9"], 0x17)

kernel console output (not intermixed with test programs):

000-0000-000000000000.
[  156.428116][ T9648] IPVS: set_ctl: invalid protocol: 8 0.0.0.0:20003
[  156.450621][ T9650] loop5: detected capacity change from 0 to 2048
[  156.469906][ T9650] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  156.660051][ T9661] loop5: detected capacity change from 0 to 32768
[  156.664498][ T9661] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1331 (9661)
[  156.676117][ T9661] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  156.683576][ T9661] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  156.693590][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  156.727360][ T9661] BTRFS info (device loop5): enabling ssd optimizations
[  156.730207][ T9661] BTRFS info (device loop5): turning on sync discard
[  156.732993][ T9661] BTRFS info (device loop5): enabling free space tree
[  156.751086][ T8652] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  156.857478][   T10] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  156.861357][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.866042][   T10] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  156.869772][   T10] usb 4-1: config 1 has no interface number 1
[  156.872335][   T10] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  156.877688][   T10] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  156.885030][   T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  156.888153][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.891518][   T10] usb 4-1: Product: syz
[  156.893105][   T10] usb 4-1: Manufacturer: syz
[  156.895904][   T10] usb 4-1: SerialNumber: syz
[  156.904685][ T9681] loop5: detected capacity change from 0 to 32768
[  156.907347][ T9681] btrfs: Deprecated parameter 'usebackuproot'
[  156.909397][ T9681] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  156.912731][ T9681] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1333 (9681)
[  156.921551][ T9681] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  156.926032][ T9681] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  156.945453][   T36] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  156.950805][ T9681] BTRFS error (device loop5): failed to load root extent
[  156.953175][ T9681] BTRFS warning (device loop5): try to load backup roots slot 1
[  156.957067][   T36] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  156.962397][ T9681] BTRFS warning (device loop5): couldn't read tree root
[  156.965974][ T9681] BTRFS warning (device loop5): try to load backup roots slot 2
[  156.969911][ T1089] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  156.974392][ T9681] BTRFS warning (device loop5): couldn't read tree root
[  156.977403][ T9681] BTRFS warning (device loop5): try to load backup roots slot 3
[  156.984902][ T9681] BTRFS info (device loop5): rebuilding free space tree
[  156.990415][ T9681] BTRFS info (device loop5): checking UUID tree
[  156.994347][ T9681] BTRFS info (device loop5): enabling ssd optimizations
[  156.997469][ T9681] BTRFS info (device loop5): turning off barriers
[  157.000003][ T9681] BTRFS info (device loop5): disabling tree log
[  157.002915][ T9681] BTRFS info (device loop5): enabling free space tree
[  157.007211][ T9681] BTRFS info (device loop5): force clearing of disk cache
[  157.010228][ T9681] BTRFS info (device loop5): trying to use backup root at mount time
[  157.013924][ T9681] BTRFS info (device loop5): force zlib compression, level 3
[  157.016969][ T9681] BTRFS info (device loop5): max_inline set to 0
[  157.044869][ T8652] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  157.109505][   T10] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  157.112301][   T10] usb 4-1: MIDIStreaming interface descriptor not found
[  157.132317][   T10] usb 4-1: USB disconnect, device number 22
[  157.165542][ T5993] udevd[5993]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  157.175969][ T9707] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1336'.
[  157.727798][ T9728] loop3: detected capacity change from 0 to 256
[  157.739634][ T9728] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e06c6e, utbl_chksum : 0xe619d30d)
[  158.326293][  T792] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  158.482502][  T792] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  158.486651][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.489971][  T792] usb 4-1: Product: syz
[  158.500052][  T792] usb 4-1: Manufacturer: syz
[  158.511576][  T792] usb 4-1: SerialNumber: syz
[  158.524863][  T792] usb 4-1: config 0 descriptor??
[  158.699552][ T9760] loop5: detected capacity change from 0 to 32768
[  158.702992][ T9760] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1359 (9760)
[  158.719584][ T9760] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  158.725143][ T9760] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  158.742724][  T792] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  158.763393][ T9760] BTRFS info (device loop5): enabling ssd optimizations
[  158.766781][ T9760] BTRFS info (device loop5): enabling free space tree
[  158.801668][ T8652] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  159.163800][   T54] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  159.167646][   T54] Bluetooth: hci2: Injecting HCI hardware error event
[  159.171012][   T54] Bluetooth: hci2: hardware error 0x00
[  159.807441][ T9816] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1377'.
[  159.867709][ T9820] loop5: detected capacity change from 0 to 4096
[  159.886529][ T9820] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.897552][ T9820] fs-verity (loop5, inode 16): Unsupported log_blocksize: 13
[  159.914949][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.950675][ T9827] loop5: detected capacity change from 0 to 1024
[  159.982166][ T9827] hfsplus: bad catalog folder entry
[  160.253500][   T24] usb 6-1: new low-speed USB device number 7 using dummy_hcd
[  160.376923][  T792] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  160.381292][  T792] usb 4-1: USB disconnect, device number 23
[  160.404950][   T24] usb 6-1: config 32 has 1 interface, different from the descriptor's value: 2
[  160.408030][   T24] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[  160.411885][   T24] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 255, setting to 8
[  160.416333][   T24] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  160.420328][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.426638][ T9829] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  160.634276][   T24] usb 6-1: string descriptor 0 read error: -71
[  160.649049][   T24] usb 6-1: USB disconnect, device number 7
[  161.252774][   T54] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  161.613711][   T24] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  161.778855][   T24] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  161.788913][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.796853][   T24] usb 6-1: config 0 descriptor??
[  162.012266][   T24] kaweth 6-1:0.0: Firmware present in device.
[  162.170831][ T9893] ieee802154 phy0 wpan0: encryption failed: -90
[  162.202500][   T24] kaweth 6-1:0.0: Statistics collection: 0
[  162.205246][   T24] kaweth 6-1:0.0: Multicast filter limit: 0
[  162.207681][   T24] kaweth 6-1:0.0: MTU: 0
[  162.209277][   T24] kaweth 6-1:0.0: Read MAC address 00:00:00:00:00:00
[  162.359477][ T9895] loop3: detected capacity change from 0 to 32768
[  162.377503][ T9895] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  162.406497][   T24] kaweth 6-1:0.0: probe with driver kaweth failed with error -5
[  162.421890][   T24] usb 6-1: USB disconnect, device number 8
[  162.444115][ T9895] XFS (loop3): Ending clean mount
[  162.447951][ T9895] XFS (loop3): Quotacheck needed: Please wait.
[  162.456159][ T9895] XFS (loop3): Quotacheck: Done.
[  162.496636][ T6039] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  162.979354][ T9919] loop5: detected capacity change from 0 to 2048
[  163.051262][ T9921] loop5: detected capacity change from 0 to 64
[  163.131886][ T9923] loop3: detected capacity change from 0 to 4096
[  163.140776][ T9923] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  163.172940][ T9923] ntfs3(loop3): ino=19, mi_enum_attr
[  163.187888][ T9923] ntfs3(loop3): failed to convert "c46c" to iso8859-4
[  163.193158][ T9923] ntfs3(loop3): ino=20, mi_enum_attr
[  163.197416][ T8652] Trying to free block not in datazone
[  163.260728][ T9925] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  163.264529][ T9925] overlayfs: missing 'lowerdir'
[  163.278667][ T8652] Trying to free block not in datazone
[  163.324671][ T8652] Trying to free block not in datazone
[  163.338696][ T8652] Trying to free block not in datazone
[  163.350975][ T8652] Trying to free block not in datazone
[  163.361220][ T8652] Trying to free block not in datazone
[  163.374508][ T8652] Trying to free block not in datazone
[  163.384305][ T8652] Trying to free block not in datazone
[  163.387166][ T8652] Trying to free block not in datazone
[  163.424280][ T8652] Trying to free block not in datazone
[  163.426698][ T8652] Trying to free block not in datazone
[  163.428917][ T8652] Trying to free block not in datazone
[  163.431157][ T8652] Trying to free block not in datazone
[  163.434667][ T8652] Trying to free block not in datazone
[  163.657863][ T9931] loop3: detected capacity change from 0 to 32768
[  163.662422][ T9931] (syz.3.1424,9931,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  163.691908][ T9931] (syz.3.1424,9931,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  163.739325][ T9931] JBD2: Ignoring recovery information on journal
[  163.783093][ T9931] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  163.870598][ T9931] (syz.3.1424,9931,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  163.916743][ T6039] ocfs2: Unmounting device (7,3) on (node local)
[  164.028051][ T9948] loop5: detected capacity change from 0 to 32768
[  164.062586][ T9948] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  164.081625][ T9965] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.111268][ T9965] bond0: (slave rose0): Enslaving as an active interface with an up link
[  164.151619][ T8652] ocfs2: Unmounting device (7,5) on (node local)
[  164.300382][ T9979] loop3: detected capacity change from 0 to 4096
[  164.305354][ T9984] loop5: detected capacity change from 0 to 8
[  164.309146][ T9984] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  164.321025][ T9984] cramfs: Error -3 while decompressing!
[  164.323417][ T9984] cramfs: ffffffff99bf0642(26)->ffff8881114c0000(4096)
[  164.333675][ T9984] cramfs: Error -3 while decompressing!
[  164.334175][ T9979] ntfs3(loop3): Primary boot: invalid sectors per cluster 75.
[  164.336853][ T9984] cramfs: ffffffff99bf065c(16)->ffff88811146f000(4096)
[  164.347098][ T9984] cramfs: Error -3 while decompressing!
[  164.349539][ T9984] cramfs: ffffffff99bf0642(26)->ffff8881114c0000(4096)
[  164.352747][ T9979] ntfs3(loop3): try to read out of volume at offset 0x1ffe00
[  164.378712][   T33] audit: type=1800 audit(2000000030.060:63): pid=9984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1443" name="file2" dev="loop5" ino=348 res=0 errno=0
[  164.479658][ T9990] loop3: detected capacity change from 0 to 4096
[  164.486357][ T9990] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  164.490704][ T9990] ntfs3(loop3): This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver).
[  164.490704][ T9990] Volume contains 64 bits run: vcn 0, lcn ffff000000000103, len 40.
[  164.490704][ T9990] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case
[  164.530679][ T9990] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  164.533204][ T9990] ntfs3(loop3): ino=3, ntfs_set_state failed, -22.
[  164.536996][ T9990] ntfs3(loop3): Failed to load $LogFile (-95).
[  164.539232][ T9990] ntfs3(loop3): ino=3, ntfs3_write_inode failed, -22.
[  164.702015][T10008] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1452'.
[  164.851439][T10012] loop3: detected capacity change from 0 to 32768
[  164.883655][T10012] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256
[  164.883672][T10012]   allowing incompatible features above 0.0: (unknown version)
[  164.883678][T10012]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  164.900348][T10012] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  164.943796][T10012] bcachefs (loop3): initializing new filesystem
[  164.995671][T10012] bcachefs (loop3): going read-write
[  165.075655][T10012] bcachefs (loop3): marking superblocks
[  165.084775][T10012] bcachefs (loop3): initializing freespace
[  165.088488][T10012] bcachefs (loop3): done initializing freespace
[  165.096027][T10012] bcachefs (loop3): reading snapshots table
[  165.098539][T10012] bcachefs (loop3): reading snapshots done
[  165.109315][T10012] bcachefs (loop3): done starting filesystem
[  165.141670][ T6039] bcachefs (loop3): shutting down
[  165.144239][ T6039] bcachefs (loop3): going read-only
[  165.146495][ T6039] bcachefs (loop3): finished waiting for writes to stop
[  165.149652][ T6039] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  165.160989][ T6039] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  165.166850][ T6039] bcachefs (loop3): clean shutdown complete, journal seq 4
[  165.169386][ T6039] bcachefs (loop3): marking filesystem clean
[  165.177315][ T6039] bcachefs (loop3): shutdown complete
[  165.923251][T10044] overlayfs: failed to resolve './file0': -2
[  166.482988][   T33] audit: type=1326 audit(2000000032.160:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.4.1478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  166.494977][T10077] Bluetooth: MGMT ver 1.23
[  166.496961][T10077] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  166.498837][   T33] audit: type=1326 audit(2000000032.160:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.4.1478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  166.513331][   T33] audit: type=1326 audit(2000000032.170:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.4.1478" exe="/syz-executor" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  166.534394][   T33] audit: type=1326 audit(2000000032.170:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.4.1478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  166.541883][   T33] audit: type=1326 audit(2000000032.170:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10074 comm="syz.4.1478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  166.669792][T10081] loop5: detected capacity change from 0 to 32768
[  166.680588][T10081] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.717379][T10081] XFS (loop5): Ending clean mount
[  166.738412][ T8652] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  167.148869][T10101] loop5: detected capacity change from 0 to 512
[  167.157452][T10101] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  167.163417][T10101] EXT4-fs (loop5): 1 truncate cleaned up
[  167.166828][T10101] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.193711][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.513668][   T51] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  167.620466][   T54] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  167.696447][   T51] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  167.701068][   T51] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  167.707071][   T51] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  167.710876][   T51] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.715696][   T51] usb 6-1: Product: syz
[  167.717576][   T51] usb 6-1: Manufacturer: syz
[  167.719526][   T51] usb 6-1: SerialNumber: syz
[  167.987666][   T51] usb 6-1: 0:2 : does not exist
[  167.993133][   T51] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  168.025693][   T51] usb 6-1: USB disconnect, device number 9
[  168.078850][ T6112] udevd[6112]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  168.306144][T10132] loop3: detected capacity change from 0 to 512
[  168.309573][T10132] EXT4-fs: Ignoring removed oldalloc option
[  168.312760][T10132] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  168.318152][T10132] EXT4-fs (loop3): orphan cleanup on readonly fs
[  168.321362][T10132] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5
[  168.325608][T10132] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  168.329678][T10132] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.1499: Failed to acquire dquot type 1
[  168.335916][T10132] EXT4-fs (loop3): 1 truncate cleaned up
[  168.338967][T10132] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  168.360613][ T6039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.566589][T10139] NILFS (nullb0): couldn't find nilfs on the device
[  168.872262][T10152] syz.5.1507: attempt to access beyond end of device
[  168.872262][T10152] nbd5: rw=4096, sector=0, nr_sectors = 1 limit=0
[  168.877657][T10152] XFS (nbd5): SB validate failed with error -5.
[  168.905410][T10159] loop5: detected capacity change from 0 to 128
[  168.910094][T10159] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: writeback.
[  168.929283][ T8652] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  169.263570][ T5873] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  169.583525][ T5873] usb 6-1: Using ep0 maxpacket: 8
[  169.593727][ T5873] usb 6-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  169.597191][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.599849][ T5873] usb 6-1: Product: syz
[  169.601230][ T5873] usb 6-1: Manufacturer: syz
[  169.602838][ T5873] usb 6-1: SerialNumber: syz
[  170.011951][ T5873] mxuport 6-1:254.0: mxuport_recv_ctrl_urb - short read (0 / 4)
[  170.015570][ T5873] mxuport 6-1:254.0: probe with driver mxuport failed with error -5
[  170.221350][   T24] usb 6-1: USB disconnect, device number 10
[  170.766857][   T33] audit: type=1400 audit(2000000036.450:69): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":(%#{//(@\)//&@},['%%&\#*" pid=10197 comm="syz.5.1525"
[  171.023710][ T5873] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  171.193703][ T5873] usb 4-1: Using ep0 maxpacket: 32
[  171.209877][ T5873] usb 4-1: config 0 has an invalid interface number: 86 but max is 0
[  171.213414][ T5873] usb 4-1: config 0 has no interface number 0
[  171.217930][ T5873] usb 4-1: config 0 interface 86 altsetting 2 endpoint 0x9 has invalid wMaxPacketSize 0
[  171.221877][ T5873] usb 4-1: config 0 interface 86 has no altsetting 0
[  171.236106][ T5873] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=33.7a
[  171.239919][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.243229][ T5873] usb 4-1: Product: syz
[  171.255113][ T5873] usb 4-1: Manufacturer: syz
[  171.257296][ T5873] usb 4-1: SerialNumber: syz
[  171.262636][ T5873] usb 4-1: config 0 descriptor??
[  171.486879][   T24] usb 4-1: USB disconnect, device number 24
[  171.987861][T10215] loop5: detected capacity change from 0 to 256
[  172.040725][T10218] loop3: detected capacity change from 0 to 512
[  172.049765][T10218] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  172.070823][T10218] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  172.162305][T10231] loop5: detected capacity change from 0 to 256
[  172.179231][T10231] FAT-fs (loop5): Directory bread(block 64) failed
[  172.181621][T10231] FAT-fs (loop5): Directory bread(block 65) failed
[  172.190962][T10231] FAT-fs (loop5): Directory bread(block 66) failed
[  172.193244][T10231] FAT-fs (loop5): Directory bread(block 67) failed
[  172.196805][T10231] FAT-fs (loop5): Directory bread(block 68) failed
[  172.199030][T10231] FAT-fs (loop5): Directory bread(block 69) failed
[  172.201326][T10231] FAT-fs (loop5): Directory bread(block 70) failed
[  172.203895][T10231] FAT-fs (loop5): Directory bread(block 71) failed
[  172.206620][T10231] FAT-fs (loop5): Directory bread(block 72) failed
[  172.209289][T10231] FAT-fs (loop5): Directory bread(block 73) failed
[  172.300147][T10238] loop5: detected capacity change from 0 to 4096
[  172.317267][T10238] ntfs3(loop5): ino=3, Correct links count -> 2.
[  172.338884][T10234] loop3: detected capacity change from 0 to 32768
[  172.360297][T10238] ntfs3(loop5): ino=1a, mi_enum_attr
[  172.369849][T10238] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  172.375480][T10234] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  172.385052][T10234] (syz.3.1542,10234,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=0, inode=0, rec_len=49, name_len=1
[  172.392674][T10234] (syz.3.1542,10234,1):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[  172.398372][T10234] (syz.3.1542,10234,1):ocfs2_symlink:1879 ERROR: status = -2
[  172.401831][T10234] (syz.3.1542,10234,1):ocfs2_symlink:2080 ERROR: status = -2
[  172.448818][ T6039] ocfs2: Unmounting device (7,3) on (node local)
[  172.635277][T10259] loop5: detected capacity change from 0 to 512
[  172.645148][T10259] EXT4-fs (loop5): Test dummy encryption mode enabled
[  172.647948][T10259] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  172.652916][T10259] EXT4-fs (loop5): 1 truncate cleaned up
[  172.657490][T10259] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.675253][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.511589][T10285] loop3: detected capacity change from 0 to 512
[  173.514523][T10285] EXT4-fs: Ignoring removed i_version option
[  173.516708][T10285] EXT4-fs: Ignoring removed nobh option
[  173.520245][T10285] EXT4-fs (loop3): Test dummy encryption mode enabled
[  173.522815][T10285] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  173.527806][T10285] EXT4-fs (loop3): 1 truncate cleaned up
[  173.530255][T10285] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.556492][ T6039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.637685][T10296] loop5: detected capacity change from 0 to 1024
[  173.661432][T10296] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.682140][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.897484][T10316] loop5: detected capacity change from 0 to 32768
[  173.934939][T10321] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1579'.
[  173.985623][T10316] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  173.985643][T10316]   allowing incompatible features above 0.0: (unknown version)
[  173.985650][T10316]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  174.004417][T10316] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  174.007785][T10316] bcachefs (loop5): initializing new filesystem
[  174.016102][T10316] bcachefs (loop5): going read-write
[  174.032199][T10316] bcachefs (loop5): marking superblocks
[  174.038949][T10316] bcachefs (loop5): initializing freespace
[  174.046256][T10316] bcachefs (loop5): done initializing freespace
[  174.051358][T10316] bcachefs (loop5): reading snapshots table
[  174.054065][T10316] bcachefs (loop5): reading snapshots done
[  174.066498][T10316] bcachefs (loop5): done starting filesystem
[  174.158030][T10338] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  174.674021][ T8652] bcachefs (loop5): shutting down
[  174.676765][ T8652] bcachefs (loop5): going read-only
[  174.679428][ T8652] bcachefs (loop5): finished waiting for writes to stop
[  174.684111][ T8652] bcachefs (loop5): flushing journal and stopping allocators, journal seq 2
[  174.727424][ T8652] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  174.733892][ T8652] bcachefs (loop5): clean shutdown complete, journal seq 4
[  174.737812][ T8652] bcachefs (loop5): marking filesystem clean
[  174.793630][ T8652] bcachefs (loop5): shutdown complete
[  175.643676][ T5235] Bluetooth: hci1: command 0x0406 tx timeout
[  175.712995][T10370] loop3: detected capacity change from 0 to 1024
[  175.717336][T10370] EXT4-fs: Ignoring removed bh option
[  175.737262][T10370] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.752112][T10370] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: comm syz.3.1597: inode #6: comm syz.3.1597: iget: illegal inode #
[  175.760716][T10370] EXT4-fs (loop3): Remounting filesystem read-only
[  175.763942][T10370] EXT4-fs warning (device loop3): ext4_xattr_block_set:2190: inode #19: comm syz.3.1597: dec ref error=-30
[  175.797779][ T6039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.009342][T10396] syz.3.1603 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  176.232981][T10405] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  177.651151][T10422] loop3: detected capacity change from 0 to 40427
[  177.655342][T10422] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  177.658331][T10422] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  177.663140][T10422] F2FS-fs (loop3): invalid crc value
[  177.692639][T10422] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  177.697742][T10422] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  177.700865][T10422] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  177.720696][T10422] syz.3.1614: attempt to access beyond end of device
[  177.720696][T10422] loop3: rw=2049, sector=53248, nr_sectors = 16 limit=40427
[  177.744772][ T6039] syz-executor: attempt to access beyond end of device
[  177.744772][ T6039] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  177.751271][ T6039] CPU: 1 UID: 0 PID: 6039 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  177.751284][ T6039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  177.751289][ T6039] Call Trace:
[  177.751292][ T6039]  <TASK>
[  177.751296][ T6039]  dump_stack_lvl+0x189/0x250
[  177.751311][ T6039]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.751320][ T6039]  ? __pfx_queue_work_on+0x10/0x10
[  177.751328][ T6039]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  177.751339][ T6039]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  177.751350][ T6039]  f2fs_handle_critical_error+0x37c/0x540
[  177.751363][ T6039]  f2fs_write_end_io+0x886/0xb60
[  177.751373][ T6039]  __submit_merged_bio+0x27a/0x6a0
[  177.751384][ T6039]  __submit_merged_write_cond+0x255/0x530
[  177.751394][ T6039]  f2fs_write_data_pages+0x261d/0x3000
[  177.751409][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  177.751421][ T6039]  ? arch_stack_walk+0xfc/0x150
[  177.751435][ T6039]  ? __mod_zone_page_state+0xd7/0x140
[  177.751447][ T6039]  ? folios_put_refs+0x560/0x640
[  177.751457][ T6039]  ? __pfx_folios_put_refs+0x10/0x10
[  177.751463][ T6039]  ? rcu_is_watching+0x15/0xb0
[  177.751471][ T6039]  ? lru_add+0xa2f/0xd80
[  177.751477][ T6039]  ? lru_add+0x198/0xd80
[  177.751484][ T6039]  ? folio_batch_move_lru+0x319/0x3a0
[  177.751492][ T6039]  ? filemap_get_folios_tag+0xed/0x630
[  177.751500][ T6039]  ? rcu_is_watching+0x15/0xb0
[  177.751507][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  177.751517][ T6039]  do_writepages+0x32e/0x550
[  177.751527][ T6039]  ? rcu_is_watching+0x15/0xb0
[  177.751534][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  177.751544][ T6039]  filemap_fdatawrite+0x199/0x240
[  177.751554][ T6039]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  177.751570][ T6039]  ? rcu_is_watching+0x15/0xb0
[  177.751577][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  177.751585][ T6039]  f2fs_sync_dirty_inodes+0x31f/0x830
[  177.751595][ T6039]  f2fs_write_checkpoint+0x95a/0x1df0
[  177.751605][ T6039]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  177.751620][ T6039]  ? kill_f2fs_super+0x298/0x6c0
[  177.751628][ T6039]  kill_f2fs_super+0x2c3/0x6c0
[  177.751635][ T6039]  ? __pfx_kill_f2fs_super+0x10/0x10
[  177.751641][ T6039]  ? radix_tree_delete_item+0x2b6/0x400
[  177.751652][ T6039]  ? shrinker_free+0x2ce/0x3e0
[  177.751660][ T6039]  deactivate_locked_super+0xbc/0x130
[  177.751670][ T6039]  cleanup_mnt+0x425/0x4c0
[  177.751679][ T6039]  task_work_run+0x1d4/0x260
[  177.751689][ T6039]  ? __pfx_task_work_run+0x10/0x10
[  177.751697][ T6039]  ? __x64_sys_umount+0x122/0x160
[  177.751706][ T6039]  ? __pfx___x64_sys_umount+0x10/0x10
[  177.751715][ T6039]  ? rcu_is_watching+0x15/0xb0
[  177.751722][ T6039]  exit_to_user_mode_loop+0xec/0x110
[  177.751732][ T6039]  do_syscall_64+0x2bd/0x3b0
[  177.751743][ T6039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.751750][ T6039]  ? exc_page_fault+0x9f/0xf0
[  177.751759][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.751766][ T6039] RIP: 0033:0x7fc60eb8ff17
[  177.751774][ T6039] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  177.751780][ T6039] RSP: 002b:00007ffdeeba3678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  177.751790][ T6039] RAX: 0000000000000000 RBX: 00007fc60ec11c05 RCX: 00007fc60eb8ff17
[  177.751795][ T6039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdeeba3730
[  177.751800][ T6039] RBP: 00007ffdeeba3730 R08: 0000000000000000 R09: 0000000000000000
[  177.751804][ T6039] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdeeba47c0
[  177.751809][ T6039] R13: 00007fc60ec11c05 R14: 000000000002b5c7 R15: 00007ffdeeba4800
[  177.751817][ T6039]  </TASK>
[  177.751820][ T6039] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  178.060696][T10429] loop5: detected capacity change from 0 to 32768
[  178.065369][T10429] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1616 (10429)
[  178.079257][T10429] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  178.094437][T10429] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  178.097465][T10429] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  178.129664][T10429] BTRFS info (device loop5): rebuilding free space tree
[  178.141734][T10429] BTRFS info (device loop5): disabling free space tree
[  178.149337][T10429] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  178.159693][T10429] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  178.170280][T10429] BTRFS info (device loop5): setting nodatasum
[  178.172734][T10429] BTRFS info (device loop5): setting nodatacow
[  178.175579][T10429] BTRFS info (device loop5): enabling ssd optimizations
[  178.178288][T10429] BTRFS info (device loop5): turning off barriers
[  178.184691][T10429] BTRFS info (device loop5): turning on flush-on-commit
[  178.189730][T10429] BTRFS info (device loop5): enabling disk space caching
[  178.193400][T10429] BTRFS info (device loop5): force clearing of disk cache
[  178.201517][T10429] BTRFS info (device loop5): doing ref verification
[  178.210668][T10429] BTRFS info (device loop5): max_inline set to 4096
[  178.254536][ T8652] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  178.374029][   T24] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  178.523645][   T24] usb 4-1: Using ep0 maxpacket: 8
[  178.527964][   T24] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  178.531270][   T24] usb 4-1: config 0 has no interface number 0
[  178.533615][   T24] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  178.540785][   T24] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  178.546875][   T24] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  178.551035][   T24] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  178.555136][   T24] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  178.562211][   T24] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  178.566352][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.569380][   T24] usb 4-1: Product: syz
[  178.573647][   T24] usb 4-1: Manufacturer: syz
[  178.575197][   T24] usb 4-1: SerialNumber: syz
[  178.584172][   T24] usb 4-1: config 0 descriptor??
[  178.837308][T10479] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  179.034310][   T24] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial=㠲י interface=186 now attached to iowarrior0
[  179.062147][ T5880] usb 4-1: USB disconnect, device number 25
[  179.526233][T10507] input: syz0 as /devices/virtual/input/input14
[  179.586082][T10509] loop5: detected capacity change from 0 to 2048
[  179.600396][T10509] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  179.607824][ T6112] udevd[6112]: incorrect nilfs2 checksum on /dev/loop5
[  179.624066][T10509] NILFS (loop5): mounting unchecked fs
[  179.627126][T10509] NILFS (loop5): recovery required for readonly filesystem
[  179.630139][T10509] NILFS (loop5): write access will be enabled during recovery
[  179.635704][T10509] NILFS (loop5): norecovery option specified, skipping roll-forward recovery
[  179.646291][T10509] NILFS (loop5): couldn't remount because the filesystem is in an incomplete recovery state
[  179.653183][T10513] overlayfs: failed to clone upperpath
[  179.656684][T10513] overlayfs: failed to clone upperpath
[  179.694187][T10517] loop5: detected capacity change from 0 to 8
[  179.736833][T10523] overlayfs: failed to decode file handle (len=5, type=0, flags=0, err=-22)
[  179.959476][T10537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1658'.
[  179.962705][T10537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1658'.
[  180.102885][T10535] loop3: detected capacity change from 0 to 40427
[  180.108470][T10535] F2FS-fs: heap/no_heap options were deprecated
[  180.112504][T10535] F2FS-fs (loop3): invalid crc value
[  180.139226][T10535] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  180.144522][T10535] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  180.164676][ T6039] syz-executor: attempt to access beyond end of device
[  180.164676][ T6039] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  180.170441][ T6039] CPU: 1 UID: 0 PID: 6039 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  180.170462][ T6039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  180.170471][ T6039] Call Trace:
[  180.170477][ T6039]  <TASK>
[  180.170482][ T6039]  dump_stack_lvl+0x189/0x250
[  180.170506][ T6039]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.170520][ T6039]  ? __pfx_queue_work_on+0x10/0x10
[  180.170532][ T6039]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  180.170550][ T6039]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  180.170567][ T6039]  f2fs_handle_critical_error+0x37c/0x540
[  180.170587][ T6039]  f2fs_write_end_io+0x886/0xb60
[  180.170604][ T6039]  __submit_merged_bio+0x27a/0x6a0
[  180.170622][ T6039]  __submit_merged_write_cond+0x255/0x530
[  180.170640][ T6039]  f2fs_write_data_pages+0x261d/0x3000
[  180.170657][ T6039]  ? arch_stack_walk+0xfc/0x150
[  180.170683][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  180.170699][ T6039]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  180.170716][ T6039]  ? rcu_is_watching+0x15/0xb0
[  180.170739][ T6039]  ? folios_put_refs+0x559/0x640
[  180.170756][ T6039]  ? __pfx_folios_put_refs+0x10/0x10
[  180.170767][ T6039]  ? rcu_is_watching+0x15/0xb0
[  180.170777][ T6039]  ? lru_add+0xa2f/0xd80
[  180.170788][ T6039]  ? lru_add+0x198/0xd80
[  180.170799][ T6039]  ? do_raw_spin_lock+0x121/0x290
[  180.170818][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  180.170833][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  180.170851][ T6039]  do_writepages+0x32e/0x550
[  180.170868][ T6039]  ? rcu_is_watching+0x15/0xb0
[  180.170879][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  180.170894][ T6039]  filemap_fdatawrite+0x199/0x240
[  180.170938][ T6039]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  180.170966][ T6039]  ? rcu_is_watching+0x15/0xb0
[  180.170978][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  180.170993][ T6039]  f2fs_sync_dirty_inodes+0x31f/0x830
[  180.171011][ T6039]  f2fs_write_checkpoint+0x95a/0x1df0
[  180.171030][ T6039]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  180.171054][ T6039]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  180.171066][ T6039]  ? kfree+0x18e/0x440
[  180.171081][ T6039]  ? kill_f2fs_super+0x298/0x6c0
[  180.171094][ T6039]  kill_f2fs_super+0x2c3/0x6c0
[  180.171107][ T6039]  ? __pfx_kill_f2fs_super+0x10/0x10
[  180.171117][ T6039]  ? radix_tree_delete_item+0x2b6/0x400
[  180.171134][ T6039]  ? shrinker_free+0x2ce/0x3e0
[  180.171147][ T6039]  deactivate_locked_super+0xbc/0x130
[  180.171163][ T6039]  cleanup_mnt+0x425/0x4c0
[  180.171177][ T6039]  task_work_run+0x1d4/0x260
[  180.171195][ T6039]  ? __pfx_task_work_run+0x10/0x10
[  180.171211][ T6039]  ? __x64_sys_umount+0x122/0x160
[  180.171226][ T6039]  ? __pfx___x64_sys_umount+0x10/0x10
[  180.171241][ T6039]  ? rcu_is_watching+0x15/0xb0
[  180.171253][ T6039]  exit_to_user_mode_loop+0xec/0x110
[  180.171269][ T6039]  do_syscall_64+0x2bd/0x3b0
[  180.171286][ T6039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.171297][ T6039]  ? exc_page_fault+0x9f/0xf0
[  180.171312][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.171323][ T6039] RIP: 0033:0x7fc60eb8ff17
[  180.171336][ T6039] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  180.171349][ T6039] RSP: 002b:00007ffdeeba3678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  180.171365][ T6039] RAX: 0000000000000000 RBX: 00007fc60ec11c05 RCX: 00007fc60eb8ff17
[  180.171373][ T6039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdeeba3730
[  180.171381][ T6039] RBP: 00007ffdeeba3730 R08: 0000000000000000 R09: 0000000000000000
[  180.171389][ T6039] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdeeba47c0
[  180.171396][ T6039] R13: 00007fc60ec11c05 R14: 000000000002bf3d R15: 00007ffdeeba4800
[  180.171410][ T6039]  </TASK>
[  180.171421][ T6039] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  180.466528][T10545] netlink: 'syz.3.1661': attribute type 1 has an invalid length.
[  180.469873][T10545] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1661'.
[  180.597304][T10559] loop3: detected capacity change from 0 to 1024
[  180.631273][T10559] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  180.639556][T10559] ext4 filesystem being mounted at /419/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.661353][T10559] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm syz.3.1668: lblock 0 mapped to illegal pblock 0 (length 1)
[  180.669228][T10559] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  180.681329][T10559] EXT4-fs (loop3): This should not happen!! Data will be lost
[  180.681329][T10559] 
[  180.687492][T10559] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1668: lblock 0 mapped to illegal pblock 0 (length 1)
[  180.693638][T10559] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1668: lblock 0 mapped to illegal pblock 0 (length 1)
[  180.707261][T10559] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1668: lblock 0 mapped to illegal pblock 0 (length 1)
[  180.719136][T10559] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1668: lblock 0 mapped to illegal pblock 0 (length 1)
[  180.728641][T10559] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1668: lblock 0 mapped to illegal pblock 0 (length 1)
[  180.734582][T10564] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  180.742719][T10559] EXT4-fs error (device loop3): ext4_ext_remove_space:2955: inode #15: comm syz.3.1668: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  180.754359][T10572] netlink: 'syz.5.1672': attribute type 1 has an invalid length.
[  180.787344][ T6039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  180.793826][T10572] bond1: (slave gretap1): making interface the new active one
[  180.805360][T10572] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  180.983140][ T5873] kernel write not supported for file /vcsa (pid: 5873 comm: kworker/0:4)
[  181.097826][ T5888] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  181.261231][ T5888] usb 6-1: Using ep0 maxpacket: 16
[  181.266937][ T5888] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  181.273651][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.279824][ T5888] usb 6-1: config 0 descriptor??
[  181.284726][ T5888] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  181.389191][T10602] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  181.389191][T10602] The task syz.3.1685 (10602) triggered the difference, watch for misbehavior.
[  181.486097][ T5888] usb 6-1: Detected FT232B
[  181.686517][ T5888] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  181.690798][ T5888] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  181.694698][ T5888] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  181.699304][ T5888] usb 6-1: USB disconnect, device number 11
[  181.724615][ T5888] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  181.728704][ T5888] ftdi_sio 6-1:0.0: device disconnected
[  182.373696][ T5873] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  182.473582][ T5888] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  182.533619][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  182.537690][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.542755][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.547607][ T5873] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  182.553187][ T5873] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  182.557649][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.562616][ T5873] usb 4-1: config 0 descriptor??
[  182.623684][ T5888] usb 6-1: Using ep0 maxpacket: 8
[  182.627528][ T5888] usb 6-1: config 0 has an invalid interface number: 122 but max is 0
[  182.630916][ T5888] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  182.635520][ T5888] usb 6-1: config 0 has no interface number 0
[  182.638143][ T5888] usb 6-1: config 0 interface 122 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  182.646221][ T5888] usb 6-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[  182.649941][ T5888] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.653187][ T5888] usb 6-1: Product: syz
[  182.655175][ T5888] usb 6-1: Manufacturer: syz
[  182.657198][ T5888] usb 6-1: SerialNumber: syz
[  182.662325][ T5888] usb 6-1: config 0 descriptor??
[  182.871102][ T5888] usb 6-1: NFC: intf ffff888110f75000 id ffffffff8eb53fe0
[  182.877948][ T5888] usb 6-1: USB disconnect, device number 12
[  182.969642][ T5873] microsoft 0003:045E:07DA.000D: unknown main item tag 0x1
[  182.976394][ T5873] microsoft 0003:045E:07DA.000D: report is too long
[  182.979163][ T5873] microsoft 0003:045E:07DA.000D: item 0 2 0 11 parsing failed
[  182.982579][ T5873] microsoft 0003:045E:07DA.000D: parse failed
[  182.985306][ T5873] microsoft 0003:045E:07DA.000D: probe with driver microsoft failed with error -22
[  183.060235][T10639] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1701'.
[  183.172938][ T5873] usb 4-1: USB disconnect, device number 26
[  183.451318][T10657] loop5: detected capacity change from 0 to 4096
[  183.469217][T10657] ntfs3(loop5): $Secure::$SDH is corrupted.
[  183.471680][T10657] ntfs3(loop5): Failed to initialize $Secure (-22).
[  183.609044][T10659] loop5: detected capacity change from 0 to 32768
[  183.621280][T10659] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  183.644146][T10659] XFS (loop5): Ending clean mount
[  183.657992][ T8652] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  183.866000][T10671] loop5: detected capacity change from 0 to 32768
[  183.933237][T10676] loop3: detected capacity change from 0 to 40427
[  183.947526][T10671] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256
[  183.947543][T10671]   allowing incompatible features above 0.0: (unknown version)
[  183.947550][T10671]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  183.964214][T10676] F2FS-fs (loop3): build fault injection rate: 771
[  183.966848][T10671] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  183.967387][T10676] F2FS-fs (loop3): invalid crc value
[  183.969905][T10671] bcachefs (loop5): initializing new filesystem
[  183.979055][T10671] bcachefs (loop5): going read-write
[  184.001853][T10671] bcachefs (loop5): marking superblocks
[  184.008729][T10676] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  184.011194][T10671] bcachefs (loop5): initializing freespace
[  184.012606][T10676] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  184.016242][T10671] bcachefs (loop5): done initializing freespace
[  184.021411][T10671] bcachefs (loop5): reading snapshots table
[  184.024483][T10671] bcachefs (loop5): reading snapshots done
[  184.031533][T10671] bcachefs (loop5): done starting filesystem
[  184.059800][T10676] syz.3.1715: attempt to access beyond end of device
[  184.059800][T10676] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  184.067398][ T8652] bcachefs (loop5): shutting down
[  184.069266][ T8652] bcachefs (loop5): going read-only
[  184.071175][ T8652] bcachefs (loop5): finished waiting for writes to stop
[  184.077240][ T8652] bcachefs (loop5): flushing journal and stopping allocators, journal seq 2
[  184.085199][ T8652] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  184.093030][ T8652] bcachefs (loop5): clean shutdown complete, journal seq 4
[  184.098963][ T6039] syz-executor: attempt to access beyond end of device
[  184.098963][ T6039] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  184.106087][ T8652] bcachefs (loop5): marking filesystem clean
[  184.108618][ T6039] CPU: 1 UID: 0 PID: 6039 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  184.108634][ T6039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  184.108642][ T6039] Call Trace:
[  184.108647][ T6039]  <TASK>
[  184.108652][ T6039]  dump_stack_lvl+0x189/0x250
[  184.108674][ T6039]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.108690][ T6039]  ? __pfx_queue_work_on+0x10/0x10
[  184.108707][ T6039]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  184.108724][ T6039]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  184.108744][ T6039]  f2fs_handle_critical_error+0x37c/0x540
[  184.108764][ T6039]  f2fs_write_end_io+0x886/0xb60
[  184.108781][ T6039]  __submit_merged_bio+0x27a/0x6a0
[  184.108800][ T6039]  __submit_merged_write_cond+0x255/0x530
[  184.108817][ T6039]  f2fs_write_data_pages+0x261d/0x3000
[  184.108845][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  184.108891][ T6039]  ? kernel_text_address+0xa5/0xe0
[  184.108916][ T6039]  ? stack_depot_save_flags+0x40/0x860
[  184.108937][ T6039]  ? cleanup_mnt+0x425/0x4c0
[  184.108951][ T6039]  ? task_work_run+0x1d4/0x260
[  184.108964][ T6039]  ? exit_to_user_mode_loop+0xec/0x110
[  184.108981][ T6039]  ? do_syscall_64+0x2bd/0x3b0
[  184.108995][ T6039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.109014][ T6039]  ? filemap_get_folios_tag+0xed/0x630
[  184.109025][ T6039]  ? rcu_is_watching+0x15/0xb0
[  184.109039][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  184.109056][ T6039]  do_writepages+0x32e/0x550
[  184.109072][ T6039]  ? rcu_is_watching+0x15/0xb0
[  184.109084][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  184.109101][ T6039]  filemap_fdatawrite+0x199/0x240
[  184.109117][ T6039]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  184.109144][ T6039]  ? rcu_is_watching+0x15/0xb0
[  184.109156][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  184.109172][ T6039]  f2fs_sync_dirty_inodes+0x31f/0x830
[  184.109194][ T6039]  f2fs_write_checkpoint+0x95a/0x1df0
[  184.109213][ T6039]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  184.109237][ T6039]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  184.109249][ T6039]  ? kfree+0x18e/0x440
[  184.109264][ T6039]  ? kill_f2fs_super+0x298/0x6c0
[  184.109277][ T6039]  kill_f2fs_super+0x2c3/0x6c0
[  184.109291][ T6039]  ? __pfx_kill_f2fs_super+0x10/0x10
[  184.109301][ T6039]  ? radix_tree_delete_item+0x2b6/0x400
[  184.109319][ T6039]  ? shrinker_free+0x2ce/0x3e0
[  184.109332][ T6039]  deactivate_locked_super+0xbc/0x130
[  184.109348][ T6039]  cleanup_mnt+0x425/0x4c0
[  184.109361][ T6039]  task_work_run+0x1d4/0x260
[  184.109378][ T6039]  ? __pfx_task_work_run+0x10/0x10
[  184.109391][ T6039]  ? __x64_sys_umount+0x122/0x160
[  184.109407][ T6039]  ? __pfx___x64_sys_umount+0x10/0x10
[  184.109422][ T6039]  ? rcu_is_watching+0x15/0xb0
[  184.109433][ T6039]  exit_to_user_mode_loop+0xec/0x110
[  184.109450][ T6039]  do_syscall_64+0x2bd/0x3b0
[  184.109465][ T6039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.109478][ T6039]  ? exc_page_fault+0x9f/0xf0
[  184.109492][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.109503][ T6039] RIP: 0033:0x7fc60eb8ff17
[  184.109515][ T6039] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  184.109525][ T6039] RSP: 002b:00007ffdeeba3678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  184.109539][ T6039] RAX: 0000000000000000 RBX: 00007fc60ec11c05 RCX: 00007fc60eb8ff17
[  184.109548][ T6039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdeeba3730
[  184.109555][ T6039] RBP: 00007ffdeeba3730 R08: 0000000000000000 R09: 0000000000000000
[  184.109561][ T6039] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdeeba47c0
[  184.109570][ T6039] R13: 00007fc60ec11c05 R14: 000000000002ce9d R15: 00007ffdeeba4800
[  184.109583][ T6039]  </TASK>
[  184.109588][ T6039] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  184.270294][ T8652] bcachefs (loop5): shutdown complete
[  186.133876][   T51] kernel read not supported for file /dsp1 (pid: 51 comm: kworker/1:1)
[  186.211763][T10729] loop3: detected capacity change from 0 to 512
[  186.224541][T10729] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  186.228253][T10729] EXT4-fs (loop3): invalid journal inode
[  186.231799][T10729] EXT4-fs (loop3): can't get journal size
[  186.236136][T10729] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a056c119, mo2=0002]
[  186.238556][T10729] System zones: 1-12, 13-13
[  186.244264][T10729] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.1732: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  186.256014][T10729] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1732: couldn't read orphan inode 15 (err -117)
[  186.260559][T10729] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.298707][ T6039] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.522736][T10749] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  186.712731][T10747] loop3: detected capacity change from 0 to 32768
[  186.753786][T10747] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  186.774807][ T6039] ocfs2: Unmounting device (7,3) on (node local)
[  186.973569][   T54] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  187.001384][   T54] Bluetooth: hci0: unknown advertising packet type: 0x82
[  187.001403][   T54] Bluetooth: hci0: Dropping invalid advertising data
[  187.007385][   T54] Bluetooth: hci0: Malformed LE Event: 0x02
[  187.685474][ T5873] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  187.833681][ T5873] usb 6-1: Using ep0 maxpacket: 16
[  187.837470][ T5873] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.841812][ T5873] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  187.846473][ T5873] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  187.851964][ T5873] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  187.856387][ T5873] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.867657][ T5873] usb 6-1: config 0 descriptor??
[  188.116194][T10803] loop3: detected capacity change from 0 to 32768
[  188.127606][T10803] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  188.150765][T10803] XFS (loop3): Ending clean mount
[  188.165904][   T33] audit: type=1800 audit(2000000053.850:70): pid=10803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1762" name="file1" dev="loop3" ino=4425 res=0 errno=0
[  188.180372][ T6039] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  188.300629][ T5873] shield 0003:0955:7214.000E: unknown main item tag 0x0
[  188.303225][ T5873] shield 0003:0955:7214.000E: item fetching failed at offset 2/5
[  188.306540][ T5873] shield 0003:0955:7214.000E: Parse failed
[  188.308979][ T5873] shield 0003:0955:7214.000E: probe with driver shield failed with error -22
[  188.462587][   T33] audit: type=1326 audit(2000000054.140:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10832 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60eb8ebe9 code=0x7ffc0000
[  188.472518][   T33] audit: type=1326 audit(2000000054.140:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10832 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60eb8ebe9 code=0x7ffc0000
[  188.482232][   T33] audit: type=1326 audit(2000000054.150:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10832 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7fc60eb8ebe9 code=0x7ffc0000
[  188.492597][   T33] audit: type=1326 audit(2000000054.150:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10832 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60eb8ebe9 code=0x7ffc0000
[  188.512921][ T5873] usb 6-1: USB disconnect, device number 13
[  188.642302][T10849] overlayfs: failed to clone upperpath
[  188.714956][T10845] loop3: detected capacity change from 0 to 40427
[  188.726027][T10845] F2FS-fs (loop3): build fault injection rate: 25
[  188.728493][T10845] F2FS-fs (loop3): build fault injection type: 0x7698c
[  188.731888][T10845] F2FS-fs (loop3): invalid crc value
[  188.742101][T10845] F2FS-fs (loop3): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  188.747401][T10845] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  188.766456][T10845] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  188.770300][T10845] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  188.778410][T10845] F2FS-fs (loop3): inject too big dir depth in f2fs_add_regular_entry of f2fs_add_dentry+0xda/0x1d0
[  188.785711][T10845] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_read_data_folio+0xc1/0x7d0
[  188.798861][ T6039] syz-executor: attempt to access beyond end of device
[  188.798861][ T6039] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  188.804510][ T6039] CPU: 0 UID: 0 PID: 6039 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  188.804524][ T6039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  188.804530][ T6039] Call Trace:
[  188.804533][ T6039]  <TASK>
[  188.804537][ T6039]  dump_stack_lvl+0x189/0x250
[  188.804552][ T6039]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.804561][ T6039]  ? __pfx_queue_work_on+0x10/0x10
[  188.804570][ T6039]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  188.804581][ T6039]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  188.804592][ T6039]  f2fs_handle_critical_error+0x37c/0x540
[  188.804604][ T6039]  f2fs_write_end_io+0x886/0xb60
[  188.804614][ T6039]  __submit_merged_bio+0x27a/0x6a0
[  188.804625][ T6039]  __submit_merged_write_cond+0x255/0x530
[  188.804635][ T6039]  f2fs_write_data_pages+0x261d/0x3000
[  188.804645][ T6039]  ? arch_stack_walk+0xfc/0x150
[  188.804659][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  188.804669][ T6039]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  188.804680][ T6039]  ? rcu_is_watching+0x15/0xb0
[  188.804693][ T6039]  ? folios_put_refs+0x559/0x640
[  188.804704][ T6039]  ? __pfx_folios_put_refs+0x10/0x10
[  188.804711][ T6039]  ? rcu_is_watching+0x15/0xb0
[  188.804718][ T6039]  ? lru_add+0xa2f/0xd80
[  188.804724][ T6039]  ? lru_add+0x198/0xd80
[  188.804731][ T6039]  ? folio_batch_move_lru+0x319/0x3a0
[  188.804739][ T6039]  ? filemap_get_folios_tag+0xed/0x630
[  188.804746][ T6039]  ? rcu_is_watching+0x15/0xb0
[  188.804753][ T6039]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  188.804763][ T6039]  do_writepages+0x32e/0x550
[  188.804773][ T6039]  ? rcu_is_watching+0x15/0xb0
[  188.804780][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  188.804791][ T6039]  filemap_fdatawrite+0x199/0x240
[  188.804801][ T6039]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  188.804839][ T6039]  ? rcu_is_watching+0x15/0xb0
[  188.804851][ T6039]  ? do_raw_spin_unlock+0x4d/0x240
[  188.804865][ T6039]  f2fs_sync_dirty_inodes+0x31f/0x830
[  188.804880][ T6039]  f2fs_write_checkpoint+0x95a/0x1df0
[  188.804898][ T6039]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  188.804923][ T6039]  ? kill_f2fs_super+0x298/0x6c0
[  188.804936][ T6039]  kill_f2fs_super+0x2c3/0x6c0
[  188.804950][ T6039]  ? __pfx_kill_f2fs_super+0x10/0x10
[  188.804959][ T6039]  ? radix_tree_delete_item+0x2b6/0x400
[  188.804977][ T6039]  ? shrinker_free+0x2ce/0x3e0
[  188.804992][ T6039]  deactivate_locked_super+0xbc/0x130
[  188.805007][ T6039]  cleanup_mnt+0x425/0x4c0
[  188.805018][ T6039]  task_work_run+0x1d4/0x260
[  188.805029][ T6039]  ? __pfx_task_work_run+0x10/0x10
[  188.805037][ T6039]  ? __x64_sys_umount+0x122/0x160
[  188.805047][ T6039]  ? __pfx___x64_sys_umount+0x10/0x10
[  188.805058][ T6039]  ? rcu_is_watching+0x15/0xb0
[  188.805066][ T6039]  exit_to_user_mode_loop+0xec/0x110
[  188.805076][ T6039]  do_syscall_64+0x2bd/0x3b0
[  188.805087][ T6039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.805095][ T6039]  ? exc_page_fault+0x9f/0xf0
[  188.805104][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.805111][ T6039] RIP: 0033:0x7fc60eb8ff17
[  188.805119][ T6039] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  188.805127][ T6039] RSP: 002b:00007ffdeeba3678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  188.805136][ T6039] RAX: 0000000000000000 RBX: 00007fc60ec11c05 RCX: 00007fc60eb8ff17
[  188.805141][ T6039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdeeba3730
[  188.805146][ T6039] RBP: 00007ffdeeba3730 R08: 0000000000000000 R09: 0000000000000000
[  188.805150][ T6039] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdeeba47c0
[  188.805155][ T6039] R13: 00007fc60ec11c05 R14: 000000000002e100 R15: 00007ffdeeba4800
[  188.805163][ T6039]  </TASK>
[  188.805167][ T6039] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  189.290100][T10862] loop3: detected capacity change from 0 to 256
[  189.295217][T10862] exfat: Deprecated parameter 'utf8'
[  189.301241][T10862] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  189.312007][T10860] loop5: detected capacity change from 0 to 32768
[  189.330131][T10860] read_mapping_page failed!
[  189.508154][   T33] audit: type=1400 audit(2000000055.180:75): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A2F2C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=10882 comm="syz.5.1789"
[  189.621717][T10895] loop3: detected capacity change from 0 to 256
[  189.624625][T10895] exfat: Deprecated parameter 'namecase'
[  189.627062][T10895] exfat: Deprecated parameter 'namecase'
[  189.631799][T10895] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  189.776883][T10897] loop3: detected capacity change from 0 to 32768
[  189.794279][T10897] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  189.811420][ T6039] ocfs2: Unmounting device (7,3) on (node local)
[  189.833535][   T51] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  189.983522][   T51] usb 6-1: Using ep0 maxpacket: 8
[  189.987491][   T51] usb 6-1: config 150 has an invalid interface number: 204 but max is 0
[  189.990267][   T51] usb 6-1: config 150 has no interface number 0
[  189.992403][   T51] usb 6-1: config 150 interface 204 has no altsetting 0
[  189.997466][   T51] usb 6-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  190.001015][   T51] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.004034][   T51] usb 6-1: Product: syz
[  190.005456][   T51] usb 6-1: Manufacturer: syz
[  190.007125][   T51] usb 6-1: SerialNumber: syz
[  190.143643][ T5873] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  190.304187][ T5873] usb 4-1: Using ep0 maxpacket: 32
[  190.307607][ T5873] usb 4-1: config 14 has an invalid interface number: 137 but max is 3
[  190.310627][ T5873] usb 4-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[  190.314583][ T5873] usb 4-1: config 14 has 2 interfaces, different from the descriptor's value: 4
[  190.318018][ T5873] usb 4-1: config 14 has no interface number 1
[  190.320628][ T5873] usb 4-1: config 14 interface 137 has no altsetting 0
[  190.326011][ T5873] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=2a.8a
[  190.329304][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.332353][ T5873] usb 4-1: Product: syz
[  190.334176][ T5873] usb 4-1: Manufacturer: syz
[  190.336264][ T5873] usb 4-1: SerialNumber: syz
[  190.421455][   T51] usb 6-1: USB disconnect, device number 14
[  190.548303][ T5873] ati_remote2 4-1:14.0: ati_remote2_probe(): interface 0 must have an endpoint
[  190.554198][ T5873] usb 4-1: USB disconnect, device number 27
[  191.074900][T10925] loop3: detected capacity change from 0 to 16
[  191.078564][T10925] erofs (device loop3): mounted with root inode @ nid 36.
[  191.166916][T10931] loop3: detected capacity change from 0 to 256
[  191.187507][T10919] loop5: detected capacity change from 0 to 32768
[  191.213241][T10919] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  191.249675][T10919] XFS (loop5): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x2442 dinode
[  191.254261][T10919] XFS (loop5): Unmount and run xfs_repair
[  191.256609][T10919] XFS (loop5): First 128 bytes of corrupted metadata buffer:
[  191.259668][T10919] 00000000: 49 4e 80 00 03 02 00 ff 00 00 00 00 00 00 00 00  IN..............
[  191.262988][T10919] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  191.273492][T10919] 00000020: 1d cd 65 00 00 00 00 00 34 f7 58 68 80 32 ca 40  ..e.....4.Xh.2.@
[  191.281021][T10919] 00000030: 34 f7 58 68 80 32 ca 40 00 00 00 00 00 00 00 00  4.Xh.2.@........
[  191.284619][T10919] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  191.287577][T10919] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  191.290823][T10919] 00000060: ff ff ff ff 0a bb 5a de 00 00 00 00 00 00 00 02  ......Z.........
[  191.305227][T10919] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08  ................
[  191.312899][T10919] XFS (loop5): metadata inode 0x2442 type 6 is corrupt
[  191.316382][T10919] XFS (loop5): failed to read RT inodes
[  191.318425][T10919] XFS (loop5): Uncorrected metadata errors detected; please run xfs_repair.
[  191.415699][T10952] loop3: detected capacity change from 0 to 32768
[  191.782258][T10969] loop5: detected capacity change from 0 to 512
[  191.797020][T10971] netlink: 'syz.3.1827': attribute type 1 has an invalid length.
[  191.815269][T10969] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.820488][T10969] ext4 filesystem being mounted at /211/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  191.844574][T10969] EXT4-fs: can't change dax mount option while remounting
[  191.860163][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.128675][T11000] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1840'.
[  192.710830][T11024] smc: net device bond0 applied user defined pnetid SYZ2
[  193.625947][ T5873] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  193.812856][T11044] loop5: detected capacity change from 0 to 32768
[  193.823090][T11044] bcachefs (/dev/loop5): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  193.823090][T11044] clean (size 2912):
[  193.823090][T11044] flags:          0
[  193.823090][T11044] journal_seq:    10
[  193.823090][T11044] usage: type=inodes v=8
[  193.823090][T11044] write_buffer_keys: btree=dirents level=0 u64s 5 type deleted 0:21491613697:0 len 0 ver 4294967296
[  193.823090][T11044] usage: type=reserved v=0
[  193.823090][T11044] usage: type=reserved v=0
[  193.823090][T11044] usage: type=reserved v=0
[  193.823090][T11044] usage: type=reserved v=0
[  193.823090][T11044] data_usage: free: 0/0 []=83888896
[  193.823090][T11044] data_usage: journal: 1/1 [0]=0
[  193.823090][T11044] data_usage: user: 1/1 [0]=32
[  193.823090][T11044] dev_usage: dev=0  
[  193.823090][T11044]   free: buckets=83 sectors=0 fragmented=0
[  193.823090][T11044]   sb: buckets=25 sectors=6152 fragmented=248
[  193.823090][T11044]   journal: buckets=8 sectors=2048 fragmented=0
[  193.823090][T11044]   btree: buckets=11 sectors=2816 fragmented=0
[  193.823090][T11044]   user: buckets=1 sectors=32 fragmented=224
[  193.823090][T11044]   cached: buckets=0 sectors=0 fragmented=0
[  193.823090][T11044]   parity: buckets=0 sectors=0 fragmented=0
[  193.823090][T11044]   stripe: buckets=0 sectors=0 fragmented=0
[  193.823090][T11044]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  193.823090][T11044]   need_discard: buckets=0 sectors=0 fragmented=0
[  193.823090][T11044] clock: read=0
[  193.823090][T11044] clock: write=1336
[  193.823090][T11044] btree_root: btre
[  193.824173][T11044] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  193.907438][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.913258][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.918148][ T5873] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  193.923586][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.930552][ T5873] usb 4-1: config 0 descriptor??
[  194.033897][T11048] loop5: detected capacity change from 0 to 40427
[  194.045964][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  194.048282][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  194.052207][T11048] F2FS-fs (loop5): invalid crc value
[  194.068239][T11048] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  194.071995][T11048] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  194.077395][   T33] audit: type=1800 audit(2000000059.760:76): pid=11048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1860" name="bus" dev="loop5" ino=10 res=0 errno=0
[  194.089306][ T8652] syz-executor: attempt to access beyond end of device
[  194.089306][ T8652] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  194.094375][ T8652] CPU: 1 UID: 0 PID: 8652 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  194.094386][ T8652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  194.094391][ T8652] Call Trace:
[  194.094395][ T8652]  <TASK>
[  194.094398][ T8652]  dump_stack_lvl+0x189/0x250
[  194.094414][ T8652]  ? __pfx_dump_stack_lvl+0x10/0x10
[  194.094423][ T8652]  ? __pfx_queue_work_on+0x10/0x10
[  194.094432][ T8652]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  194.094444][ T8652]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  194.094455][ T8652]  f2fs_handle_critical_error+0x37c/0x540
[  194.094467][ T8652]  f2fs_write_end_io+0x886/0xb60
[  194.094477][ T8652]  __submit_merged_bio+0x27a/0x6a0
[  194.094487][ T8652]  __submit_merged_write_cond+0x255/0x530
[  194.094498][ T8652]  f2fs_write_data_pages+0x261d/0x3000
[  194.094513][ T8652]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.094537][ T8652]  ? do_raw_spin_lock+0x121/0x290
[  194.094548][ T8652]  ? do_raw_spin_unlock+0x4d/0x240
[  194.094556][ T8652]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.094567][ T8652]  do_writepages+0x32e/0x550
[  194.094578][ T8652]  ? rcu_is_watching+0x15/0xb0
[  194.094586][ T8652]  ? do_raw_spin_unlock+0x4d/0x240
[  194.094594][ T8652]  filemap_fdatawrite+0x199/0x240
[  194.094605][ T8652]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  194.094620][ T8652]  ? rcu_is_watching+0x15/0xb0
[  194.094627][ T8652]  ? do_raw_spin_unlock+0x4d/0x240
[  194.094640][ T8652]  f2fs_sync_dirty_inodes+0x31f/0x830
[  194.094655][ T8652]  f2fs_write_checkpoint+0x95a/0x1df0
[  194.094672][ T8652]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  194.094693][ T8652]  ? kill_f2fs_super+0x298/0x6c0
[  194.094705][ T8652]  kill_f2fs_super+0x2c3/0x6c0
[  194.094716][ T8652]  ? __pfx_kill_f2fs_super+0x10/0x10
[  194.094726][ T8652]  ? radix_tree_delete_item+0x2b6/0x400
[  194.094743][ T8652]  ? shrinker_free+0x2ce/0x3e0
[  194.094756][ T8652]  deactivate_locked_super+0xbc/0x130
[  194.094796][ T8652]  cleanup_mnt+0x425/0x4c0
[  194.094805][ T8652]  task_work_run+0x1d4/0x260
[  194.094821][ T8652]  ? __pfx_task_work_run+0x10/0x10
[  194.094834][ T8652]  ? __x64_sys_umount+0x122/0x160
[  194.094848][ T8652]  ? __pfx___x64_sys_umount+0x10/0x10
[  194.094863][ T8652]  ? rcu_is_watching+0x15/0xb0
[  194.094875][ T8652]  exit_to_user_mode_loop+0xec/0x110
[  194.094890][ T8652]  do_syscall_64+0x2bd/0x3b0
[  194.094906][ T8652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.094917][ T8652]  ? exc_page_fault+0x9f/0xf0
[  194.094932][ T8652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.094942][ T8652] RIP: 0033:0x7f3b5d38ff17
[  194.094953][ T8652] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  194.094970][ T8652] RSP: 002b:00007ffcb2a107f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  194.094984][ T8652] RAX: 0000000000000000 RBX: 00007f3b5d411c05 RCX: 00007f3b5d38ff17
[  194.094992][ T8652] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb2a108b0
[  194.095000][ T8652] RBP: 00007ffcb2a108b0 R08: 0000000000000000 R09: 0000000000000000
[  194.095007][ T8652] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb2a11940
[  194.095015][ T8652] R13: 00007f3b5d411c05 R14: 000000000002f4ff R15: 00007ffcb2a11980
[  194.095028][ T8652]  </TASK>
[  194.095034][ T8652] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  194.511907][ T5873] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  194.518013][ T5873] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  194.619205][ T5873] cp2112 0003:10C4:EA90.000F: error requesting version
[  194.635793][ T5873] cp2112 0003:10C4:EA90.000F: probe with driver cp2112 failed with error -71
[  194.654693][ T5873] usb 4-1: USB disconnect, device number 28
[  195.350988][T11068] loop3: detected capacity change from 0 to 4096
[  195.939970][T11072] loop5: detected capacity change from 0 to 32768
[  196.069692][T11072] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  196.069823][T11072]   allowing incompatible features above 0.0: (unknown version)
[  196.069832][T11072]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  196.092493][T11072] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  196.102189][T11072] bcachefs (loop5): initializing new filesystem
[  196.150210][T11072] bcachefs (loop5): going read-write
[  196.158824][T11072] bcachefs (loop5): marking superblocks
[  196.182702][T11072] bcachefs (loop5): initializing freespace
[  196.189256][T11072] bcachefs (loop5): done initializing freespace
[  196.197177][T11072] bcachefs (loop5): reading snapshots table
[  196.199510][T11072] bcachefs (loop5): reading snapshots done
[  196.222005][T11072] bcachefs (loop5): done starting filesystem
[  196.257904][   T54] Bluetooth: hci0: Invalid handle: 0x0f00 > 0x0eff
[  196.340309][ T8652] bcachefs (loop5): shutting down
[  196.342162][ T8652] bcachefs (loop5): going read-only
[  196.346279][ T8652] bcachefs (loop5): finished waiting for writes to stop
[  196.349458][ T8652] bcachefs (loop5): flushing journal and stopping allocators, journal seq 2
[  196.380727][ T8652] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  196.388570][ T8652] bcachefs (loop5): clean shutdown complete, journal seq 4
[  196.391675][ T8652] bcachefs (loop5): marking filesystem clean
[  196.417101][ T8652] bcachefs (loop5): shutdown complete
[  196.883631][ T5873] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  197.052831][ T5873] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  197.056153][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.058801][ T5873] usb 4-1: Product: syz
[  197.060955][ T5873] usb 4-1: Manufacturer: syz
[  197.062618][ T5873] usb 4-1: SerialNumber: syz
[  197.066322][ T5873] usb 4-1: config 0 descriptor??
[  197.072275][ T5873] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 029
[  197.303272][T11105] loop5: detected capacity change from 0 to 512
[  197.475207][ T5873]  (null): failure reading functionality
[  197.478032][ T5873] i2c i2c-2: failure reading functionality
[  197.481923][ T5873] i2c i2c-2: connected i2c-tiny-usb device
[  197.485636][ T5873] usb 4-1: USB disconnect, device number 29
[  197.502601][T11115] loop5: detected capacity change from 0 to 32768
[  197.552339][T11115] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  197.552362][T11115]   allowing incompatible features above 0.0: (unknown version)
[  197.552370][T11115]   features: 
[  197.567134][T11115] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  197.570493][T11115] bcachefs (loop5): initializing new filesystem
[  197.578228][T11115] bcachefs (loop5): going read-write
[  197.582030][T11115] bcachefs (loop5): marking superblocks
[  197.589293][T11115] bcachefs (loop5): initializing freespace
[  197.593934][T11115] bcachefs (loop5): done initializing freespace
[  197.599025][T11115] bcachefs (loop5): reading snapshots table
[  197.601507][T11115] bcachefs (loop5): reading snapshots done
[  197.611212][T11115] bcachefs (loop5): done starting filesystem
[  197.651585][T11115] bcachefs (loop5): going read-only
[  197.654242][T11115] bcachefs (loop5): finished waiting for writes to stop
[  197.657681][T11115] bcachefs (loop5): flushing journal and stopping allocators, journal seq 1
[  197.669428][T11115] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 2
[  197.674484][T11115] bcachefs (loop5): clean shutdown complete, journal seq 3
[  197.677952][T11115] bcachefs (loop5): marking filesystem clean
[  197.705598][ T8652] bcachefs (loop5): shutting down
[  197.717793][ T8652] bcachefs (loop5): shutdown complete
[  198.137170][T11139] loop3: detected capacity change from 0 to 32768
[  198.364649][T11139] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  198.364672][T11139]   allowing incompatible features above 0.0: (unknown version)
[  198.364679][T11139]   features: 
[  198.378262][T11139] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  198.381026][T11139] bcachefs (loop3): initializing new filesystem
[  198.387773][T11139] bcachefs (loop3): going read-write
[  198.390959][T11139] bcachefs (loop3): marking superblocks
[  198.397222][T11139] bcachefs (loop3): initializing freespace
[  198.400845][T11139] bcachefs (loop3): done initializing freespace
[  198.405158][T11139] bcachefs (loop3): reading snapshots table
[  198.407258][T11139] bcachefs (loop3): reading snapshots done
[  198.414825][T11139] bcachefs (loop3): done starting filesystem
[  198.486146][ T6039] bcachefs (loop3): shutting down
[  198.488562][ T6039] bcachefs (loop3): going read-only
[  198.490850][ T6039] bcachefs (loop3): finished waiting for writes to stop
[  198.496590][ T6039] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  198.508300][ T6039] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 2
[  198.511953][ T6039] bcachefs (loop3): clean shutdown complete, journal seq 3
[  198.515613][ T6039] bcachefs (loop3): marking filesystem clean
[  198.526817][ T6039] bcachefs (loop3): shutdown complete
[  198.631362][T11157] loop5: detected capacity change from 0 to 32768
[  198.655887][T11157] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  198.683834][T11157] XFS (loop5): Ending clean mount
[  198.686286][T11157] XFS (loop5): Quotacheck needed: Please wait.
[  198.691776][T11157] XFS (loop5): Quotacheck: Done.
[  199.043374][ T8652] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  199.172385][T11185] loop5: detected capacity change from 0 to 16
[  199.176472][T11185] erofs (device loop5): mounted with root inode @ nid 36.
[  199.189755][   T33] audit: type=1800 audit(2000000064.870:77): pid=11185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1904" name="file1" dev="loop5" ino=86 res=0 errno=0
[  199.297473][T11194] loop5: detected capacity change from 0 to 2048
[  199.327177][T11194] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.332309][T11194] ext4 filesystem being mounted at /245/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  199.359050][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.424242][T11201] loop5: detected capacity change from 0 to 1024
[  199.445478][T11201] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  199.449351][T11201] ext4 filesystem being mounted at /247/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  199.513679][T11204] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: comm syz.5.1910: lblock 0 mapped to illegal pblock 0 (length 6)
[  199.518995][T11204] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117
[  199.524753][T11204] EXT4-fs (loop5): This should not happen!! Data will be lost
[  199.524753][T11204] 
[  199.606122][T11206] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1911'.
[  199.702049][ T3699] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: block 8: comm kworker/u9:5: lblock 8 mapped to illegal pblock 8 (length 8)
[  199.713106][ T3699] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  199.719423][ T3699] EXT4-fs (loop5): This should not happen!! Data will be lost
[  199.719423][ T3699] 
[  199.732084][ T3699] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  199.738023][ T3699] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 2060 with max blocks 2048 with error 28
[  199.753879][ T3699] EXT4-fs (loop5): This should not happen!! Data will be lost
[  199.753879][ T3699] 
[  199.756917][ T3699] EXT4-fs (loop5): Total free blocks count 0
[  199.758937][ T3699] EXT4-fs (loop5): Free/Dirty block details
[  199.769111][ T3699] EXT4-fs (loop5): free_blocks=4293918720
[  199.982790][T11226] loop5: detected capacity change from 0 to 128
[  199.988221][T11226] FAT-fs (loop5): bogus number of FAT sectors
[  199.992789][T11226] FAT-fs (loop5): Can't find a valid FAT filesystem
[  200.153576][ T5873] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  200.305082][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  200.318006][ T5873] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  200.328142][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.337995][ T5873] usb 4-1: Product: syz
[  200.340498][ T5873] usb 4-1: Manufacturer: syz
[  200.342555][ T5873] usb 4-1: SerialNumber: syz
[  200.357306][ T5873] r8152-cfgselector 4-1: Unknown version 0x0000
[  200.362491][ T5873] r8152-cfgselector 4-1: config 0 descriptor??
[  200.789749][ T5873] r8152-cfgselector 4-1: USB disconnect, device number 30
[  201.303628][  T792] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  201.373089][T11287] vxcan1: tx drop: invalid da for name 0xfffffffffffffffd
[  201.455897][  T792] usb 6-1: Using ep0 maxpacket: 32
[  201.460864][  T792] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  201.464586][  T792] usb 6-1: config 0 has no interface number 0
[  201.467290][  T792] usb 6-1: config 0 interface 132 has no altsetting 0
[  201.473358][  T792] usb 6-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 0.0f
[  201.477901][  T792] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.481214][  T792] usb 6-1: Product: syz
[  201.483030][  T792] usb 6-1: Manufacturer: syz
[  201.485453][  T792] usb 6-1: SerialNumber: syz
[  201.490771][  T792] usb 6-1: config 0 descriptor??
[  201.497972][  T792] ftdi_sio 6-1:0.132: FTDI USB Serial Device converter detected
[  201.501776][  T792] usb 6-1: Detected SIO
[  201.504561][  T792] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  201.538635][T11295] loop3: detected capacity change from 0 to 8192
[  201.546624][T11295] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  201.726778][T11297] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[  201.730056][T11297] FAT-fs (loop3): Filesystem has been set read-only
[  201.796633][ T5873] usb 6-1: USB disconnect, device number 15
[  201.840428][ T5873] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  201.858653][ T5873] ftdi_sio 6-1:0.132: device disconnected
[  202.518015][T11313] loop5: detected capacity change from 0 to 32768
[  202.537963][T11313] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1956 (11313)
[  202.598039][T11313] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  202.613732][T11313] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  202.723515][T11313] BTRFS info (device loop5): checking UUID tree
[  202.737545][T11313] BTRFS info (device loop5): allowing degraded mounts
[  202.741084][T11313] BTRFS info (device loop5): enabling free space tree
[  202.885408][T11315] loop3: detected capacity change from 0 to 32768
[  202.885912][ T8652] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  202.891319][T11315] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1957 (11315)
[  202.907651][T11315] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.912004][T11315] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  202.964130][T11315] BTRFS info (device loop3): rebuilding free space tree
[  202.976116][T11315] BTRFS info (device loop3): disabling free space tree
[  202.980516][T11315] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  202.984962][T11315] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  202.998400][T11315] BTRFS info (device loop3): enabling ssd optimizations
[  203.003840][T11315] BTRFS info (device loop3): force clearing of disk cache
[  203.009731][T11315] BTRFS info (device loop3): enabling auto defrag
[  203.016697][T11315] BTRFS info (device loop3): doing ref verification
[  203.022565][T11315] BTRFS info (device loop3): max_inline set to 57
[  203.029182][T11360] loop5: detected capacity change from 0 to 16
[  203.046704][T11360] erofs (device loop5): mounted with root inode @ nid 36.
[  203.076632][T11315] BTRFS error (device loop3): target device QXw_(oһOzϞ׫k is invalid!
[  203.104717][ T6039] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  203.480913][   T54] Bluetooth: hci1: unexpected event for opcode 0x2019
[  203.626075][T11382] loop3: detected capacity change from 0 to 1024
[  203.696935][ T3699] hfsplus: b-tree write err: -5, ino 4
[  204.844630][ T5873] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  205.003551][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  205.009377][ T5873] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  205.013161][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.016954][ T5873] usb 4-1: Product: syz
[  205.019685][ T5873] usb 4-1: Manufacturer: syz
[  205.021587][ T5873] usb 4-1: SerialNumber: syz
[  205.028939][ T5873] r8152-cfgselector 4-1: Unknown version 0x0000
[  205.031533][ T5873] r8152-cfgselector 4-1: config 0 descriptor??
[  205.444828][  T792] r8152-cfgselector 4-1: USB disconnect, device number 31
[  206.005782][   T54] Bluetooth: hci0: link tx timeout
[  206.008364][   T54] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  206.010862][   T54] Bluetooth: hci0: link tx timeout
[  206.098128][T11465] netlink: 'syz.3.2006': attribute type 12 has an invalid length.
[  206.182870][T11470] loop3: detected capacity change from 0 to 4096
[  206.199451][T11474] netlink: 'syz.4.2010': attribute type 21 has an invalid length.
[  206.260826][T11481] netlink: 'syz.4.2013': attribute type 12 has an invalid length.
[  206.265468][T11481] netlink: 'syz.4.2013': attribute type 29 has an invalid length.
[  206.279570][T11481] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2013'.
[  206.596585][T11511] overlayfs: failed to clone upperpath
[  206.627046][T11505] loop3: detected capacity change from 0 to 32768
[  206.631267][T11505] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2024 (11505)
[  206.646857][T11505] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  206.654247][T11505] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  206.684620][T11505] BTRFS info (device loop3): rebuilding free space tree
[  206.696998][T11505] BTRFS info (device loop3): setting nodatasum
[  206.699793][T11505] BTRFS info (device loop3): enabling ssd optimizations
[  206.702667][T11505] BTRFS info (device loop3): turning off barriers
[  206.707705][T11505] BTRFS info (device loop3): turning on flush-on-commit
[  206.713538][T11505] BTRFS info (device loop3): turning on sync discard
[  206.717712][T11505] BTRFS info (device loop3): enabling free space tree
[  206.720484][T11505] BTRFS info (device loop3): force clearing of disk cache
[  206.724137][T11505] BTRFS info (device loop3): doing ref verification
[  206.751938][ T6039] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  207.041159][T11541] loop3: detected capacity change from 0 to 32768
[  207.049072][T11541] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  207.083377][ T6039] ocfs2: Unmounting device (7,3) on (node local)
[  207.381206][T11592] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2058'.
[  207.624017][ T5880] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  207.773741][ T5880] usb 6-1: Using ep0 maxpacket: 16
[  207.777844][ T5880] usb 6-1: config 0 has an invalid interface number: 48 but max is 0
[  207.781247][ T5880] usb 6-1: config 0 has no interface number 0
[  207.784358][ T5880] usb 6-1: config 0 interface 48 has no altsetting 0
[  207.788949][ T5880] usb 6-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  207.792696][ T5880] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.796332][ T5880] usb 6-1: Product: syz
[  207.797854][ T5880] usb 6-1: Manufacturer: syz
[  207.799847][ T5880] usb 6-1: SerialNumber: syz
[  207.802566][ T5880] usb 6-1: config 0 descriptor??
[  208.015219][ T5880] usb 6-1: USB disconnect, device number 16
[  208.054707][   T54] Bluetooth: hci0: command 0x0406 tx timeout
[  208.265014][T11646] dummy0: entered allmulticast mode
[  208.581131][T11680] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2088'.
[  208.652856][T11689] loop5: detected capacity change from 0 to 64
[  208.659559][T11689] syz.5.2091: attempt to access beyond end of device
[  208.659559][T11689] loop5: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  208.683795][T11689] Buffer I/O error on dev loop5, logical block 134217734, async page read
[  208.697090][T11689] syz.5.2091: attempt to access beyond end of device
[  208.697090][T11689] loop5: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  208.701756][T11689] Buffer I/O error on dev loop5, logical block 134217734, async page read
[  208.767600][T11705] netem: change failed
[  208.780332][T11707] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2097'.
[  208.785258][T11707] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2097'.
[  208.959830][T11723] loop5: detected capacity change from 0 to 40427
[  208.967893][T11723] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  208.971078][T11723] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  208.975444][T11723] F2FS-fs (loop5): invalid crc value
[  208.994819][T11723] F2FS-fs (loop5): access invalid blkaddr:0
[  208.996905][T11723] CPU: 1 UID: 0 PID: 11723 Comm: syz.5.2103 Not tainted syzkaller #0 PREEMPT(full) 
[  208.996919][T11723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  208.996925][T11723] Call Trace:
[  208.996929][T11723]  <TASK>
[  208.996934][T11723]  dump_stack_lvl+0x189/0x250
[  208.996950][T11723]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.996960][T11723]  ? set_normalized_timespec64+0xf0/0x1a0
[  208.996976][T11723]  __f2fs_is_valid_blkaddr+0xe52/0x14f0
[  208.996992][T11723]  sanity_check_extent_cache+0x1a3/0x620
[  208.997008][T11723]  f2fs_iget+0x3a7f/0x5550
[  208.997024][T11723]  f2fs_fill_super+0x494a/0x6ff0
[  208.997041][T11723]  get_tree_bdev_flags+0x40e/0x4d0
[  208.997052][T11723]  ? __pfx_f2fs_fill_super+0x10/0x10
[  208.997059][T11723]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  208.997070][T11723]  vfs_get_tree+0x92/0x2b0
[  208.997079][T11723]  do_new_mount+0x2a2/0x9e0
[  208.997090][T11723]  ? ns_capable+0x8a/0xf0
[  208.997097][T11723]  ? __pfx_do_new_mount+0x10/0x10
[  208.997106][T11723]  ? path_mount+0x61c/0xfe0
[  208.997116][T11723]  ? user_path_at+0x44/0x60
[  208.997124][T11723]  __se_sys_mount+0x317/0x410
[  208.997135][T11723]  ? __pfx___se_sys_mount+0x10/0x10
[  208.997145][T11723]  ? rcu_is_watching+0x15/0xb0
[  208.997152][T11723]  ? __x64_sys_mount+0x20/0xc0
[  208.997162][T11723]  do_syscall_64+0xfa/0x3b0
[  208.997173][T11723]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.997180][T11723]  ? exc_page_fault+0x9f/0xf0
[  208.997189][T11723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.997197][T11723] RIP: 0033:0x7f3b5d39038a
[  208.997205][T11723] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.997214][T11723] RSP: 002b:00007f3b5e130e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  208.997224][T11723] RAX: ffffffffffffffda RBX: 00007f3b5e130ef0 RCX: 00007f3b5d39038a
[  208.997231][T11723] RDX: 0000200000000280 RSI: 0000200000000040 RDI: 00007f3b5e130eb0
[  208.997236][T11723] RBP: 0000200000000280 R08: 00007f3b5e130ef0 R09: 0000000000000000
[  208.997241][T11723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000040
[  208.997247][T11723] R13: 00007f3b5e130eb0 R14: 000000000000559f R15: 0000200000000340
[  208.997255][T11723]  </TASK>
[  208.997638][T11723] F2FS-fs (loop5): sanity_check_extent_cache: inode (ino=3) extent info [0, 0, 1280] is incorrect, run fsck to fix
[  209.081553][T11723] F2FS-fs (loop5): Failed to read root inode
[  209.278873][T11733] loop5: detected capacity change from 0 to 512
[  209.283839][T11733] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 4294967295: comm syz.5.2104: invalid block
[  209.291470][T11733] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2104: invalid indirect mapped block 4294967295 (level 1)
[  209.298792][T11733] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2104: invalid indirect mapped block 4294967295 (level 1)
[  209.305630][T11733] EXT4-fs (loop5): 2 truncates cleaned up
[  209.308490][T11733] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.324834][T11733] EXT4-fs warning (device loop5): ext4_block_to_path:107: block 1768304430 > max in inode 16
[  209.350720][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.489752][T11750] loop5: detected capacity change from 0 to 1024
[  209.492545][T11750] EXT4-fs: Ignoring removed orlov option
[  209.496261][T11750] EXT4-fs: Ignoring removed nomblk_io_submit option
[  209.680154][T11753] sctp: [Deprecated]: syz.4.2111 (pid 11753) Use of int in max_burst socket option deprecated.
[  209.680154][T11753] Use struct sctp_assoc_value instead
[  209.705002][T11750] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.915267][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.129442][T11759] loop5: detected capacity change from 0 to 40427
[  210.134025][T11759] F2FS-fs (loop5): build fault injection rate: 19
[  210.136755][T11759] F2FS-fs (loop5): build fault injection type: 0x3bfe8c
[  210.141336][T11759] F2FS-fs (loop5): invalid crc value
[  210.149667][T11759] F2FS-fs (loop5): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  210.174778][T11759] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  210.180595][T11759] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  210.185327][T11759] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  210.201271][T11759] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  210.245063][T11759] F2FS-fs (loop5): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x1912/0x4130
[  210.251001][   T33] audit: type=1800 audit(2000000075.930:78): pid=11759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2113" name="file0" dev="loop5" ino=10 res=0 errno=0
[  210.311162][ T8652] syz-executor: attempt to access beyond end of device
[  210.311162][ T8652] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  210.317128][ T8652] CPU: 1 UID: 0 PID: 8652 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  210.317157][ T8652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  210.317162][ T8652] Call Trace:
[  210.317165][ T8652]  <TASK>
[  210.317169][ T8652]  dump_stack_lvl+0x189/0x250
[  210.317184][ T8652]  ? __pfx_dump_stack_lvl+0x10/0x10
[  210.317192][ T8652]  ? __pfx_queue_work_on+0x10/0x10
[  210.317201][ T8652]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  210.317211][ T8652]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  210.317222][ T8652]  f2fs_handle_critical_error+0x37c/0x540
[  210.317235][ T8652]  f2fs_write_end_io+0x886/0xb60
[  210.317245][ T8652]  __submit_merged_bio+0x27a/0x6a0
[  210.317256][ T8652]  __submit_merged_write_cond+0x255/0x530
[  210.317266][ T8652]  f2fs_write_data_pages+0x261d/0x3000
[  210.317276][ T8652]  ? rcu_is_watching+0x15/0xb0
[  210.317290][ T8652]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  210.317307][ T8652]  ? __mod_zone_page_state+0xd7/0x140
[  210.317319][ T8652]  ? folios_put_refs+0x560/0x640
[  210.317329][ T8652]  ? __pfx_folios_put_refs+0x10/0x10
[  210.317337][ T8652]  ? rcu_is_watching+0x15/0xb0
[  210.317343][ T8652]  ? lru_add+0xa2f/0xd80
[  210.317350][ T8652]  ? lru_add+0x198/0xd80
[  210.317357][ T8652]  ? folio_batch_move_lru+0x319/0x3a0
[  210.317365][ T8652]  ? filemap_get_folios_tag+0xed/0x630
[  210.317372][ T8652]  ? rcu_is_watching+0x15/0xb0
[  210.317379][ T8652]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  210.317390][ T8652]  do_writepages+0x32e/0x550
[  210.317399][ T8652]  ? rcu_is_watching+0x15/0xb0
[  210.317407][ T8652]  ? do_raw_spin_unlock+0x4d/0x240
[  210.317417][ T8652]  filemap_fdatawrite+0x199/0x240
[  210.317427][ T8652]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  210.317443][ T8652]  ? rcu_is_watching+0x15/0xb0
[  210.317450][ T8652]  ? do_raw_spin_unlock+0x4d/0x240
[  210.317459][ T8652]  f2fs_sync_dirty_inodes+0x31f/0x830
[  210.317468][ T8652]  f2fs_write_checkpoint+0x95a/0x1df0
[  210.317479][ T8652]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  210.317494][ T8652]  ? kill_f2fs_super+0x298/0x6c0
[  210.317502][ T8652]  kill_f2fs_super+0x2c3/0x6c0
[  210.317509][ T8652]  ? __pfx_kill_f2fs_super+0x10/0x10
[  210.317515][ T8652]  ? radix_tree_delete_item+0x2b6/0x400
[  210.317526][ T8652]  ? shrinker_free+0x2ce/0x3e0
[  210.317534][ T8652]  deactivate_locked_super+0xbc/0x130
[  210.317543][ T8652]  cleanup_mnt+0x425/0x4c0
[  210.317552][ T8652]  task_work_run+0x1d4/0x260
[  210.317562][ T8652]  ? __pfx_task_work_run+0x10/0x10
[  210.317570][ T8652]  ? __x64_sys_umount+0x122/0x160
[  210.317579][ T8652]  ? __pfx___x64_sys_umount+0x10/0x10
[  210.317588][ T8652]  ? rcu_is_watching+0x15/0xb0
[  210.317595][ T8652]  exit_to_user_mode_loop+0xec/0x110
[  210.317628][ T8652]  do_syscall_64+0x2bd/0x3b0
[  210.317640][ T8652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.317647][ T8652]  ? exc_page_fault+0x9f/0xf0
[  210.317656][ T8652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.317662][ T8652] RIP: 0033:0x7f3b5d38ff17
[  210.317671][ T8652] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  210.317677][ T8652] RSP: 002b:00007ffcb2a107f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  210.317686][ T8652] RAX: 0000000000000000 RBX: 00007f3b5d411c05 RCX: 00007f3b5d38ff17
[  210.317691][ T8652] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb2a108b0
[  210.317696][ T8652] RBP: 00007ffcb2a108b0 R08: 0000000000000000 R09: 0000000000000000
[  210.317700][ T8652] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb2a11940
[  210.317705][ T8652] R13: 00007f3b5d411c05 R14: 00000000000334d7 R15: 00007ffcb2a11980
[  210.317714][ T8652]  </TASK>
[  210.320144][ T8652] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  210.803998][T11780] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2120'.
[  210.827312][T11781] loop5: detected capacity change from 0 to 1764
[  210.870203][T11781] iso9660: Corrupted directory entry in block 2 of inode 1920
[  210.891035][T11783] C: renamed from team_slave_0 (while UP)
[  210.898578][T11783] netlink: 'syz.4.2121': attribute type 2 has an invalid length.
[  210.902091][T11783] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2121'.
[  210.907915][T11783] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  211.170961][T11789] overlayfs: failed to resolve './file0': -2
[  211.264219][   T51] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  211.425652][   T51] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  211.432472][   T51] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  211.443065][   T51] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  211.450338][   T51] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.457785][   T51] usb 6-1: Product: syz
[  211.459220][   T51] usb 6-1: Manufacturer: syz
[  211.460802][   T51] usb 6-1: SerialNumber: syz
[  211.679916][   T51] usb 6-1: 0:2 : does not exist
[  211.684560][   T51] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  211.692342][   T51] usb 6-1: USB disconnect, device number 17
[  211.727257][ T6112] udevd[6112]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  212.275627][T11826] loop5: detected capacity change from 0 to 512
[  212.284042][T11826] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  212.304151][T11826] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0102]
[  212.308781][T11826] System zones: 1-12
[  212.310511][T11826] EXT4-fs (loop5): orphan cleanup on readonly fs
[  212.313250][T11826] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2137: invalid indirect mapped block 12 (level 1)
[  212.323793][T11826] EXT4-fs (loop5): Remounting filesystem read-only
[  212.334028][T11826] EXT4-fs (loop5): 1 truncate cleaned up
[  212.444341][T11826] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  212.486318][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  212.555066][T11831] loop5: detected capacity change from 0 to 512
[  212.595777][T11831] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.635104][ T8652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.856955][T11837] loop3: detected capacity change from 0 to 32768
[  212.906059][T11839] loop5: detected capacity change from 0 to 32768
[  212.908784][T11839] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2141 (11839)
[  212.909138][T11837] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  212.931304][T11839] BTRFS info (device loop5): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  212.935270][T11839] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm
[  212.939925][T11837]   allowing incompatible features above 0.0: (unknown version)
[  212.946353][T11837]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  212.952412][T11837] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  212.956439][T11837] bcachefs (loop3): initializing new filesystem
[  212.964671][T11837] bcachefs (loop3): going read-write
[  212.968299][T11839] BTRFS info (device loop5): enabling ssd optimizations
[  212.970952][T11839] BTRFS info (device loop5): enabling free space tree
[  212.971039][T11837] bcachefs (loop3): marking superblocks
[  212.998267][ T8652] BTRFS info (device loop5): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  213.001394][T11837] bcachefs (loop3): initializing freespace
[  213.009569][T11837] bcachefs (loop3): done initializing freespace
[  213.014439][T11837] bcachefs (loop3): reading snapshots table
[  213.017625][T11837] bcachefs (loop3): reading snapshots done
[  213.024838][T11837] bcachefs (loop3): done starting filesystem
[  213.098358][ T6039] bcachefs (loop3): shutting down
[  213.100471][ T6039] bcachefs (loop3): going read-only
[  213.102604][ T6039] bcachefs (loop3): finished waiting for writes to stop
[  213.120281][ T6039] bcachefs (loop3): flushing journal and stopping allocators, journal seq 5
[  213.131168][ T6039] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 6
[  213.138411][ T6039] bcachefs (loop3): clean shutdown complete, journal seq 7
[  213.143921][ T6039] bcachefs (loop3): marking filesystem clean
[  213.173530][ T6039] bcachefs (loop3): shutdown complete
[  213.189337][T11870] loop5: detected capacity change from 0 to 4096
[  213.195784][T11870] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  213.207402][T11870] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  213.210207][T11870] ntfs3(loop5): Failed to load $Extend (-22).
[  213.212235][T11870] ntfs3(loop5): Failed to initialize $Extend.
[  213.261962][T11878] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  213.266948][T11878] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  214.057413][T11886] 9pnet_fd: Insufficient options for proto=fd
[  214.157264][T11884] loop3: detected capacity change from 0 to 32768
[  214.166709][T11896] loop5: detected capacity change from 0 to 512
[  214.173151][T11884] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  214.183721][T11896] EXT4-fs (loop5): required journal recovery suppressed and not mounted read-only
[  214.202981][T11884] XFS (loop3): Ending clean mount
[  214.206890][T11884] XFS (loop3): Quotacheck needed: Please wait.
[  214.214677][T11884] XFS (loop3): Quotacheck: Done.
[  214.237979][ T6039] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  214.270504][T11908] netlink: 'syz.5.2158': attribute type 7 has an invalid length.
[  214.282670][T11908] : entered promiscuous mode
[  214.409847][T11914] veth3: entered promiscuous mode
[  214.863502][ T5880] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  215.026339][ T5880] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  215.030337][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.035460][ T5880] usb 6-1: config 0 descriptor??
[  215.039137][ T5880] cp210x 6-1:0.0: cp210x converter detected
[  215.452181][ T5880] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  215.460394][ T5880] usb 6-1: cp210x converter now attached to ttyUSB0
[  215.662042][ T5888] usb 6-1: USB disconnect, device number 18
[  215.669886][ T5888] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  215.676916][ T5888] cp210x 6-1:0.0: device disconnected
[  216.147846][   T33] audit: type=1800 audit(2000002659.826:79): pid=11957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2178" name="file1" dev="tmpfs" ino=4721 res=0 errno=0
[  216.159505][T11960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2179'.
[  216.194434][T11965] loop5: detected capacity change from 0 to 256
[  216.202334][T11965] FAT-fs (loop5): Directory bread(block 64) failed
[  216.214864][T11965] FAT-fs (loop5): Directory bread(block 65) failed
[  216.219800][T11965] FAT-fs (loop5): Directory bread(block 66) failed
[  216.222944][T11965] FAT-fs (loop5): Directory bread(block 67) failed
[  216.238268][T11965] FAT-fs (loop5): Directory bread(block 68) failed
[  216.240953][T11965] FAT-fs (loop5): Directory bread(block 69) failed
[  216.243115][T11965] FAT-fs (loop5): Directory bread(block 70) failed
[  216.254100][T11965] FAT-fs (loop5): Directory bread(block 71) failed
[  216.257470][T11965] FAT-fs (loop5): Directory bread(block 72) failed
[  216.260841][T11965] FAT-fs (loop5): Directory bread(block 73) failed
[  216.476282][   T33] audit: type=1326 audit(2000002660.156:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11991 comm="syz.5.2196" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b5d38ebe9 code=0x0
[  217.386450][T12002] loop5: detected capacity change from 0 to 4096
[  217.389701][T12002] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  217.393205][T12002] ntfs3(loop5): ino=3, mi_enum_attr
[  217.402111][T12002] ntfs3(loop5): ino=2, mi_enum_attr
[  217.404201][T12002] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  217.409481][T12002] ntfs3(loop5): Failed to load $LogFile (-22).
[  217.551751][T12012] loop5: detected capacity change from 0 to 32768
[  217.566246][T12012] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2202 (12012)
[  217.594394][T12012] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  217.599420][T12012] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  217.653394][T12012] BTRFS info (device loop5): enabling ssd optimizations
[  217.655807][T12012] BTRFS info (device loop5): enabling free space tree
[  217.666911][ T8652] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  217.903174][T12050] loop5: detected capacity change from 0 to 32768
[  217.909816][T12050] XFS: noikeep mount option is deprecated.
[  217.915794][T12050] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  217.935036][T12050] XFS (loop5): Ending clean mount
[  217.937988][T12050] XFS (loop5): Quotacheck needed: Please wait.
[  217.943608][T12050] XFS (loop5): Quotacheck: Done.
[  217.959672][ T8652] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  218.026454][T12067] loop5: detected capacity change from 0 to 256
[  218.029688][T12067] exfat: Deprecated parameter 'utf8'
[  218.035952][T12067] exfat: Deprecated parameter 'utf8'
[  218.042088][T12067] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  218.447722][T12085] loop5: detected capacity change from 0 to 32768
[  218.452013][T12085] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2224 (12085)
[  218.458595][T12085] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  218.462248][T12085] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  218.488368][T12085] BTRFS info (device loop5): enabling ssd optimizations
[  218.491452][T12085] BTRFS info (device loop5): enabling free space tree
[  218.521014][ T8652] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  218.887310][T12118] netlink: 252 bytes leftover after parsing attributes in process `syz.4.2232'.
[  219.136472][   T54] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  219.550658][   T51] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  219.586491][T12156] loop5: detected capacity change from 0 to 40427
[  219.591256][T12156] F2FS-fs: heap/no_heap options were deprecated
[  219.598099][T12156] F2FS-fs (loop5): Image doesn't support compression
[  219.608194][T12156] F2FS-fs (loop5): invalid crc value
[  219.627484][T12156] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=60000, run fsck to fix.
[  219.634744][T12156] F2FS-fs (loop5): sanity_check_inode: inode (ino=3) has corrupted i_xattr_nid: 393216, run fsck to fix.
[  219.639483][T12156] F2FS-fs (loop5): Failed to read root inode
[  219.711846][   T51] usb 4-1: config 0 has an invalid interface number: 117 but max is 0
[  219.715292][   T51] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  219.719595][   T51] usb 4-1: config 0 has no interface number 0
[  219.723025][   T51] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  219.727272][   T51] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  219.736769][   T51] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  219.742310][   T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.747402][   T51] usb 4-1: Product: syz
[  219.749110][   T51] usb 4-1: Manufacturer: syz
[  219.772912][   T51] usb 4-1: SerialNumber: syz
[  219.778793][   T51] usb 4-1: config 0 descriptor??
[  220.389730][ T5873] usb 4-1: USB disconnect, device number 32
[  220.914726][T12197] netlink: 'syz.3.2270': attribute type 1 has an invalid length.
[  220.917582][T12197] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2270'.
[  221.004625][T12211] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2276'.
[  221.755872][T12272] loop3: detected capacity change from 0 to 128
[  221.760019][T12272] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  221.765307][T12272] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  221.775853][T12272] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:375: inode #11: comm syz.3.2305: No space for directory leaf checksum. Please run e2fsck -D.
[  221.782588][T12272] EXT4-fs error (device loop3): __ext4_find_entry:1626: inode #11: comm syz.3.2305: checksumming directory block 0
[  221.799033][ T6039] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  222.035399][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2308'.
[  222.088458][ T5873] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  222.237796][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  222.241641][ T5873] usb 4-1: config 0 has an invalid interface number: 191 but max is 0
[  222.245296][ T5873] usb 4-1: config 0 has no interface number 0
[  222.248324][ T5873] usb 4-1: config 0 interface 191 has no altsetting 0
[  222.253022][ T5873] usb 4-1: New USB device found, idVendor=046d, idProduct=c281, bcdDevice=c2.08
[  222.256899][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.260687][ T5873] usb 4-1: Product: syz
[  222.262432][ T5873] usb 4-1: Manufacturer: syz
[  222.264416][ T5873] usb 4-1: SerialNumber: syz
[  222.270412][ T5873] usb 4-1: config 0 descriptor??
[  222.686078][T12299] netlink: 27 bytes leftover after parsing attributes in process `syz.4.2317'.
[  222.792124][T12313] 9pnet_fd: Insufficient options for proto=fd
[  222.929249][   T33] audit: type=1326 audit(2000002666.602:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  222.939777][   T33] audit: type=1326 audit(2000002666.602:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  222.949591][   T33] audit: type=1326 audit(2000002666.602:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1ed5d8ec23 code=0x7ffc0000
[  222.960447][   T33] audit: type=1326 audit(2000002666.602:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1ed5d8ec23 code=0x7ffc0000
[  222.970443][   T33] audit: type=1326 audit(2000002666.602:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  222.979568][   T33] audit: type=1326 audit(2000002666.602:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  222.989776][   T33] audit: type=1326 audit(2000002666.602:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  223.005534][   T33] audit: type=1326 audit(2000002666.602:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12322 comm="syz.4.2328" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed5d8ebe9 code=0x7ffc0000
[  223.259186][T12354] 9pnet_fd: Insufficient options for proto=fd
[  223.446336][T12386] overlayfs: failed to clone upperpath
[  223.864405][T12412] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2370'.
[  223.869841][T12412] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.035297][T12440] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2384'.
[  224.041335][T12440] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  224.132573][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2391'.
[  224.870058][  T792] usb 4-1: USB disconnect, device number 33
[  225.269658][T12522] loop3: detected capacity change from 0 to 32768
[  225.276669][T12522] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2423 (12522)
[  225.291835][T12522] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  225.301950][T12522] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  225.367917][T12522] BTRFS info (device loop3): turning off barriers
[  225.370531][T12522] BTRFS info (device loop3): enabling free space tree
[  225.373352][T12522] BTRFS info (device loop3): use zstd compression, level 3
[  225.392968][ T6039] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  225.704518][  T792] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  225.855999][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.860110][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.863532][  T792] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  225.867918][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.877105][  T792] usb 4-1: config 0 descriptor??
[  226.412367][  T792] cm6533_jd 0003:0D8C:0022.0010: unknown main item tag 0x0
[  226.425421][  T792] cm6533_jd 0003:0D8C:0022.0010: unknown main item tag 0x0
[  226.430356][  T792] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0010/input/input17
[  226.440853][  T792] cm6533_jd 0003:0D8C:0022.0010: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  226.517686][ T5873] usb 4-1: USB disconnect, device number 34
[  226.697944][T12580] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  226.724040][   T33] audit: type=1326 audit(2000002670.416:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.5.2444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b5d38ebe9 code=0x7ffc0000
[  226.732713][   T33] audit: type=1326 audit(2000002670.416:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.5.2444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b5d38ebe9 code=0x7ffc0000
[  227.341064][T12624] loop3: detected capacity change from 0 to 4096
[  227.359843][T12624] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  228.387456][T12662] loop3: detected capacity change from 0 to 32768
[  228.402023][T12662] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  228.433140][ T6039] ocfs2: Unmounting device (7,3) on (node local)
[  228.777167][T12678] loop3: detected capacity change from 0 to 32768
[  228.780882][T12678] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2488 (12678)
[  228.790925][T12678] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  228.795948][T12678] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  228.854111][T12702] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2494'.
[  228.886237][T12678] BTRFS info (device loop3): rebuilding free space tree
[  228.897698][T12678] BTRFS info (device loop3): allowing degraded mounts
[  228.900767][T12678] BTRFS info (device loop3): enabling ssd optimizations
[  228.903853][T12678] BTRFS info (device loop3): enabling free space tree
[  228.906131][T12678] BTRFS info (device loop3): force clearing of disk cache
[  228.908840][T12678] BTRFS info (device loop3): use zstd compression, level 3
[  228.917551][T12678] BTRFS info (device loop3): max_inline set to 0
[  228.953218][T12710] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2496'.
[  229.106035][ T6039] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  229.470935][ T5880] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  229.620782][ T5880] usb 4-1: Using ep0 maxpacket: 16
[  229.624656][ T5880] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  229.628789][ T5880] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.639762][ T5880] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  229.643846][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.647169][ T5880] usb 4-1: Product: syz
[  229.649080][ T5880] usb 4-1: Manufacturer: syz
[  229.651719][ T5880] usb 4-1: SerialNumber: syz
[  229.655744][ T5880] usb 4-1: selecting invalid altsetting 1
[  229.843580][   T54] Bluetooth: hci0: unexpected event 0x14 length: 20 > 6
[  229.870390][    C0] ==================================================================
[  229.875301][    C0] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x471/0x4b0
[  229.877842][    C0] Read of size 2 at addr ffff8880278cc42a by task syz-executor/6583
[  229.881085][    C0] 
[  229.882429][    C0] CPU: 0 UID: 0 PID: 6583 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  229.882439][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  229.882445][    C0] Call Trace:
[  229.882449][    C0]  <IRQ>
[  229.882452][    C0]  dump_stack_lvl+0x189/0x250
[  229.882465][    C0]  ? rcu_is_watching+0x15/0xb0
[  229.882474][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.882481][    C0]  ? rcu_is_watching+0x15/0xb0
[  229.882487][    C0]  ? lock_release+0x4b/0x3e0
[  229.882497][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  229.882507][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  229.882515][    C0]  print_report+0xca/0x240
[  229.882522][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  229.882531][    C0]  kasan_report+0x118/0x150
[  229.882542][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  229.882551][    C0]  rose_timer_expiry+0x471/0x4b0
[  229.882560][    C0]  call_timer_fn+0x17e/0x5f0
[  229.882571][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  229.882579][    C0]  ? call_timer_fn+0xbe/0x5f0
[  229.882592][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  229.882602][    C0]  ? rcu_is_watching+0x15/0xb0
[  229.882608][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  229.882616][    C0]  __run_timer_base+0x61a/0x860
[  229.882624][    C0]  ? ktime_get+0x3e/0x1f0
[  229.882632][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  229.882640][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  229.882650][    C0]  run_timer_softirq+0xb7/0x180
[  229.882659][    C0]  handle_softirqs+0x286/0x870
[  229.882666][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  229.882673][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  229.882679][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  229.882689][    C0]  __irq_exit_rcu+0xca/0x1f0
[  229.882695][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  229.882702][    C0]  irq_exit_rcu+0x9/0x30
[  229.882708][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  229.882718][    C0]  </IRQ>
[  229.882720][    C0]  <TASK>
[  229.882723][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  229.882731][    C0] RIP: 0010:__rcu_read_unlock+0x17/0xe0
[  229.882741][    C0] Code: 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 41 55 41 54 53 49 bf 00 00 00 00 00 fc ff df <65> 48 8b 3c 25 08 50 a0 92 48 8d 9f 44 04 00 00 49 89 dc 49 c1 ec
[  229.882747][    C0] RSP: 0018:ffffc9000327f370 EFLAGS: 00000282
[  229.882755][    C0] RAX: a06702ebba88be00 RBX: 8000000028fdf007 RCX: a06702ebba88be00
[  229.882761][    C0] RDX: 0000000000000000 RSI: ffffffff8be33660 RDI: ffffffff8be33620
[  229.882765][    C0] RBP: ffffc9000327f630 R08: ffff88801bc4f5ff R09: 1ffff11003789ebf
[  229.882770][    C0] R10: dffffc0000000000 R11: ffffed1003789ec0 R12: 00007f1ed58e3000
[  229.882775][    C0] R13: ffff8880370a7510 R14: ffff88801a47e0c0 R15: dffffc0000000000
[  229.882783][    C0]  copy_pmd_range+0x4439/0x71d0
[  229.882798][    C0]  ? __pfx_copy_pmd_range+0x10/0x10
[  229.882807][    C0]  ? mas_wr_walk_descend+0xe5/0x880
[  229.882816][    C0]  ? mas_wr_walk_descend+0x543/0x880
[  229.882825][    C0]  copy_page_range+0xc14/0x1270
[  229.882835][    C0]  ? __pfx_copy_page_range+0x10/0x10
[  229.882845][    C0]  ? up_write+0x1c4/0x420
[  229.882851][    C0]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[  229.882859][    C0]  dup_mmap+0xf57/0x1ac0
[  229.882871][    C0]  ? __pfx_dup_mmap+0x10/0x10
[  229.882881][    C0]  ? mm_init+0xcc3/0xef0
[  229.882888][    C0]  copy_mm+0x13c/0x4b0
[  229.882895][    C0]  copy_process+0x1706/0x3c00
[  229.882904][    C0]  ? copy_process+0x97f/0x3c00
[  229.882911][    C0]  ? __pfx_copy_process+0x10/0x10
[  229.882918][    C0]  ? ___pte_offset_map+0x45/0x250
[  229.882928][    C0]  kernel_clone+0x21e/0x840
[  229.882935][    C0]  ? css_rstat_updated+0x23a/0x4f0
[  229.882943][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  229.882951][    C0]  ? count_memcg_event_mm+0x21/0x260
[  229.882960][    C0]  __x64_sys_clone+0x18b/0x1e0
[  229.882968][    C0]  ? __pfx___x64_sys_clone+0x10/0x10
[  229.882977][    C0]  ? do_user_addr_fault+0xc8a/0x1390
[  229.882988][    C0]  ? rcu_is_watching+0x15/0xb0
[  229.882995][    C0]  do_syscall_64+0xfa/0x3b0
[  229.883005][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.883011][    C0]  ? exc_page_fault+0x9f/0xf0
[  229.883019][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.883025][    C0] RIP: 0033:0x7f1ed5d85453
[  229.883032][    C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[  229.883037][    C0] RSP: 002b:00007ffe9cd31988 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  229.883044][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ed5d85453
[  229.883049][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  229.883053][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  229.883057][    C0] R10: 000055555d07f7d0 R11: 0000000000000246 R12: 0000000000000000
[  229.883061][    C0] R13: 00000000000927c0 R14: 0000000000038169 R15: 00007ffe9cd31b20
[  229.883068][    C0]  </TASK>
[  229.883071][    C0] 
[  230.058578][    C0] Allocated by task 6112:
[  230.060000][    C0]  kasan_save_track+0x3e/0x80
[  230.061629][    C0]  __kasan_kmalloc+0x93/0xb0
[  230.063354][    C0]  __kmalloc_cache_noprof+0x230/0x3d0
[  230.065212][    C0]  kernfs_fop_open+0x397/0xca0
[  230.067045][    C0]  do_dentry_open+0x953/0x13f0
[  230.068691][    C0]  vfs_open+0x3b/0x340
[  230.070220][    C0]  path_openat+0x2ee5/0x3830
[  230.071779][    C0]  do_filp_open+0x1fa/0x410
[  230.073226][    C0]  do_sys_openat2+0x121/0x1c0
[  230.074759][    C0]  __x64_sys_openat+0x138/0x170
[  230.076597][    C0]  do_syscall_64+0xfa/0x3b0
[  230.078386][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.080586][    C0] 
[  230.081536][    C0] Freed by task 6112:
[  230.082986][    C0]  kasan_save_track+0x3e/0x80
[  230.084621][    C0]  kasan_save_free_info+0x46/0x50
[  230.086616][    C0]  __kasan_slab_free+0x5b/0x80
[  230.088452][    C0]  kfree+0x18e/0x440
[  230.089805][    C0]  kernfs_fop_release+0x160/0x190
[  230.091528][    C0]  __fput+0x44c/0xa70
[  230.092887][    C0]  fput_close_sync+0x119/0x200
[  230.094488][    C0]  __x64_sys_close+0x7f/0x110
[  230.096372][    C0]  do_syscall_64+0xfa/0x3b0
[  230.098222][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.100625][    C0] 
[  230.101679][    C0] The buggy address belongs to the object at ffff8880278cc400
[  230.101679][    C0]  which belongs to the cache kmalloc-512 of size 512
[  230.107296][    C0] The buggy address is located 42 bytes inside of
[  230.107296][    C0]  freed 512-byte region [ffff8880278cc400, ffff8880278cc600)
[  230.112901][    C0] 
[  230.113950][    C0] The buggy address belongs to the physical page:
[  230.116587][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x278cc
[  230.120128][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  230.123585][    C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  230.126883][    C0] page_type: f5(slab)
[  230.128573][    C0] raw: 00fff00000000040 ffff88801a441c80 0000000000000000 dead000000000001
[  230.132070][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  230.135576][    C0] head: 00fff00000000040 ffff88801a441c80 0000000000000000 dead000000000001
[  230.139087][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  230.142578][    C0] head: 00fff00000000002 ffffea00009e3301 00000000ffffffff 00000000ffffffff
[  230.146043][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  230.149578][    C0] page dumped because: kasan: bad access detected
[  230.152206][    C0] page_owner tracks the page as allocated
[  230.154571][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5914, tgid 5911 (syz.0.1), ts 46864725883, free_ts 46841161903
[  230.162248][    C0]  post_alloc_hook+0x240/0x2a0
[  230.164262][    C0]  get_page_from_freelist+0x21e4/0x22c0
[  230.166581][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  230.168996][    C0]  allocate_slab+0x65/0x370
[  230.170888][    C0]  ___slab_alloc+0xbeb/0x1410
[  230.172824][    C0]  __kmalloc_node_noprof+0x2fd/0x4e0
[  230.175032][    C0]  alloc_slab_obj_exts+0x39/0xa0
[  230.177067][    C0]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[  230.179502][    C0]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[  230.181768][    C0]  create_new_namespaces+0x31/0x720
[  230.183944][    C0]  __se_sys_setns+0x2dc/0x17a0
[  230.185915][    C0]  do_syscall_64+0xfa/0x3b0
[  230.187831][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.190266][    C0] page last free pid 5910 tgid 5909 stack trace:
[  230.192881][    C0]  __free_frozen_pages+0xbc4/0xd30
[  230.194967][    C0]  stack_depot_save_flags+0x436/0x860
[  230.197172][    C0]  kasan_save_track+0x4f/0x80
[  230.199135][    C0]  __kasan_slab_alloc+0x6c/0x80
[  230.201139][    C0]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  230.203558][    C0]  ntfs_alloc_inode+0x28/0x80
[  230.205538][    C0]  alloc_inode+0x6a/0x1b0
[  230.207327][    C0]  iget5_locked+0x4a/0xa0
[  230.209105][    C0]  ntfs_iget5+0xc1/0x37c0
[  230.210924][    C0]  dir_search_u+0x1df/0x2c0
[  230.212804][    C0]  ntfs_lookup+0xfb/0x1f0
[  230.214600][    C0]  __lookup_slow+0x297/0x3d0
[  230.216482][    C0]  lookup_slow+0x53/0x70
[  230.218240][    C0]  walk_component+0x2d2/0x400
[  230.220184][    C0]  path_lookupat+0x163/0x430
[  230.222117][    C0]  filename_lookup+0x212/0x570
[  230.224100][    C0] 
[  230.225097][    C0] Memory state around the buggy address:
[  230.227440][    C0]  ffff8880278cc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  230.230705][    C0]  ffff8880278cc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  230.234009][    C0] >ffff8880278cc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.237253][    C0]                                   ^
[  230.239513][    C0]  ffff8880278cc480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.242795][    C0]  ffff8880278cc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.246100][    C0] ==================================================================
[  230.249577][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  230.252572][    C0] CPU: 0 UID: 0 PID: 6583 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  230.256499][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  230.260668][    C0] Call Trace:
[  230.262071][    C0]  <IRQ>
[  230.263283][    C0]  dump_stack_lvl+0x99/0x250
[  230.265249][    C0]  ? __asan_memcpy+0x40/0x70
[  230.267238][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.269451][    C0]  ? __pfx__printk+0x10/0x10
[  230.271387][    C0]  vpanic+0x281/0x750
[  230.273146][    C0]  ? __pfx_vpanic+0x10/0x10
[  230.275122][    C0]  ? rcu_is_watching+0x15/0xb0
[  230.277197][    C0]  panic+0xb9/0xc0
[  230.278790][    C0]  ? __pfx_panic+0x10/0x10
[  230.280674][    C0]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  230.283134][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  230.285639][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  230.287762][    C0]  check_panic_on_warn+0x89/0xb0
[  230.289862][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  230.292027][    C0]  end_report+0x78/0x160
[  230.293845][    C0]  kasan_report+0x129/0x150
[  230.295777][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  230.297889][    C0]  rose_timer_expiry+0x471/0x4b0
[  230.299986][    C0]  call_timer_fn+0x17e/0x5f0
[  230.301942][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  230.304214][    C0]  ? call_timer_fn+0xbe/0x5f0
[  230.306169][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  230.308361][    C0]  ? rcu_is_watching+0x15/0xb0
[  230.310354][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  230.312639][    C0]  __run_timer_base+0x61a/0x860
[  230.314663][    C0]  ? ktime_get+0x3e/0x1f0
[  230.316486][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  230.318713][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  230.321332][    C0]  run_timer_softirq+0xb7/0x180
[  230.323435][    C0]  handle_softirqs+0x286/0x870
[  230.325478][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  230.327512][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  230.329782][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  230.331963][    C0]  __irq_exit_rcu+0xca/0x1f0
[  230.333966][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  230.336134][    C0]  irq_exit_rcu+0x9/0x30
[  230.337933][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  230.340272][    C0]  </IRQ>
[  230.341568][    C0]  <TASK>
[  230.342842][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  230.345300][    C0] RIP: 0010:__rcu_read_unlock+0x17/0xe0
[  230.347639][    C0] Code: 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 41 55 41 54 53 49 bf 00 00 00 00 00 fc ff df <65> 48 8b 3c 25 08 50 a0 92 48 8d 9f 44 04 00 00 49 89 dc 49 c1 ec
[  230.355427][    C0] RSP: 0018:ffffc9000327f370 EFLAGS: 00000282
[  230.357926][    C0] RAX: a06702ebba88be00 RBX: 8000000028fdf007 RCX: a06702ebba88be00
[  230.361200][    C0] RDX: 0000000000000000 RSI: ffffffff8be33660 RDI: ffffffff8be33620
[  230.364542][    C0] RBP: ffffc9000327f630 R08: ffff88801bc4f5ff R09: 1ffff11003789ebf
[  230.367842][    C0] R10: dffffc0000000000 R11: ffffed1003789ec0 R12: 00007f1ed58e3000
[  230.371123][    C0] R13: ffff8880370a7510 R14: ffff88801a47e0c0 R15: dffffc0000000000
[  230.374465][    C0]  copy_pmd_range+0x4439/0x71d0
[  230.376490][    C0]  ? __pfx_copy_pmd_range+0x10/0x10
[  230.378676][    C0]  ? mas_wr_walk_descend+0xe5/0x880
[  230.380884][    C0]  ? mas_wr_walk_descend+0x543/0x880
[  230.383052][    C0]  copy_page_range+0xc14/0x1270
[  230.385055][    C0]  ? __pfx_copy_page_range+0x10/0x10
[  230.387252][    C0]  ? up_write+0x1c4/0x420
[  230.389065][    C0]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[  230.391805][    C0]  dup_mmap+0xf57/0x1ac0
[  230.393580][    C0]  ? __pfx_dup_mmap+0x10/0x10
[  230.395519][    C0]  ? mm_init+0xcc3/0xef0
[  230.397277][    C0]  copy_mm+0x13c/0x4b0
[  230.399038][    C0]  copy_process+0x1706/0x3c00
[  230.401037][    C0]  ? copy_process+0x97f/0x3c00
[  230.403067][    C0]  ? __pfx_copy_process+0x10/0x10
[  230.405160][    C0]  ? ___pte_offset_map+0x45/0x250
[  230.407290][    C0]  kernel_clone+0x21e/0x840
[  230.409220][    C0]  ? css_rstat_updated+0x23a/0x4f0
[  230.411368][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  230.413491][    C0]  ? count_memcg_event_mm+0x21/0x260
[  230.415671][    C0]  __x64_sys_clone+0x18b/0x1e0
[  230.417666][    C0]  ? __pfx___x64_sys_clone+0x10/0x10
[  230.419900][    C0]  ? do_user_addr_fault+0xc8a/0x1390
[  230.422129][    C0]  ? rcu_is_watching+0x15/0xb0
[  230.424153][    C0]  do_syscall_64+0xfa/0x3b0
[  230.426074][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.428599][    C0]  ? exc_page_fault+0x9f/0xf0
[  230.430519][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.432979][    C0] RIP: 0033:0x7f1ed5d85453
[  230.434860][    C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[  230.442828][    C0] RSP: 002b:00007ffe9cd31988 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  230.446292][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ed5d85453
[  230.449645][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  230.452917][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  230.456167][    C0] R10: 000055555d07f7d0 R11: 0000000000000246 R12: 0000000000000000
[  230.459431][    C0] R13: 00000000000927c0 R14: 0000000000038169 R15: 00007ffe9cd31b20
[  230.462716][    C0]  </TASK>
[  230.464833][    C0] Kernel Offset: disabled
[  230.466698][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:05:38  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000000d RBX=000000000000000d RCX=0000000000000000 RDX=00000000000003f9
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f9 RSP=ffffc90000007470
R8 =ffff888021850237 R9 =1ffff1100430a046 R10=dffffc0000000000 R11=ffffffff854f1d00
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99def3e0 R15=0000000000000000
RIP=ffffffff854f1d7c RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555d07f500 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1ed6ae56c0 CR3=0000000030278000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f1ed5e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffffffffffffffff RCX=ffffffff822a9ca1 RDX=0000000000000000
RSI=0000000000000008 RDI=ffffffff8fa38330 RBP=00000000ffffffff RSP=ffffc900029af418
R8 =ffffffff8fa38337 R9 =1ffffffff1f47066 R10=dffffc0000000000 R11=fffffbfff1f47066
R12=0000000000000001 R13=0000000000000013 R14=fffffbfff1f47067 R15=1ffffffff1f47066
RIP=ffffffff8222fc8f RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3b5e1316c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c419f70 CR3=000000010f266000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f3b5d412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
