last executing test programs:

2m38.433307352s ago: executing program 4 (id=99):
r0 = socket$packet(0x11, 0x3, 0x300)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
listxattr(&(0x7f0000000240)='./file0/file3\x00', &(0x7f0000000300)=""/36, 0x24)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00'})
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000040), 0x3, 0x5eb, &(0x7f0000000c00)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1djfVHVNVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk/2dNBqNRp6W9JZbJzYv//31RcTfYzh64vEvbzg+eLHUygG7qpG03ruBKkrEP1RU3g/Ir+1XXwfXSumVAN3w8ExrAGBt/Pe2xgZjoDk2sPdREiuHdZKI2N7IXLt9EXH/3uTtC/cmb8cujcMBxZZuRcQ/iuI/acZ/PQai3oz/Wlv8p/2Cc9lzmv7SNstfPVQs/qF7WvE/sG78R4f4fz19vtmK4Te2WX798eabg23xP7jdUwIAAAAAAIDKunsmIv5X9Pl/bXn+TxTM/xmKiNM7UP7Iqv21n//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P31nmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK827CvVnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM/0reFrqs/MbSTZDvSuF5lPhu3+m/Zs5wXyt3+Z+cnnvSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLs/AwAA//+JjCTl")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, 0x0, 0x0)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @rand_addr, 0x1}, 0x1c)
sendmmsg(r5, 0x0, 0x0, 0x0)
splice(r5, 0x0, r4, 0x0, 0x7ffff000, 0x6)
request_key(&(0x7f0000000180)='keyring\x00', &(0x7f0000000380)={'syz', 0x0}, &(0x7f00000001c0)='q\xa9', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file3\x00', 0x1d0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100001002abd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8111000000000000140003006272696467655f736c6176655f30000008000400d400000008000a00285d"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x6, 0x0, 0x57c}]}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
shutdown(r7, 0x0)

2m34.89702352s ago: executing program 4 (id=106):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000100)=0x865, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x9, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x9, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)

2m34.402589916s ago: executing program 4 (id=110):
r0 = syz_usb_connect$uac1(0x2, 0xb8, &(0x7f0000000100)=ANY=[@ANYBLOB="12010103000000106b1d01014000010203010902a600030156c0020904000000010100000a24010101bb02010211240601040507000a0008000300020005052405060f0f2406020504020002200a000a00040c24020203020250800009010d2406050203078887000a00000924030101010505"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2000000000000046})
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000340)={0x0, 0x17, 0x1, "ef"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x83, 0x2, "a0ab"}, 0x0, 0x0})

2m32.365852097s ago: executing program 4 (id=118):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xaa001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r3)
sendmsg$NLBL_CALIPSO_C_ADD(r3, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7000ffdbdf250100000008000100030000000800020002"], 0x24}, 0x1, 0x0, 0x0, 0xc840}, 0x20020000)

2m31.237415261s ago: executing program 4 (id=119):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f0000001180))

2m30.677175535s ago: executing program 4 (id=121):
openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x800)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0xa, 0x3, 0x87)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
socket$kcm(0x29, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
select(0x57, 0x0, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, r3, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x0, 0xb, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00))
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000722000/0x4000)=nil, 0x4000, 0x80000000e)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x4, 0x0, 0x1, 'syz0\x00', 0xfffd}, 0x10000a, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x40}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x4e22, 0x0, @empty}, 0x0, {[0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xfffffff8]}}, 0x5c)
setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

2m14.762330142s ago: executing program 32 (id=121):
openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x800)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0xa, 0x3, 0x87)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
socket$kcm(0x29, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
select(0x57, 0x0, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, r3, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x0, 0xb, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00))
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000722000/0x4000)=nil, 0x4000, 0x80000000e)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x4, 0x0, 0x1, 'syz0\x00', 0xfffd}, 0x10000a, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x40}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x4e22, 0x0, @empty}, 0x0, {[0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xfffffff8]}}, 0x5c)
setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

1m32.198099111s ago: executing program 1 (id=308):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r3 = accept4$unix(r0, 0x0, 0x0, 0x0)
recvfrom$unix(r3, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0)

1m31.848651012s ago: executing program 1 (id=316):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000240)={@val={0x2f3a, 0x800}, @val={0x0, 0x3, 0x3, 0x1, 0x0, 0x200}, @ipv4=@tcp={{0x5, 0x4, 0x2, 0x2, 0x28, 0x68, 0x0, 0x6, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, {{0x4e20, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x8, 0x40, 0x141a, 0x0, 0x15f1, {[@mptcp=@syn={0x1e, 0xc, 0x2, 0x1, 0x9, 0x4}]}}, {"b898f48a5203aec1c20360cd2ef7d58da55b659aa6992f305f3fb5d188f517abf96e559cce7d2282a54862bc80a51035e81c9f2d030a6cd6e7c83ed735fe91a467f79be2c7d85f7529eff6f03e92199b12eae0ad8d098f78165de6ccd711c6be47076c700a8a74e5b91a9355bb250b70cc5af2c4219f1cf2fa23910722a02956f3612fc9f024e77b9d745b22dacc05c41e125d6487e6ffd4ca8db7a1f2befb5708d551a43ad989dc418b24f8fefc9febd72b8504db532be5759ec8a0e4e48662c5f29dd566101c64946a9c9b8e12fd22f56093a80f345a106dc2b95ccb043f0131602e6ef13caddcc9fcfa2e40ab3b603ff5881f4fba3c8bbfffd05510a5952a6335b6e02fe85927bd050bfc265b2afd2735345a9380f5af87e6a3d2479fc06afc9252d7d28710570837daa46d2b942be5433f46ca6cc0efe65e5b874fede589d6026c20e28749a857eb0b9bd9157a247cde360572592da40909d903ef6c4c10cc06f59b45d0e0991bc820bfef700ca4e2b6aad5c32d2a8a807e9333e0eddec1c0ed393deb690e1b827db9f5da75dbc32874e5fcc5c76c05c0ec2fb1e8d5918cd09023865e9008cca311ed9672237bcf925fa09ae410683726998bf0ef51937e764e55a09e009429c8eeae288eda500541b7a33d29d492493084ba2c0a89dc61126d3fae08440bb57473adfdeadb98bdada889ebc36ae25649e5b7187e0d2dd011b39e037f3cad6e0e2161ab344173e125545945b1debe71f24213f581df639d486bf77ccc6da56997708b76eb6cbde470ad004fbfb84e8d1495a2d7bb544f282dad56316b50472015c74847e3209ef4a6edbff327ec99dd0288214d9329f433bc71698808201bf0a769d608fac5faf16c32a09c34750040d9d19aa8b4071c051338527952e5afcfd2e33a14d9f123c6dd5f1a3c47583ff6e3c154eff46c1942bbc357add5253d96f5b6dc6e440271a377b03db190ed081e2989dec4a839e1c2d7fecfaa2459f62151b9ef4716fbc15fd86812763fbaf38e4d5af6d0c8b830436770819361104f30bd8ba795f9104dfb7370d1c6940819d6432b159fbbe633a093ff4dc3c44c4623e16eddb6151ef904fc96b87957ab22230dd6c2458fbaa438d3c222c055ce4253db8fdda2077f0159fddc1306b0277d122c51cc577b2b6dee459f1bf28c6d94178a0fc3e382f6b58e1db6cda5eca7dc0720e61d59ec794a02295ccdeedc811457e30e8548a8be271c69f0cbfd08fdcfa281ec3b1ea7bb2ff784be0a732344cc0978b37507d448330149537f1de512d4952e2d6a8901be7bf9c8497ffdc3910096e2ef5c2d056f909621f1c8c90702c9469fcfb9ccda91123da96c4c8381718624e74948ce35b4ddc47982d392d84fe377a0e4edcf34f4bc814d12a5fee04ed6750b074fd046a47c59b84c6d465bce16101ced3d8f6b8a9d1d8b96f730569dd4bce831c188c236b5c600349932d42d846dbd6d5ecd07a89c6f535237567aebd4eb12bbfe5120e0c0e5f077005394e71772d796bbe82be4e014c63c8a1c4bbbddf186d94eb73313e91a97ce8ade5c6ec3defd412842f1afc7c642bbb94ce29a16ea298291519a5f5a6f5782a17fcd9af20699f70307270c5b6f88606c986aae6766130d63278b64a09fa4850ec92b72d2e19f1b8a305c237061af9f85ea6d2d33ea5c77754eaaa0b221e7883da6e95d6f031f033df057faa24c078a7ad1e922f371b076d7b492d5837f6f4a0980f882b160f581f2fdd551baf1fdccfb2677871eb55bdaf8c6c158bb9ae0684fec562045ba365ff7443c60e7381d0ffa426b98640bc6f95b8191dc2e14cec948871d5fbbfe46c6f669c1a4f98dc4cfdebe8bca4fd627acb475c9c80875d766c976116e7a2245088cc70a51242756710a6164e417d4fe7f2bb4f878df548598021f246492211d9c780a9d66b47c19e4924f2ba392a54ddbf73d61eab4c45dfa3510f705bd23c0ecc7210b3f982e328142f74e10edce9677990b862965594b9c671dc0e7c193b7df65de53f953e53ec0789a36c0895cf063ff0d2711b28e177d457192493454d07ad162c8f4a2db7db5761928fdb45311a44be6af7e170b3dd38783ceb9c5745deb957f6fc1cc073d7abe2cc5c58c29136b89c745085304457ce9e1394b1c4de3c664fa843c5183e45f65137e57b627a9938dfcb3cdf60829e5d8014534df04da80c53613a419d8811a4cc9f8a483a3488f942b1e9f69730f9861b70d6e42efbb147ce969854a56877c64a9c5e7e3852994d8d36b86aadc74c3b765307af433c23b0e963f95966beb7cc859bcf9217a52df243a41532cb4b0b316677db0104f12aca9fee6fd5908169451b0fcccf0cfdfbf3de802cc2488a532d5d7de6582c5645160c5ef673d2c95d5b8b2d99ed9486c069798f13c14eab4c99fd509fa9f879d18a5f0bdefd8f44ad0c9280ca9335ed661cb6cc22264f95e1f3443b41a044e4a15ab73f20bed9f6caa6bf231351fd882c11320e40f61718d4c43e99f98a72b459e9ce6eab66903a4ca67560e6c3579c558140e9a035d380b21064f70ed5ad62be784e4f75619fe92a4b6c22438a5907bb234570b962389228a9a454caa0579253a8d697dd890663f0bbed83e2c249dcab4db3d4124202abed769bbc90aa21ae521d9153352bec7eb6e0623fe9486bb2c1dbda0726daa64343304e6b878f768404848e5df3be0f1838f71a232cc8737fbc62172c7ee73306edf0b621e76ef35d76c86473926f47bfaaf943abcf63a81449006583ecfbbc3c498f5dd176bbff6e4e51134ffa5b92dcf4719cb789c9fec63955607da72b335ef7fe1c12dc9cdf44a9e83d7ab5a51977ba1168354a1e89bc5e420329c5864393bd3c72cd9f2c9d7b8e79f661a37f4a03105e77aaa28f4978f44abc4f89c458080e93cfaa043c105f396badc033d12dbed823a2e4d24406c7b77cd33630e6257d21a27857beaad037c1031a319d79e6103e1b7600ad9d418e5af02d372d0ddd5e328edf7245b7907632eae607992a8048a24721e8ce32a5be8adc4704c58de99613bf254d0448c452b7e81fdfd8b3c1b3ff8d573678448aef089e5477e1174bc424c77b08bf81144faadd289d04a02fc19cab03ff2cee402693fb215c4b4b12afcbc532646eed43aa6408df1b2d738e611d5082053882b5a69e0e6ae967c89ebb2980c933c04337acac94130de8e1e99acb3878685a4d0e3f7c95179f4e8d6674ced26a91099da84fa0ff485a0cab23b35de4f8091a22e22a969d1daf17549b092b0353468b3d0918f514a1248a3d4a19767bf037cff673771fa22c6ee4952728a8126eac03e50aece013d0c59bb9bc230c48f3115b37a482bae47ca56f8b10419f78195ec89dbd381a04a7ffb645ad53f60783d4997d7cab42591735ad56d565d33325715e2fc29ed8c64869485fd6e14136f4a5f66681668b519c749a790b6417a853ef04015aeeefc48bd85aa351186f728b5f1b0183c03d2168d52dbed1ce13aa3c673458dabeed746d513593b6c561a79f399b498396fd94473aa2acea127591eeeff8f691dddf95288e06203c1e779ba7f5b2b7764e8aad4a44e547d5470193acfbfac984bdda75d8b35eb2258abdcf47ee7df549d499204d19c0b89a91f1aef847f375b5cf1f0829d538d14361327073c0edb6605810f330c401270c8eb35eb97aed751feb21211a51a9031ed386fa1598618a38ae9a1c86ae64c84727b1864f64b4da71a7a3195c2757fed49945d63458d89cf5c536bdd441f3f265fc9d61a554087a9b2b83660c0c17e15d9d1d40065ba244453fb08b4ea027e3301ea254513633704ca1a496c7ad2227ca99cf07c58b1c11deb9216e940e2e1243d75b4a6882e84581cc727bcfea0d20d39cb545830a99da07659b347922df1f29ca7496e493826fac4b8f1d641fee7460e99fccd8672473e59a6c240d09a541e460e5f2945776c707212bb33a5ee5051961f21592d9ea3ae018b8fbc2140e6151f14ff033a6dbb1afbddd684b6a9d5f29b7f273b430dab91c53cd89e191adc78c7ce20bb4340425531cfc23f119a5eab1d7c73bc703b7fba48c8038c068df1f77eda5e18b2f2609d9d99de2768349987ba51cb98f698797051844c0c8637bf2f7ffac991ccf95e1b5eae9d7d25e7f3e0bdc788d99754a8be1baddafc4f0914f1a05bf8bec1a40bd2135539150da59d4163c67a575bc6dd7f2f786114c372842795601e8569e28c949e8bdc96e5a43cb6639dedf1ef1f054e0d42589a16d30e296b6dfdac6e13a6c68e03bd39dc172b6007b01793ceafa13c6379d2b820e98e9e87891e3bbdc688f62c56ef80c67ad066a53e36141af58fa9734429498580dc6d32d1c2e8cc722b4f9dd9d165d07b7b536c398df39dee06f48ad422492fe1777619f49e153ad276c86fbf8f607e7b1e9d6040889f166eb8a73ddba4668d6618b31c36b6427b1cd3cb97ef268ec1f1b049a35bceddff9147fde7309db0c474be42a6d54150172df4d5614106ea5f134cf543a70105a0a75f649d6de1a9bd3858bcccf3b220886ea6a7702dbe7f17e03a022a0ffc5145da4895bcb41da3fc5a2a10bc7b2a70a3a86ef8fa600d24894260cdbbf3c36313f3b1e9e8096921b625cb9c7f3ab8423277c9b80743a2185c95e9e7fb3f6d63669257fac197b7a73c5a4a2c4a2df52af705b46b56ade64c8a4265373a770676ec7fe3738843402f63a79f0ddb59e4bf439e4eac709a0127e9588e1538872af3916a12a1a850206392c16e17fab5a7d72bc3e9caad7bab64481728861016c124888210d06e31005ffbd39a65abbf69ce1683de2bb9f90e4955deb7afd23e90e3e11fcbd55627ab48cea806cf5da35e094bbaab42dbbdb454599a6659c2ce10845dc2beba123ae01f043c8c13c463634546e3fc913360adf2441ce3753840af235b0828ee6f74bac40d08d7b8dd8828af44a577e52e9adc86d895e1e561881320091c18bf7c466c945c4872dfc884858f5d710e0f9786878e09a906896308135097da35e465e140f22171878a42f3fe2f0872656b4ffbacc54dd99baef3c58450f1d585e3e3b8c1a9bf0f6afb9858fd6f58791382ff65d926d49f5e02abc84bd4df49ed5beec83517fbf782f983353398063831a1a4668afd7bbe2275c712497686ccff4c447f34cb4dd6b5af0f2e517fea11783d265db2c6dacb393fa3e2d484c3a62c516fe24294ca324bea8095265d560c6f68ae278c7bc34afb7309eb96fbf851af3616fd07e335d010804e60e44a57d38a2d79a19a5f9b22daec534d0379b3fe8a3a6cd8c63b585dcf00abef832b402fd3c0dd95037bb5be517b14ac6627408ba35f15cc4aa0fa96d888baa2d82b4efdf27a018330cca8a83eb587ca8a2536bdd5ab7d783044c76166d27c15299cbe3d82a612236157d25c73b19a3f454309500822206d9ea91f77ea58291d3527f85fcd7f44f1dd4bec1fdd26ee5bbc11620a62fc8c6887904b9f3bde3c640b7e4ba801f49f90e191ade5df7d39f0999a2b5e32f3385c0ec657c6ea6da3bc3d417b3b3856f92bcbbf0eb30ef02715a53dfece840180678d156e79d8149987a1172212529cec710a2bed59478371ab88b8c769ae17b8cf8b1f3d"}}}}, 0xfce)

1m31.537903242s ago: executing program 1 (id=318):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000100))

1m31.33736289s ago: executing program 1 (id=320):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5514, &(0x7f0000009a00)="$eJzs3E1vG1UXAODjpGnTj7dvhFiw60gVUiLVVpyPCnYBWvEhUkUFFqzAsR3Lre2JYscJWbFgiVjwTxBIrFjyG1iwZodYgNghgTwzhgaoQIoTk/Z5pPGZe3195lyrqnRmIgfw1FpIfv6xFNfjckTMRsS1iOy8VByZjTw8FxE3ImLmkaNUzP8+cTEirkTE9VHyPGepeOvTW8Ob6z+88dNX31y6cPWzL7+d3q6BaXs+Irq7+flBN49pK48PivnasJ3F7tqwiPkb3YfFOM3jQXM7y3BQG6+rZXG1la9Pd/f7o7jTqdVHsdXeyeZ3e/kF+8PWOE/2gQe1vWzcaG5nsd1Ps9g6yus6PMr/bzvqD/I8jSLfB1n6GAzGMZ9vHjbz/ew+zGK9Nyjm87xpo3k4isMiFpeLetppZHVsn+Sb/m97s93bP0yGzb1+O+0l65XqC5Xq7XJ1L200B821cq3buL2WLLY6o2XlQbPW3WilaavTrNTT7lKy2KrXy9Vqsninud2u9ZJqtbJaWS6vLxVnt5JX772TdBrJ4ii+3O7tD9qdfrKT7iX5J5aSlcrqi0vJzWry1uZWsnX/7t3Nrbffu/PuvZc2X3+lWPSXspLFleWVlXJ1ubxSXTrJ7ufP1/4/Ksqe2P7hhErTLgDg/NH/A9Nwev3/3v2I0+//4/H9/+XxHvX//+xc9b8T7//tH05E/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8NT6bu7z17KThXx8tZj/XzH1TDEuRcRMRPz6N2bj4rGcs0Weucesn/tTDV+XIsswusal4rgSERvF8cv/T/tbAAAAgCfXFx/e+CTv1vOXhWkXxFnKb9rMXHt/QvnmI2Ju4fsJZZsZvTw7oWTZv+8LcTihbNkNrPkJJctvuV2YVLZ/ZfZYmH8klPIwc6blAAAAZ+J4J3C2XQgAAABn6eNpF8B0lGL8KHP8LDj7y/s/HghePjYCAAAAzqHStAsAAAAATl3W//v9PwAAAHiy5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAb+zcz23iQBQH4GeDF/afFq32vq3sDcrYEva4x4gC0gQF5EBaSAPUQG4pIYIIj0Mg4hDJY1uJvk9yJmOZH28QHGZGGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE/szzsKhEAYhMHe9Z3J3P+w0qCpqUkVCB9/YzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLE/LykQAkEQBXPG/076/oeVBD2DCBHQ8KiiFg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLFz/75xU3EAwJ/t84UWEEdANwQhkBhgoddraemGGEARA38CUpReS+iVH20GWlWILGwocxcEI0JIoLD1f+jcSl3K1uGGIjGDns9O3CYSB6H2Jfl8pHfva8vy+z6fFOXrZx8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVCbvlsFCCFnse9PNtNx95+GN1djffayPbm3eW4otxknDeR8AL9c3kn57iQAAAHB0ZGWL7udby7FPe0X9n1fHxJr/+2encVXPP173V31V+8f2268PXtweqDcdJ570wtp4dHJ3Kp0nN8v59tw/HtEprnxx7yUrvpD0g40XJnlxPZNvb99+r1uEC01kCwD8Fyeqvgyq/4diP2wzMQCOjE6t8K7q/6zXbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATZhshKerOAkhLHV24ujuwxure/W3Nu8tVe3szZub4eudc8ZT5CGEC2vj0clGZzPfrl67fmllPB5daT54JYTQ1ujvlNO/9NEMB4fQyvUR/E9BWn7Z85LPwQha/KMEAMChlJct1vX3863luC9ZDOGvHx6t/1+vxWHG+v/Bx2fv1Meq1//DxmY4/wbrlz8fXL12/c21yysXRxdHn751avj28PS5M2fODYp7JQN3TAAAANifbtnq9X+6uHv9/3gtDjPW/198N/yqPlam/t/TzqJf25kAAAAcbc+/+ucfyR77k243fLmyvn5lOP3c3j41/Wwh1X9toWz1+j9bbDsrAAAAoAmTjeSR9f/ztTjMuP7/zI8v/Vw/ZxZCOFau/59Y/Wx8vrnpzLXZ3gfu7Ot14rbnCAAAQLuOla2+/p8Xz/+n2488pCGEN16bxuXPAM5U/2fvf/NTfaz68/+nm5viXEr70+tR9P0QOv22MwIAAOAwe6pssdj/Pd9a/uSX4x92Pf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA///RHjzw")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x167)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000200)='./file0\x00')

1m28.965128827s ago: executing program 1 (id=335):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000840)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_BSS(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000009c0)={0x24, r1, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x808)

1m26.891713631s ago: executing program 1 (id=347):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)={0x1, 0xb, 0x1, 0xfffffff8, 0xffffffff, 0x6})
unshare(0x480)

1m26.276024248s ago: executing program 33 (id=347):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)={0x1, 0xb, 0x1, 0xfffffff8, 0xffffffff, 0x6})
unshare(0x480)

30.759994288s ago: executing program 0 (id=595):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
syz_mount_image$hpfs(&(0x7f000000a000), &(0x7f0000009ec0)='./file1\x00', 0x3a00041, &(0x7f0000000000)={[{@eas_no}, {@eas_no}, {@case_asis}, {@check_none}]}, 0x1, 0x9e28, &(0x7f000000a040)="$eJxUk9Mf54W7BzfvZtt2TbZt27Y9ue/HRrZt1yLbtrHZbRvP63d5nj/guXjPzJi51t3wngHeO8D7Bnj/AB8Y4IMDHD7AEQMcOcBRA3xogA8P8JEBPjrAxwb4+ACfGOCTA3xqgE8P8JkBPjvA5wb4/ABfGOCLA3xpgC8P8JUBvjrA1wb4+gDfGOCbA3xrgG8P8J0BvjvA9wb4/gA/GOCHA/xogB8P8JMBfjrAzwb4+QC/GOCXAxw9wK8G+PUAvxngtwP8boDfD/CHAf44wJ8G+PMAfxngrwP8bYC/D3DMAP8Y4NgB/jnAvwb49wD/GeC/A/xvgEMCHCfAcQMcL8DxA5wgwAkDnCjAoQEOC3DiACcJcNIAJwtw8gCnCHDKAKcKcOoApwlw2gCnC3D6AGcIcMYAZwpw5gBnCXDWAGcLcPYA5whwzgDnCnDuAOcJcN4A5wtw/gAXCHDBABcKcOEAFwlw0QAXC3DxAJcIcMkACXCpAJcOcJkAlw1wuQCXD3CFAFcMcKUAVw5wlQBXDXC1AFcPcI0A1wxwrQDXDnCdANcNcL0A1w9wgwA3DHCjADcOcJMANw1wswA3D3CLALcMcKsAtw5wmwC3DXC7ALcPcIcAdwxwpwB3DnCXAHcNcLcAdw9wjwD3DHCvAPcOcJ8A9w1wvwD3D/CAAA8M8KAADw7wkAAPDfCwAA8P8IgAjwzwqACPDvCYAI8N8LgAjw/whABPDPCkAA3w5ABPCfDUAE8L8PQAzwjwzADPCnAQYBBgGGAUYBxgEmAaYBZgHmARYBlgFWAdYBNgG2AXYB/g2QGeE+C5AZ4X4PkBXhDghQFeFODFAV4S4KUBXhbg5QFeEeCVAV4V4NUBXhPgtQFeF+D1Ad4Q4I0B3hTgzQHeEuCtAd4W4O0B3hHgnQHeFeDdAd4T4L0B3hfg/QE+EOCDAQ4PcESAIwMcFeBDAT4c4CMBPhrgYwE+HuATAT4Z4FMBPh3gMwE+G+BzAT4f4AsBvhjgSwG+HOArAb4a4GsBvh7gGwG+GeBbAb4d4DsBvhvgewG+H+AHAX4Y4EcBfhzgJwF+GuBnAX4e4BcBfhng6AC/CvDrAL8J8NsAvwvw+wB/CPDHAH8K8OcAfwnw1wB/C/D3AMcE+EeAYwP8M8C/Avw7wH8C/DfA/wIcEuI4IY4b4nghjh/iBCFOGOJEIQ4NcViIE4c4SYiThjhZiJOHOEWIU4Y4VYhThzhNiNOGOF2I04c4Q4gzhjhTiDOHOEuIs4Y4W4izhzhHiHOGOFeIc4c4T4jzhjhfiPOHuECIC4a4UIgLh7hIiIuGuFiIi4e4RIhLhkiIS4W4dIjLhLhsiMuFuHyIK4S4YogrhbhyiKuEuGqIq4W4eohrhLhmiGuFuHaI64S4bojrhbh+iBuEuGGIG4W4cYibhLhpiJuFuHmIW4S4ZYhbhbh1iNuEuG2I24W4fYg7hLhjiDuFuHOIu4S4a4i7hbh7iHuEuGeIe4W4d4j7hLhviPuFuH+IB4R4YIgHhXhwiIeEeGiIh4V4eIhHhHhkiEeFeHSIx4R4bIjHhXh8iCeEeGKIJ4VoiCeHeEqIp4Z4Woinh3hGiGeGeFaIgxCDEMMQoxDjEJMQ0xCHjIN5iEWIZYhViHWITYhtiF2IfYhnh3hOiOeGeF6I54d4QYgXhnhRiBeHeEmIl4Z4WYiXh3hFiFeGeFWIV4d4TYjXhnhdiNeHeEOIN4Z4U4g3h3hLiLeGeFuIt4d4R4h3hnhXiHeHeE+I94Z4X4j3h/hAiA+GODzEESGODHFUiA+F+HCIj4T4aIiPhfh4iE+E+GSIT4X4dIjPhPhsiM+F+HyIL4T4YogvhfhyiK+E+GqIr4X4eohvhPhmiG+F+HaI74T4bojvhfh+iB+E+GGIH4X4cYifhPhpiJ+F+HmIX4T4ZYijQ/wqxK9D/CbEb0P8LsTvQ/whxB9D/CnEn0P8JcRfQ/wtxN9DHBPiHyGODfHPEP8K8e8Q/wnx3xD/+x/TCMeJcNwIx4tw/AgniHDCCCeKcGiEwyKcOMJJIpw0wskinDzCKSKcMsKpIpw6wmkinDbC6SKcPsIZIpwxwpkinDnCWSKcNcLZIpw9wjkinDPCuSKcO8J5Ipw3wvkinD/CBSJcMMKFIlw4wkUiXDTCxSJcPMIlIlwyQiJcKsKlI1wmwmUjXC7C5SNcIcIVI1wpwpUjXCXCVSNcLcLVI1wjwjUjXCvCtSNcJ8J1I1wvwvUj3CDCDSPcKMKNI9wkwk0j3CzCzSPcIsItI9wqwq0j3CbCbSPcLsLtI9whwh0j3CnCnSPcJcJdI9wtwt0j3CPCPSPcK8K9I9wnwn0j3C/C/SM8IMIDIzwowoMjPCTCQyM8LMLDIzwiwiMjPCrCoyM8JsJjIzwuwuMjPCHCEyM8KUIjPDnCUyI8NcLTIjw9wjMiPDPCsyIcRBhEGEYYRRhHmESYRphFmEdYRFhGWEVYR9hE2EbYRdhHeHaE50R4boTnRXh+hBdEeGGEF0V4cYSXRHhphJdFeHmEV0R4ZYRXRXh1hNdEeG2E10V4fYQ3RHhjhDdFeHOEt0R4a4S3RXh7hHdEeGeEd0V4d4T3RHhvhPdFeH+ED0T4YITDIxwR4cgIR0X4UIQPR/hIhI9G+FiEj0f4RIRPRvhUhE9H+EyEz0b4XITPR/hChC9G+FKEL0f4SoSvRvhahK9H+EaEb0b4VoRvR/hOhO9G+F6E70f4QYQfRvhRhB9H+EmEn0b4WYSfR/hFhF9GODrCryL8OsJvIvw2wu8i/D7CHyL8McKfIvw5wl8i/DXC3yL8PcIxEf4R4dgI/4zwrwj/jvCfCP+N8L8Ih8Q4TozjxjhejOPHOEGME8Y4UYxDYxwW48QxThLjpDFOFuPkMU4R45QxThXj1DFOE+O0MU4X4/QxzhDjjDHOFOPMMc4S46wxzhbj7DHOEeOcMc4V49wxzhPjvDHOF+P8MS4Q44IxLhTjwjEuEuOiMS4W4+IxLhHjkjES41IxLh3jMjEuG+NyMS4f4woxrhjjSjGuHOMqMa4a42oxrh7jGjGuGeNaMa4d4zoxrhvjejGuH+MGMW4Y40YxbhzjJjFuGuNmMW4e4xYxbhnjVjFuHeM2MW4b43Yxbj/+kCH/23fHGHeKcecYd4lx1xh3i3H3GPeIcc8Y94px7xj3iXHfGPeLcf8YD4jxwBgPivHgGA+J8dAYD4vx8BiPiPHIGI+K8egYj4nx2BiPi/H4GE+I8cQYT4rRGE+O8ZQYT43xtBhPj/GMGM+M8awYBzEGMYYxRjHGMSYxpjFmMeYxFjGWMVYx1jE2MbYxdjH2MZ4d4zkxnhvjeTGeH+MFMV4Y40UxXhzjJTFeGuNlMV4e4xUxXhnjVTFeHeM1MV4b43UxXh/jDTHeGONNMd4c4y0x3hrjbTHeHuMdMd4Z410x3h3jPTHeG+N9Md4f4wMxPhjj8BhHxDgyxlExPhTjwzE+EuOjMT4W4+MxPhHjkzE+FePTMT4T47MxPhfj8zG+EOOLMb4U48sxvhLjqzG+FuPrMb4R45sxvhXj2zG+E+O7Mb4X4/sxfhDjhzF+FOPHMX4S46cxfhbj5zF+EeOXMY6O8asYv47xmxi/jfG7GL+P8YcYf4zxpxh/jvGXGH+N8bcYf49xTIx/xDg2xj9j/CvGv2P8J8Z/Y/wvxiEJjpPguAmOl+D4CU6Q4IQJTpTg0ASHJThxgpMkOGmCkyU4eYJTJDhlglMlOHWC0yQ4bYLTJUwwZMgQZ0hwxgRnSnDmBGdJcNYEZ0tw9gTnSHDOBOdKcO4E50lw3gTnS3D+BBdIcMEEF0pw4QQXSXDRBBdLcPEEl0hwyQRJcKkEl05wmQSXTXC5BJdPcIUEV0xwpQRXTnCVBFdNcLUEV09wjQTXTHCtBNdOcJ0E101wvQTXT3CDBDdMcKMEN05wkwQ3TXCzBDdPcIsEt0xwqwS3TnCbBLdNcLsEt09whwR3THCnBHdOcJcEd01wtwR3T3CPBPdMcK8E905wnwT3TXC/BPdP8IAED0zwoAQPTvCQBA9N8LAED0/wiASPTPCoBI9O8JgEj03wuASPT/CEBE9M8KQETfDkBE9J8NQET0vw9ATPSPDMBM9KcJBgkGCYYJRgnGCSYJpglmCeYJFgmWCVYJ1gk2CbYJdgn+DZCZ6T4LkJnpfg+QlekOCFCV6U4MUJXpLgpQleluDlCV6R4JUJXpXg1Qlek+C1CV6X4PUJ3pDgjQnelODNCd6S4K0J3pbg7QnekeCdCd6V4N0J3pPgvQnel+D9CT6Q4IMJDk9wRIIjExyV4EMJPpzgIwk+muBjCT6e4BMJPpngUwk+neAzCT6b4HMJPp/gCwm+mOBLCb6c4CsJvprgawm+nuAbCb6Z4FsJvp3gOwm+m+B7Cb6f4AcJfpjgRwl+nOAnCX6a4GcJfp7gFwl+meDoBL9K8OsEv0nw2wS/S/D7BH9I8McEf0rw5wR/SfDXBH9L8PcExyT4R4JjE/wzwb8S/DvBfxL8N8H/EhyS4jgpjpvieCmOn+IEKU6Y4kQpDk1xWIoTpzhJipOmOFmKk6c4RYpTpjhVilOnOE2K06Y4XYrTpzhDijOmOFOKM6c4S4qzpjhbirOnOEeKc6Y4V4pzpzhPivOmOF+K86e4QIoLprhQigunuEiKi6a4WIqLp7hEikumSIpLpbh0isukuGyKy6W4fIorpLhiiiuluHKKq6S4aoqrpbh6imukuGaKa6W4dorrpLhuiuuluH6KG6S4YYobpbhxipukuGmKm6W4eYpbpLhliluluHWK26S4bYrbpbh9ijukuGOKO6W4c4q7pLhriruluHuKe6S4Z4p7pbh3ivukuG+K+6W4f4oHpHhgigeleHCKh6R4aIqHpXh4ikekeGSKR6V4dIrHpHhsiseleHyKJ6R4YoonpWiKJ6d4SoqnpnhaiqeneEaKZ6Z4VoqDFIMUwxSjFOMUkxTTFLMU8xSLFMsUqxTrFJsU2xS7FPsUz07xnBTPTfG8FM9P8YIUL0zxohQvTvGSFC9N8bIUL0/xihSvTPGqFK9O8ZoUr03xuhSvT/GGFG9M8aYUb07xlhRvTfG2FG9P8Y4U70zxrhTvTvGeFO9N8b4U70/xgRQfTHF4iiNSHJniqBQfSvHhFB9J8dEUH0vx8RSfSPHJFJ9K8ekUn0nx2ZTkuRSfT/GFFF9M8aUUX07xlRRfTfG1FF9P8Y0U30zxrRTfTvGdFN9N8b0U30/xgxQ/TPGjFD9O8ZMUP03xsxQ/T/GLFL9McXSKX6X4dYrfpPhtit+l+H2KP6T4Y4o/pfhzir+k+GuKv6X4e4pjUvwjxbEp/pniXyn+neI/Kf6b4n8pDslwnAzHzXC8DMfPcIIMJ8xwogyHZjgsw4kznCTDSTOcLMPJM5wiwykznCrDqTOcJsNpM5wuw+kznCHDGTOcKcOZM5wlw1kznC3D2TOcI8M5M5wrw7kznCfDeTOcL8P5M1wgwwUzXCjDhTNcJMNFM1wsw8UzXCLDJTMkw6UyXDrDZTJcNsPlMlw+wxUyXDHDlTJcOcNVMlw1w9UyXD3DNTJcM8O1Mlw7w3UyXDfD9TJcP8MNMtwww40y3DjDTTLcNMPNMtw8wy0y3DLDrTLcOsNtMtw2w+0y3D7DHTLcMcOdMtw5w10y3DXD3TLcPcM9Mtwzw70y3DvDfTLcN8P9Mtw/wwMyPDDDgzI8OMNDMjw0w8MyPDzDIzI8MsOjMjw6w2MyPDbD4zI8PsMTMjwxw5MyNMOTMzwlw1MzPC3D0zM8I8MzMzwrw0GGQYZhhlGGcYZJhmmGWYZ5hkWGZYZVhnWGTYZthl2GfYZnZ3hOhudmeF6G52d4QYYXZnhRhhdneEmGl2Z4WYaXZ3hFhldmeFWGV2d4TYbXZnhdhtdneEOGN2Z4U4Y3Z3hLhrdmeFuGt2d4R4Z3ZnhXhndneE+G92Z4X4b3Z/hAhg9mODzDERmOzHBUhg9l+HCGj2T4aIaPZfh4hk9k+GSGT2X4dIbPZPhshs9l+HyGL2T4YoYvZfhyhq9k+GqGr2X4eoZvZPhmhm9l+HaG72T4bobvZfh+hh9k+GGGH2X4cYafZPhphp9l+HmGX2T4ZYajM/wqw68z/CbDbzP8LsPvM/whwx8z/CnDnzP8JcNfM/wtw98zHJPhHxmOzfDPDP/K8O8M/8nw3wz/y3BIjuPkOG6O4+U4fo4T5DhhjhPlODTHYTlOnOMkOU6a42Q5Tp7jFDlOmeNUOU6d4zQ5TpvjdDlOn+MMOc6Y40w5zpzjLDnOmuNsOc6e4xw5zpnjXDnOneM8Oc6b43w5zp/jAjkumONCOS6c4yI5LprjYjkunuMSOS6ZIzkulePSOS6T47I5Lpfj8jmukOOKOa6U48o5rpLjqjmuluPqOa6R45o5rjV0yJD/bbFOjuvmuF6O6+e4QY4b5rhRjhvnuEmOm+a4WY6b57hFjlvmuFWOW+e4TY7b5rhdjtvnuEOOO+a4U44757hLjrvmuFuOu+e4R4575rhXjnvnuE+O++a4X47753hAjgfmeFCOB+d4SI6H5nhYjofneESOR+Z4VI5H53hMjsfmeFyOx+d4Qo4n5nhSjuZ4co6n5HhqjqfleHqOZ+R4Zo5n5TjIMcgxzDHKMc4xyTHNMcsxz7HIscyxyrHOscmxzbHLsc/x7BzPyfHcHM/L8fwcL8jxwhwvyvHiHC/J8dIcL8vx8hyvyPHKHK/K8eocr8nx2hyvy/H6HG/I8cYcb8rx5hxvyfHWHG/L8fYc78jxzhzv+h+v0WePvSfHe//n8pD/f8NzHJHjyBxH5fjQ/9wfMmTIIzk+muNjOT6e4xM5PpnjUzk+neMzOT6b43M5Pp/jCzm+mONLOb6c4ys5vprjazm+nuMbOb6Z41s5vp3jOzm+m+N7Ob6f4wc5fpjjRzl+nOMnOX6a42c5fp7jFzl+mePoHL/K8escv8nx2xy/y/H7HH/I8cccf8rx5xx/yfHXHH/L8fccx+T4R45jc/wzx79y/DvHf3L8N8f/chxS4DgFjlvgeAWOX+AEBU5Y4EQFDi1wWIETFzhJgZMWOFmBkxc4RYFTFjhVgVMXOE2B0xY4XYHTFzhDgTMWOFOBMxc4S4GzFjhbgbMXOEeBcxY4V4FzFzhPgfMWOF+B8xe4QIELFrhQgQsXuEiBixa4WIGLF7hEgUsWSIFLFbh0gcsUuOGMzdjlCly+wBUKXLHAlQpcucBVCvyfB6sVuHqBaxS4ZoFrFbh2gesUuG6B6xW4foEb/O9fgRsVuHGBmxS4aYGbFbh5gVsUuGWBWxW4dYHbFLhtgdsVuH2BOxS4Y4E7FbhzgbsUuGuBuxW4e4F7FLhngXsVuHeB+xS4b4H7Fbh/gQcUeGCBBxV4cIGHFHhogYddhIcXeESBRxZ4VIFHF3hMgccWeFyBxxd4QoEnFnhSgRZ4coGnFHhqgacVeHqBZxR4ZoFnFTgoMCgwLDAqMC4wKTAtMCswL7AosCywKrAusCmwLbArsC/w7ALPKfDcAs8r8PwCLyjwwgIvKvDiAi8p8NICLyvw8gKvKPDKAq8q8OoCrynw2gKvK/D6Am8o8MYCbyrw5gJvKfDWAm8r8PYC7yjwzgLvKvDuAu8p8N4C7yvw/gIfKPDBAocXOKLAkQWOKvChAh8u8JECHy3wsQIfL/CJAp8s8KkCny7wmQKfLfC5Ap8v8IUCXyzwpQJfLvCVAl8t8LUCXy/wjQLfLPCtAt8u8J0C3y3wvQLfL/CDAj8s8KMCPy7wkwI/LfCzAj8v8IsCvyxwdIFfFfh1gd8U+G2B3xX4fYE/FPhjgT8V+HOBvxT4a4G/Ffh7gWMK/KPAsQX+WeBfBf5d4D8F/lvgf/9rocRxShy3xPFKHL/ECUqcsMSJShxa4rASJy5xkhInLXGyEicvcYoSpyxxqhKnLnGaEqctcboSpy9xhhJnLHGmEmcucZYSZy1xthJnL3GOEucsca4S5y5xnhLnLXG+EucvcYESFyxxoRIXLnGREhctcbESFy9xiRKXLJESlypx6RKXKXHZEpcrcfkSVyhxxRJXKnHlElcpcdUSVytx9RLXKHHNEtcqce0S1ylx3RLXK3H9EjcoccMSNypx4xI3KXHTEjcrcfMStyhxyxK3KnHrErcpcdsStytx+xJ3KHHHEncqcecSdylx1xJ3K3H3Evcocc8S9ypx7xL3KXHfEvcrcf8SDyjxwBIPKvHgEg8p8dASDyvx8BKPKPHIEo8q8egSjynx2BKPK/H4Ek8o8cQSTyrREk8u8ZQSTy3xtBJPL/GMEs8s8awSByUGJYYlRiXGJSYlpiVmJeYlFiWWJVYl1iU2JbYldiX2JZ5dLjl0yBA8t8TzSjy/xAtKvLDEi0q8uMRLSry0xMtKvLzEK0q8ssSrSry6xGtKvLbE60q8vsQbSryxxJtKvLnEW0q8tcTbSry9xDtKvLPEu0q8u8R7Sry3xPtKvL/EB0p8sMThJY4ocWSJo0p8qMSHS3ykxEdLfKzEx0t8osQnS3yqxKdLfKbEZ0t8rsTnS3yhxBdLfKnEl0t8pcRXS3ytxNdLfKPEN0t8q8S3S3ynxHdLfK/E90v8oMQPS/yoxI9L/KTET0v8rMTPS/yixC9LHF3iVyV+XeI3JX5b4nclfl/iDyX+WOJPJf5c4i8l/lribyX+XuKYEv8ocWyJf5b4V4l/l/hPif+W+F+JQyocp8JxKxyvwvErnKDCCSucqMKhFQ6rcOIKJ6lw0gonq3DyCqeocMoKp6pw6gqnqXDaCqercPoKZ6hwxgpnqnDmCmepcNYKZ6tw9grnqHDOCueqcO4K56lw3grnq3D+CheocMEKF6pw4QoXqXDRChercPEKl6hwyQqpcKkKl65wmQqXrXC5CpevcIUKV6xwpQpXrnCVCletcLUKV69wjQrXrHCtCteucJ0K161wvQrXr3CDCjescKMKN65wkwo3rXCzCjevcIsKt6xwqwq3rnCbCretcLsKt69whwp3rHCnCneucJcKd61wtwp3r3CPCvescK8K965wnwr3rXC/Cvev8IAKD6zwoAoPrvCQCg+t8LAKD6/wiAqPrPCoCo+u8JgKj63wuAqPr/CECk+s8KQKrfDkCk+p8NQKT6vw9ArPqPDMCs+qcFBhUGFYYVRhXGFSYVphVmFeYVFhWWFVYV1hU2FbYVdhX+HZFZ5T4bkVnlfh+RVeUOGFFV5U4cUVXlLhpRVeVuHlFV5R4ZUVXlXh1RVeU+G1FV5X4fUV3lDhjRXeVOHNFd5S4a0V3lbh7RXeUeGdFd5V4d0V3lPhvRXeV+H9FT5Q4YMVDq9wRIUjKxxV4UMVPlzhIxU+WuFjFT5e4RMVPlnhUxU+XeEzFT5b4XMVPl/hCxW+WOFLFb5c4SsVvlrhaxW+XuEbFb5Z4VsVvl3hOxW+W+F7Fb5f4QcVfljhRxV+XOEnFX5a4WcVfl7hFxV+WeHoCr+q8OsKv6nw2wq/q/D7Cn+o8McKf6rw5wp/qfDXCn+r8PcKx1T4R4VjK/yzwr8q/LvCfyr8t8L/KhxS4zg1jlvjeDWOX+MENU5Y40Q1Dq1xWI0T1zhJjZPWOFmNk9c4RY1T1jhVjVPXOE2N09Y4XY3T1zhDjTPWOFONM9c4S42z1jhbjbPXOEeNc9Y4V41z1zhPjfPWOF+N89e4QI0L1rhQjQvXuEiNi9a4WI2L17hEjUvWSI1L1bh0jcvUuGyNy9W4fI0r1LhijSvVuHKNq9S4ao2r1bh6jWvUuGaNa9W4do3r1LhujevVuH6NG9S4YY0b1bhxjZvUuGmNm9W4eY1b1LhljVvVuHWN29S4bY3b1bh9jTvUuGONO9W4c4271LhrjbvVuHuNe9S4Z4171bh3jfvUuG+N+9W4f40H1HhgjQfVeHCNh9R4aI2H1Xh4jUfUeGSNR9V4dI3H1HhsjcfVeHyNJ9R4Yo0n1WiNJ9d4So2n1nhajafXeEaNZ9Z4Vo2DGoMawxqjGuMakxrTGrMa8xqLGssaqxrrGpsa2xq7Gvsaz67xnBrPrfG8Gs+v8YIaL6zxohovrvGSGi+t8bIaL6/xihqvrPGqGq+u8Zoar63xuhqvr/GGGm+s8aYab67xlhpvrfG2Gm+v8Y4a76zxrhrvrvGeGu+t8b4a76/xgRofrHF4jSNqHFnjqBofqvHhGh+p8dEaH6vx8RqfqPHJGp+q8ekan6nx2Rqfq/H5Gl+o8cUaX6rx5RpfqfHVGl+r8fUa36jxzRrfqvHtGt+p8d0a36vx/Ro/qPHDGj+q8eMaP6nx0xo/q/HzGr+o8csaR9f4VY1f1/hNjd/W+F2N39f4Q40/1vhTjT/X+EuNv9b4W42/1zimxj9qHFvjnzX+VePfNf5T4781/lfjkAbHaXDcBsdrcPwGJ2hwwgYnanBog8ManLjBSRqctMHJGpy8wSkanLLBqRqcusFpGpy2wekanL7BGRqcscGZGpy5wVkanLXB2RqcvcE5GpyzwbkanLvBeRqct8H5Gpy/wQUaXLDBhRpcuMFFGly0wcUaXLzBJRpcskEaXKrBpRtcpsFlG1yuweUbXKHBFRtcqcGVG1ylwVUbXK3B1Rtco8E1G1yrwbUbXKfBdRtcr8H1G9ygwQ0b3KjBjRvcpMFNG9yswc0b3KLBLRvcqsGtG9ymwW0b3K7B7RvcocEdG9ypwZ0b3KXBXRvcrcHdG9yjwT0b3KvBvRvcp8F9G9yvwf0bPKDBAxs8qMGDGzykwUMbPKzBwxs8osEjGzyqwaMbPKbBYxs8rsHjGzyhwRMbPKlBGzy5wVMaPLXB0xo8vcEzGjyzwbMaHDQYNBg2GDUYN5g0mDaYNZg3WDRYNlg1WDfYNNg22DXYN3h2g+c0eG6D5zV4foMXNHhhgxc1eHGDlzR4aYOXNXh5g1c0eGWDVzV4dYPXNHhtg9c1eH2DNzR4Y4M3NXhzg7c0eGuDtzV4e4N3NHhng3c1eHeD9zR4b4P3NXh/gw80+GCDwxsc0eDIBkc1+FCDDzf4SIOPNvhYg483+ESDTzb4VINPN/hMg882+FyDzzf4QoMvNvhSgy83+EqDrzb4WoOvN/hGg282+FaDbzf4ToPvNvheg+83+EGDHzb4UYMfN/hJg582+FmDnzf4RYNfNji6wa8a/LrBbxr8tsHvGvy+wR8a/LHBnxr8ucFfGvy1wd8a/L3BMQ3+0eDYBv9s8K8G/27wnwb/bfC/Boe0OE6L47Y4XovjtzhBixO2OFGLQ1sc1uLELU7S4qQtTtbi5C1O0eKULU7V4tQtTtPitC1O1+L0Lc7Q4owtztTizC3O0uKsLc7W4uwtztHinC3O1eLcLc7T4rwtztfi/C0u0OKCLS7U4sItLtLioi0u1uLiLS7R4pIt0uJSLS7d4jItLtvici0u3+IKLa7Y4kotrtziKi2u2uJqLa7e4hotrtniWi2u3eI6La7b4notrt/iBi1u2OJGLW7c4iYtbtriZi1u3uIWLW7Z4lYtbt3iNi1u2+J2LW7f4g4t7tjiTi3u3OIuLe7a4m4t7t7iHi3u2eJeLe7d4j4t7tvifi3u3+IBLR7Y4kEtHtziIS0e2uJhLR7e4hEtHtniUS0e3eIxLR7b4nEtHt/iCS2e2OJJLdriyS2e0uKpLZ7W4uktntHimS2e1eKgxaDFsMWoxbjFpMW0xazFvMWixbLFqsW6xabFtsWuxb7Fs1s8p8VzWzyvxfNbvKDFC1u8qMWLW7ykxUtbvKzFy1u8osUrW7yqxatbvKbFa1u8rsXrW7yhxRtbvKnFm1u8pcVbW7ytxdtbvKPFO1u8q8W7W7ynxXtbvK/F+1t8oMUHWxze4ogWR7Y4qsWHWny4xUdafLTFx1p8vMUnWnyyxadafLrFZ1p8tsXnWny+Zdj/unmxxZdafLnFV1p8tcXXWny9xTdafLPFt1p8u8V3Wny3xfdafL/FD1r8sMWPWvy4xU9a/LTFz1r8vMUvWvyyxdEtftXi1y1+0+K3LX7X4vct/tDijy3+1OLPLf7S4q8t/tbi7y2OafGPaXBsi3+2+FeLf7f4T4v/tvhfi0M6HKfDcTscr8PxO5ygwwk7nKjDoR0O63DiDifpcNIOJ+tw8g6n6HDKDqfqcOoOp+lw2g6n63D6DmfocMYOZ+pw5g5n6XDWDmfrcPYO5+hwzg7n6nDuDufpcN4O5+tw/g4X6HDBDhfqcOEOF+lw0Q4X63DxDpfocMkO6XCpDpfucJkOl+1wuQ6X73CFjmFDhgxxpQ5X7nCVDlftcLUOV+9wjQ7X7HCtDtfucJ0O1+1wvQ7X73CDDjfscKMON+5wkw437XCzDjfvcIsOt+xwqw637nCbDrftcLsOt+9whw537HCnDnfucJcOd+1wtw5373CPDvfscK8O9+5wnw737XC/Dvfv8IAOD+zwoA4P7vCQDg/t8LAOD+/wiA6P7PCoDo/u8JgOj+3wuA6P7/CEDk/s8KQO7fDkDk/p8NQOT+vw9A7P6PDMDs/qcNBh0GHYYdRh3GHSYdph1mHeYdFh2WHVYd1h02HbYddh3+HZHZ7T4bkdntfh+R1e0OGFHV7U4cUdXtLhpR1e1uHlHV7R4ZUdXtXh1R1e0+G1HV7X4fUd3tDhjR3e1OHNHd7S4a0d3tbh7R3e0eGdHd7V4d0d3tPhvR3e1+H9HT7Q4YMdDu9wRIcjOxzV4UMdPtzhIx0+2uFjHT7e4RMdPtnhUx0+3eEzHT7b4XMdPt/hCx2+2OFLHb7c4Ssdvtrhax2+3uEbHb7Z4Vsdvt3hOx2+2+F7Hb7f4QcdftjhRx1+3OEnHX7a4Wcdft7hFx1+2eHoDr/q8OsOv+nw2w6/6/D7Dn/o8McOf+rw5w5/6fDXDn/r8PcOx3T4R4djO/yzw786/LvDfzr8t8P/OhzS4zg9jtvjeD2O3+MEPU7Y40Q9Du1xWI8T9zhJj5P2OFmPk/c4RY9T9jhVj1P3OE2P0/Y4XY/T9zhDjzP2OFOPM/c4S4+z9jhbj7P3OEePc/Y4V49z9zhPj/P2OF+P8/e4QI8L9rhQjwv3uEiPi/a4WI+L97hEj0v2SI9L9bh0j8v0uGyPy/W4fI8r9Lhijyv1uHKPq/S4ao+r9bh6j2v0uGaPa/W4do/r9Lhuj+v1uH6PG/S4YY8b9bhxj5v0uGmPm/W4eY9b9Lhlj1v1uHWP2/S4bY/b9bh9jzv0uGOPO/W4c4+79Lhrj7v1uHuPe/S4Z4979bh3j/v0uG+P+/W4f48H9Hhgjwf1eHCPh/R4aI+H9Xh4j0f0eGSPR/V4dI/H9Hhsj8f1eHyPJ/R4Yo8n9WiPJ/d4So+n9nhaj6f3eEaPZ/Z4Vo+DHoMewx6jHuMekx7THrMe8x6LHsseqx7rHpse2x67Hvsez+7xnB7P7fG8Hs/v8YIeL+zxoh4v7vGSHi/t8bIeL+/xih6v7PGqHq/u8Zoer+3xuh6v7/GGHm/s8aYeb+7xlh5v7fG2Hm/v8Y4e7+zxrh7v7vGeHu/t8b4e7+/xgR4f7HF4jyN6HNnjqJ7/Y9kem/A8GAUIp7Ztm1vbtm3b3hqp/dw2atttWNu2bTc5c2bev3DNfl2HDXD4AEcMcOQARw1w9AAfH+ATA3xygE8N8OkBPjPAZwf43ACfH+ALA3xxgC8N8OUBvjLAVwf42gBfH+Abg/GHvDnAtwb49gDfGeC7A3xvgO8P8IMBfjjAjwb48QA/GeCnA/xsgJ8P8IsBfjnArwb49QC/GeC3A/xugN8P8IcB/jjAnwb48wB/GeCvA/xtgL8P8I8B/jnAvwb49wD/GeC/A/xvgGMGOHaAQwIcJ8BxAxwvwPEDnCDACQOcKMCJA5wkwEkDnCzAyQOcIsApA5wqwKkDnCbAaQOcLsDpA5whwBkDnCnAmQOcJcBZA5wtwNkDnCPAOQOcK8C5A5wnwHkDnC/A+QNcIMAFA1wowIUDXCTARQNcLMDFA1wiwCUDXCrApQMkwGUCXDbA5QJcPsAVAlwxwJUCXDnAVQJcNcDVAlw9wDUCXDPAtQJcO8B1Alw3wPUCXD/ADQLcMMCNAtw4wE0C3DTAzQLcPMAtAtwywK0C3DrAbQLcNsDtAtw+wB0C3DHAnQLcOcBdAtw1wN0C3D3APQLcM8C9Atw7wH0C3DfA/QLcP8ADAjwwwIMCPDjAQwI8NMDDAjw8wCMCPDLAowI8OsBjAjw2wOMCPD7AEwI8McCTAjw5wFMCNMBTAzwtwNMDPCPAMwM8K8CzAzwnwHMDPC/AoQGeH+AFAV4Y4EUBXhzgJQFeGuBlAV4e4BUBXhngVQFeHeAgwCDAMMAowDjAJMA0wCzAPMAiwDLAKsA6wCbANsAuwD7AawK8NsDrArw+wBsCvDHAmwK8OcBbArw1wNsCvD3AOwK8M8C7Arw7wHsCvDfA+wK8P8AHAnwwwIcCfDjARwJ8NMDHAhwW4PAARwQ4MsBRAY4O8PEAnwjwyQCfCvDpAJ8J8NkAnwvw+QBfCPDFAF8K8OUAXwnw1QBfC/D1AN8I8M0A3wrw7QDfCfDdAN8L8P0APwjwwwA/CvDjAD8J8NMAPwvw8wC/CPDLAL8K8OsAvwnw2wC/C/D7AH8I8McAfwrw5wB/CfDXAH8L8PcA/wjwzwD/CvDvAP8J8N8A/wtwTIBjAxwS4jghjhvieCGOH+IEIU4Y4kQhThziJCFOGuJkIU4e4hQhThniVCFOHeI0IU4b4nQhTh/iDCHOGOJMIc4c4iwhzhribCHOHuIcIc4Z4lwhzh3iPCHOG+J8Ic4f4gIhLhjiQiEuHOIiIS4a4mIhLh7iEiEuGeJSIS4dIiEuE+KyIS4X4vIhrhDiiiGuFOLKIa4S4qohrhbi6iGuEeKaIa4V4tohrhPiuiGuF+L6IW4Q4oYhbhTixiFuEuKmIW4W4uYhbhHiliFuFeLWIW4T4rYhbhfi9iHuEOKOIe4U4s4h7hLiriHuFuLuIe4R4p4h7hXi3iHuE+K+Ie4X4v4hHhDigSEeFOLBIR4S4qEhHhbi4SEeEeKRIR4V4tEhHhPisSEeF+LxIZ4Q4okhnhTiySGeEqIhnhriaSGeHuIZIZ4Z4lkhnh3iOSGeG+J5IQ4N8fwQLwjxwhAvCvHiEC8J8dIQLwvx8hCvCPHKEK8K8eoQByEGIYYhRiHGISYhpiFmIeYhFiGWIVYh1iE2IbYhdiH2IV4T4rUhXhfi9SHeEOKNId4U4s0h3hLirSHeFuLtId4R4p0h3hXi3SHeE+K9Id4X4v0hPhDigyE+FOLDIT4S4qMhPhbisBCHhzgixJEhjgpxdIiP/7/nEHwyxKdCfDrEZ0J8NsTnQnw+xBdCfDHEl0J8OcRXQnw1xNdCfD3EN0J8M8S3Qnw7xHdCfDfE90J8P8QPQvwwxI9C/DjET0L8NMTPQvw8xC9C/DLEr0L8OsRvQvw2xO9C/D7EH0L8McSfQvw5xF9C/DXE30L8PcQ/QvwzxL9C/DvEf0L8N8T/QhwT4tgQh0Q4ToTjRjhehONHOEGEE0Y4UYQTRzhJhJNGOFmEk0c4RYRTRjhVhFNHOE2E00Y4XYTTRzhDhDNGOFOEM0c4S4SzRjhbhLNHOEeEc0Y4V4RzRzhPhPNGOF+E80e4QIQLRrhQhAtHuEiEi0a4WISLR7hEhEtGuFSES0dIhMtEuGyEy0W4fIQrRLhihCtFuHKEq0S4aoSrRbh6hGtEuGaEa0W4doTrRLhuhOtFuH6EG0S4YYQbRbhxhJtEuGmEm0W4eYRbRLhlhFtFuHWE20S4bYTbRbh9hDtEuGOEO0W4c4S7RLhrhLtFuHuEe0S4Z4R7Rbh3hPtEuG+E+0W4f4QHRHhghAdFeHCEh0R4aISHRXh4hEdEeGSER0V4dITHRHhshMdFeHyEJ0R4YoQnRXhyhKdEaISnRnhahKdHeEaEZ0Z4VoRnR3hOhOdGeF6EQyM8P8ILIrwwwosivDjCSyK8NMLLIrw8wisivDLCqyK8OsJBhEGEYYRRhHGESYRphFmEeYRFhGWEVYR1hE2EbYRdhH2E10R4bYTXRXh9hDdEeGOEN0V4c4S3RHhrhLdFeHuEd0R4Z4R3RXh3hPdEeG+E90V4f4QPRPhghA9F+HCEj0T4aISPRTgswuERjohwZISjIhwd4eMRPhHhkxE+FeHTET4T4bMRPhfh8xG+EOGLEb4U4csRvhLhqxG+FuHrEb4R4ZsRvhXh2xG+E+G7Eb4X4fsRfhDhhxF+FOHHEX4S4acRfhbh5xF+EeGXEX4V4dcRfhPhtxF+F+H3Ef4Q4Y8R/hThzxH+EuGvEf4W4e8R/hHhnxH+FeHfEf4T4b8R/hfhmAjHRjgkxnFiHDfG8WIcP8YJYpwwxolinDjGSWKcNMbJYpw8xilinDLGqWKcOsZpYpw2xulinD7GGWKcMcaZYpw5xllinDXG2WKcPcY5YpwzxrlinDvGeWKcN8b5Ypw/xgViXDDGhWJcOMZFYlw0xsViXDzGJWJcMsalYlw6RmJcJsZlY1wuxuVjXCHGFWNcKcaVY1wlxlVjXC3G1WNcI8Y1Y1wrxrVjXCfGdWNcL8b1Y9wgxg1j3CjGjWPcJMZNY9wsxs1j3CLGLWPcKsatY9wmxm1j3C7G7WPcIcYdY9wpxp1j3CXGXWPcLcbdY9wjxj1j3CvGvWPcJ8Z9Y9wvxv1jPCDGA2M8KMaDYzwkxkNjPCzGw2M8IsYjYzwqxqNjPCbGY2M8LsbjYzwhxhNjPCnGk2M8JUZjPDXG02I8PcYzYjwzxrNiPDvGc2I8N8bzYhwa4/kxXhDjhTFeFOPFMV4S46UxXhbj5TFeEeOVMV4V49UxDmIMYgxjjGKMY0xiTGPMYsxjLGIsY6xirGNsYmxj7GLsY7wmxmtjvC7G62O8IcYbY7wpxptjvCXGW2O8LcbbY7wjxjtjvCvGu2O8J8Z7Y7wvxvtjfCDGB2N8KMaHY3wkxkdjfCzGYTEOj3FEjCNjHBXj6Bgfj/GJGJ+M8akYn47xmRifjfG5GJ+P8YUYX4zxpRhfjvGVGF+N8bUYX4/xjRjfjPGtGN+O8Z0Y343xvRjfj/GDGD+M8aMYP47xkxg/jfGzGD+P8YsYv4zxqxi/jvGbGL+N8bsYv4/xhxh/jPGnGH+O8ZcYf43xtxh/j/GPGP+M8a8Y/47xnxj/jfG/GMfEODbGIQmOk+C4CY6X4PgJTpDghAlOlODECU6S4KQJTpbg5AlOkeCUCU6V4NQJTpPgtAlOl+D0Cc6Q4IwJzpTgzAnOkuCsCc6W4OwJzpHgnAnOleDcCc6T4LwJzpfg/AkukOCCCS6U4MIJLpLgogkuluDiCS6R4JIJLpXg0gmS4DIJLpvgcgkun+AKCa6Y4EoJrpzgKgmumuBqCa6e4BoJrpngWgmuneA6Ca6b4HoJrp/gBglumOBGCW6c4CYJbprgZglunuAWCW6Z4FYJbp3gNglum+B2CW6f4A4J7pjgTgnunOAuCe6a4G4J7p7gHgnumeBeCe6d4D4J7pvgfgnun+ABCR6Y4EEJHpzgIQkemuBhCR6e4BEJHpngUQkeneAxCR6b4HEJHp/gCQmemOBJCZ6c4CkJmuCpCZ6W4OkJnpHgmQmeleDZCZ6T4LkJnpfg0ATPT/CCBC9M8KIEL07wkgQvTfCyBC9P8IoEr0zwqgSvTnCQYJBgmGCUYJxgkmCaYJZgnmCRYJlglWCdYJNgm2CXYJ/gNQlem+B1CV6f4A0J3pjgTQnenOAtCd6a4G0J3p7gHQnemeBdCd6d4D0J3pvgfQnen+ADCT6Y4EMJPpzgIwk+muBjCQ5LcHiCIxIcmeCoBEcn+HiCTyT4ZIJPJfh0gs8k+GyCzyX4fIIvJPhigi8l+HKCryT4aoKvJfh6gm8k+GaCbyX4doLvJPhugu8l+H6CHyT4YYIfJfhxgp8k+GmCnyX4eYJfJPhlgl8l+HWC3yT4bYLfJfh9gj8k+GOCPyX4c4K/JPhrgr8l+HuCfyT4Z4J/Jfh3gv8k+G+C/yU4JsGxCQ5JcZwUx01xvBTHT3GCFCdMcaIUJ05xkhQnTXGyFCdPcYoUp0xxqhSnTnGaFKdNcboUp09xhhRnTHGmFGdOcZYUZ01xthRnT3GOFOdMca4U505xnhTnTXG+FOdPcYEUF0xxoRQXTnGRFBdNcbEUF09xiRSXTHGpFJdOkRSXSXHZFJdLcfkUV0hxxRRXSnHlFFdJcdUUV0tx9RTXSHHNFNdKce0U10lx3RTXS3H9FDdIccMUN0px4xQ3SXHTFDdLcfMUt0hxyxS3SnHrFLdJcdsUt0tx+xR3SHHHFHdKcecUd0lx1xR3S3H3FPdIcc8U90px7xT3SXHfFPdLcf8UD0jxwBQPSvHgFA9J8dAUD0vx8BSPSPHIFI9K8egUj0nx2BSPS/H4FE9I8cQUT0rx5BRPSdEUT03xtBRPT/GMFM9M8awUz07xnBTPTfG8FIemeH6KF6R4YYoXpXhxipekeGmKl6V4eYpXpHhlileleHWKgxSDFMMUoxTjFJMU0xSzFPMUixTLFKsU6xSbFNsUuxT7FK9J8doUr0vx+hRvSPHGFG9K8eYUb0nx1hRvS/H2FO9I8c4U70rx7hTvSfHeFO9L8f4UH0jxwRQfSvHhFB9J8dEUH0txWIrDUxyR4sgUR6U4OsXHU3wixSdTfCrFp1N8JsVnU3wuxedTfCHFF1N8KcWXU3wlxVdTfC3F11N8I8U3U3wrxbdTfCfFd1N8L8X3U/wgxQ9T/CjFj1P8JMVPU/wsxc9T/CLFL1P8KsWvU/wmxW9T/C7F71P8IcUfU/wpxZ9T/CXFX1P8LcXfU/wjxT9T/CvFv1P8J8V/U/wvxTEpjk1xSIbjZDhuhuNlOH6GE2Q4YYYTZThxhpNkOGmGk2U4eYZTZDhlhlNlOHWG02Q4bYbTZTh9hjNkOGOGM2U4c4azZDhrhrNlOHuGc2Q4Z4ZzZTh3hvNkOG+G82U4f4YLZLhghgtluHCGi2T4ToaLZbh4hktkuGSGS2W4dIZkuEyGy2a4XIbLZ7hChitmuFKGK2e4SoarZrhahqtnuEaGa2a4VoZrZ7hOhutmuF6G62e4QYYbZrhRhhtnuEmGm2a4WYabZ7hFhltmuFWGW2e4TYbbZrhdhttnuEOGO2a4U4Y7Z7hLhrtmuFuGu2e4R4Z7ZrhXhntnuE+G+2a4X4b7Z3hAhgdmeFCGB2d4SIaHZnhYhodneESGR2Z4VIZHZ3hMhsdmeFyGx2d4QoYnZnhShidneEqGZnhqhqdleHqGZ2R4ZoZnZXh2hudkeG6G52U4NMPzM7wgwwszvCjDizO8JMNLM7wsw8szvCLDKzO8KsOrMxxkGGQYZhhlGGeYZJhmmGWYZ1hkWGZYZVhn2GTYZthl2Gd4TYbXZnhdhtdneEOGN2Z4U4Y3Z3hLhrdmeFuGt2d4R4Z3ZnhXhndneE+G92Z4X4b3Z/hAhg9m+FCGD2f4SIaPZvhYhsMyHJ7hiAxHZjgqw9EZPp7hExk+meFTGT6d4TMZPpvhcxk+n+ELGb6Y4UsZvpzhKxm+muFrGb6e4RsZvpnhWxm+/b+G383wvQzfz/CDDD/M8KMMP87wkww/zfCzDD/P8IsMv8zwqwy/zvCbDL/N8LsMv8/whwx/zPCnDH/O8JcMf83wtwx/z/CPDP/M8K8M/87wnwz/zfC/DMdkODbDITmOk+O4OY6X4/g5TpDjhDlOlOPEOU6S46Q5Tpbj5DlOkeOUOU6V49Q5TpPjtDlOl+P0Oc6Q44w5zpTjzDnOkuOsOc6W4+w5zpHjnDnOlePcOc6T47w5zpfj/DkukOOCOS6U48I5LpLjojkuluPiOS6R45I5LpXj0jmS4zI5Lpvjcjkun+MKOa6Y40o5rpzjKjmumuNqOa6e4xo5rpnjWjmuneM6Oa6b43o5rp/jBjlumONGOW6c4yY5bprjZjlunuMWOW6Z41Y5bp3jNjlum+N2OW6f4w457pjjTjnunOMuOe6a42457p7jHjnumeNeOe6d4z457pvjfjnun+MBOR6Y40E5HpzjITkemuNhOR6e/+//zfGoHI/O8Zgcj83xuByPz/GEHE/M8aQcT87xlBzN8dQcT8vx9BzPyPHMHM/K8ewcz8nx3BzPy3FojufneEGOF+Z4UY4X53hJjpfmeFmOl+d4RY5X5nhVjlfnOMgxyDHMMcoxHjPWJMc0xyzHPMcixzLHKsc6xybHNscuxz7Ha3K8Nsfrcrw+xxtyvDHHm3K8Ocdbcrw1x9tyvD3HO3K8M8e7crw7x3tyvDfH+3K8P8cHcnwwx4dyfDjHR3J8NMfHchyW4/AcR+Q4MsdROY7O8fEcn8jxyRyfyvHpHJ/J8dkcn8vx+RxfyPHFHF/K8eUcX8nx1Rxfy/H1HN/I8c0c38rx7RzfyfHdHN/L8f0cP8jxwxw/yvHjHD/J8dMcP8vx8xy/yPHLHL/K8escv8nx2xy/y/H7HH/I8cccf8rx5xx/yfHXHH/L8fcc/8jxzxz/yvHvHP/J8d8c/8txTI5jcxxS4DgFjlvgeAWOX+AEBU5Y4EQFTlzgJAVOWuBkBU5e4BQFTlngVAVOXeA0BU5b4HQFTl/gDAXOWOBMBc5c4CwFzlrgbAXOXuAcBc5Z4FwFzl3gPAXOW+B8Bc5f4AIFLljgQgUuXOAiBS5a4GIFLl7gEgUuWeBSBS5dIAUuU+CyBS5X4PIFrlDgigWuVODKBa5S4KoFrlbg6gWuUeCaBa5V4NoFrlPgugWuV+D6BW5Q4IYFblTgxgVuUuCmBW5W4OYFblHglgVuVeDWBW5T4LYFblfg9gXuUOCOBe5U4M4F7lLgrgXuVuDuBe5R4J4F7lXg3gXuU+C+Be5X4P4FHlDggQUeVODBBR5S4KEFHlbg4QUeUeCRBR5V4NEFHlPgsQUeV+DxBZ5Q4IkFnlTgyQWeUqAFnlrgaQWeXuAZBZ5Z4FkFnl3gOQWeW+B5BQ4t8PwCLyjwwgIvKvDiAi8p8NICLyvw8gKvKPDKAq8q8OoCBwUGBYYFRgXGBSYFpgVmBeYFFgWWBVYF1gU2BbYFdgX2BV5T4LUFXlfg9QXeUOCNBd5U4M0F3lLgrQXeVuDtBd5R4J0F3lXg3QXeU+C9Bd5X4P0FPlDggwU+VODDBT5S4KMFPlbgsAKHFziiwJEFjipwdIGPF/hEgU8W+FSBTxf4TIHPFvhcgc8X+EKBLxb4UoEvF/hKga8W+FqBrxf4RoFvFvhWgW8X+E6B7xb4XoHvF/hBgR8W+FGBHxf4SYGfFvhZgZ8X+EWBXxb4VYFfF/hNgd8W+F2B3xf4Q4E/FvhTgT8X+EuBv/6/z6T4e4F/FPhngX8V+HeB/xT4b4H/FTimwLEFDilxnBLHLXG8EscvcYISJyxxohInLnGSEictcbISJy9xihKnLHGqEqcucZoSpy1xuhKnL3GGEmcscaYSZy5xlhJnLXG2EmcvcY4S5yxxrhLnLnGeEuctcb4S5y9xgRIXLHGhEhcucZESFy1xsRIXL3GJEpcscakSly6REpcpcdkSlytx+RJXKHHFElcqceUSVylx1RJXK3H1Etcocc0S1ypx7RLXKXHdEtcrcf0SNyhxwxI3KnHjEjcpcdMSNytx8xK3KHHLErcqcesStylx2xK3K3H7EncocccSdypx5xJ3KXHXEncrcfcS9yhxzxL3KnHvEvcpcd8S9ytx/xIPKPHAEg8q8eASDynx0BIPK/HwEo8o8cgSjyrx6BKPKfHYEo8r8fgSTyjxxBJPKvHkEk8p0RJPLfG0Ek8v8YwSzyzxrBLPLvGcEs8t8bwSh5Z4fokXlHhhiReVeHGJl5R4aYmXlXh5iVeUeGWJV5V4dYmDEoMSwxKjEuMSkxLTErMS8xKLEssSqxLrEpsS2xK7EvsSrynx2hKvK/H6Em8o8cYSbyrx5hJvKfHWEm8r8fYS7yjxzhLvKvHuEu8p8d4S7yvx/hIfKPHBEh8q8eESHynx0RIfK3FYicNLHFHiyBJHlTi6xMdLfKLEJ0t8qsSnS3ymxGdLfK7E50t8ocQXS3ypxJdLfKXEV0t8rcTXS3yjxDdLfKvEt0t8p8R3S3yvxPdL/KDED0v8qMSPS/ykxE9L/KzEz0v8osQvS/yqxK9L/KbEb0v8rsTvS/yhxB9L/KnEn0v8pcRfS/ytxN9L/KPEP0v8q8S/S/ynxH9L/K/EMSWOLXFIheNUOG6F41U4foUTVDhhhRNVOHGFk1Q4aYWTVTh5hVNUOGWFU1U4dYXTVDhthdNVOH2FM1Q4Y4UzVThzhbNUOGuFs1U4e4VzVDhnhXNVOHeF81Q4b4XzVTh/hQtUuGCFC1W4cIWLVLhohYtVuHiFS1S4ZIVLVbh0hVS4TIXLVrhchctXuEKFK1a4UoUrV7hKhatWuFqFq1e4RoVrVrhWhWtXuE6F61a4XoXrV7hBhRtWuFGFG1e4SYWbVrhZhZtXuEWFW1a4VYVbV7hNhdtWuF2F21e4Q4U7VrhThTtXuEuFu1a4W4W7V7hHhXtWuFeFe1e4T4X7VrhfhftXeECFB1Z4UIUHV3hIhYdWeFiFh1d4RIVHVnhUhUdXeEyFx1Z4XIXHV3hChSdWeFKFJ1d4SoVWeGqFp1V4eoVnVHhmhWdVeHaF51R4boXnVTi0wvMrvKDCCyu8qMKLK7ykwksrvKzCyyu8osIrK7yqwqsrHFQYVBhWGFUYV5hUmFaYVZhXWFRYVlhVWFfYVNhW2FXYV3hNhddWeF2F11d4Q4U3VnhThTdXeEuFt1Z4W4W3V3hHhXdWeFeFd1d4T4X3VnhfhfdX+ECFD1b4UIUPV/hIhY9W+FiFwyocXuGICkdWOKrC0RU+XuETFT5Z4VMVPl3hMxU+W+FzFT5f4QsVvljhSxW+XOErFb5a4WsVvl7hGxW+WeFbFb5d4TsVvlvhexW+X+EHFX5Y4UcVflzhJxV+WuFnFX5e4RcVflnhVxV+XeE3FX5b4XcVfl/hDxX+WOFPFf5c4S8V/lrhbxX+XuEfFf5Z4V8V/l3hPxX+W+F/FY6pcGyFQ2ocp8ZxaxyvxvFrnKDGCWucqMaJa5ykxklrnKzGyWucosYpa5yqxqlrnKbGaWucrsbpa5yhxhlrnKnGmWucpcZZa5ytxtlrnKPGOWucq8a5a5ynxnlrnK/G+WtcoMYFa1yoxoVrXKTGRWtcrMbFa1yixiVrXKrGpWukxmVqXLbG5WpcvsYValyxxpVqXLnGVWpctcbValy9xjVqXLPGtWpcu8Z1aly3xvVqXL/GDWrcsMaNaty4xk1q3PR/JpvXuEWNW9a4VY1b17hNjdvWuF2N29e4Q4071rhTjTvXuEuNu9a4W42717hHjXvWuFeNe9e4T4371rhfjfvXeECNB9Z4UI0H13hIjYfWeFiNh9d4RI1H1nhUjUfXeEyNx9Z4XI3H13hCjSfWeFKNJ9d4So3WeGqNp9V4eo1n1HhmjWfVeHaN59R4bo3n1Ti0xvNrvKDGC2u8qMaLa7ykxktrvKzGy2u8osYra7yqxqtrHNQY1BjWGNUY15jUmNaY1ZjXWNRY1ljVWNfY1NjW2NXY13hNjdfWeF2N19d4Q4031nhTjTfXeEuNt9Z4W42313hHjXfWeFeNd9d4T4331nhfjffX+ECND9b4UI0P1/hIjY/W+FiNw2ocXuOIGkfWOKrG0TU+XuMTNT5Z41M1Pl3jMzU+W+NzNT5f4ws1vljjSzW+XOMrNb5a42s1vl7jGzW+WeNbNb5d4zs1vlvjezW+X+MHNX5Y40c1flzjJzV+WuNnNX5e4xc1flnjVzV+XeM3NX5b43c1fl/jDzX+WONPNf5c4y81/lrjbzX+XuMfNf5Z4181/l3jPzX+W+N/NY6pcWyNQxocp8FxGxyvwfEbnKDBCRucqMGJG5ykwUkbnKzByRucosEpG5yqwakbnKbBaRucrsHpG5yhwRkbnKnBmRucpcFZG5ytwdkbnKPBORucq8G5G5ynwXkbnK/B+RtcoMEFG1yowYUbXKTBRRtcrMHFG1yiwSUbXKrBpRukwWUaXLbB5RpcfsIhrtDgig2u1ODKDa7S4KoNrtbg6g2u0eCaDa7V4NoNrtPgug2u1+D6DW7Q4IYNbtTgxg1u0uCmDW7W4OYNbtHglg1u1eDWDW7T4LYNbtfg9g3u0OCODe7U4M4N7tLgrg3u1uDuDe7R4J4N7tXg3g3u0+C+De7X4P4NHtDggQ0e1ODBDR7S4KENHtbg4Q0e0eCRDR7V4NENHtPgsQ0e1+DxDZ7Q4IkNntTgyQ2e0qANntrgaQ2e3uAZDZ7Z4FkNnt3gOQ2e2+B5DQ5t8PwGL2jwwgYvavDiBi9p8NIGL2vw8gavaPDKBq9q8OoGBw0GDYYNRg3GDSYNpg1mDeYNFg2WDVYN1g02DbYNdg32DV7T4LUNXtfg9Q3e0OCNDd7U4M0N3tLgrQ3e1uDtDd7R4J0N3tXg3Q3e0+C9Dd7X4P0NPtDggw0+1ODDDT7S4KMNPtbgsAaHNziiwZENjmpwdIOPN/hEg082+FSDTzf4TIPPNvhcg883+EKDLzb4UoMvN/hKg682+FqDrzf4RoNvNvhWg283+E6D7zb4XoPvN/hBgx82+FGDHzf4SYOfNvhZg583+EWDXzb4VYNfN/hNg982+F2D3zf4Q4M/NvhTgz83+EuDvzb4W4O/N/hHg382+FeDfzf4T4P/Nvhfg2MaHNvgkBbHaXHcFsdrcfwWJ2hxwhYnanHiFidpcdIWJ2tx8hanaHHKFqdqceoWp2lx2hana3H6FmdoccYWZ2px5hZnaXHWFmdrcfYW52hxzhbnanHuFudpcd4W52tx/hYXaHHBFhdqceEWF2lx0RYXa3HxFpdocckWl2px6RZpcZkWl21xuRaXb3GFFldscaUWV25xlRZXbXG1FldvcY0W12xxrRbXbnGdFtdtcb0W129xgxY3bHGjFjducZMWN21xsxY3b3GLFrdscasWt25xmxa3bXG7FrdvcYcWd2xxpxZ3bnGXFndtcbcWd29xjxb3bHGvFvducZ8W921xvxb3b/GAFg9s8aAWD27xkBYPbfGwFg9v8YgWj2zxqBaPbvGYFo9t8bgWj2/xhBZPbPGkFk9u8ZQWbfHUFk9r8fQWz2jxzBbPavHsFs9p8dwWz2txaIvnt3hBixe2eFGLF7d4SYuXtnhZi5e3eEWLV7Z4VYtXtzhoMWgxbDFqMW4xaTFtMWsxb7FosWyxarFusWmxbbFrsW/xmhavbfG6Fq9v8YYWb2zxphZvbvGWFm9t8bYWb2/xjhbvbPGuFu9u8Z4W723xvhbvb/GBFh9s8aEWH27xkRYfbfGxFoe1OLzFES2ObHFUi6NbfLzFJ1p8ssWnWny6xWdafLbF51p8vsUXWnyxxZdafLnFV1p8tcXXWny9xTdafLPFt1p8u8V3Wny3xfdafL/FD1r8sMWPWvy4xU9a/LTFz1r8vMUvWvyyxa9a/LrFb1r8tsXvWvy+xR9a/LHFn1r8ucVfWvy1xd9a/L3FP1r8s8W/Wvy7xX9a/LfF/1oc0+LYFod0OE6H43Y4XofjdzhBhxN2OFGHE3c4SYeTdjhZh5N3OEWHU3Y4VYdTdzhNh9N2OF2H03c4Q4czdjhThzN3OEuHs3Y4W4ezdzhHh3N2OFeHc3c4T4fzdjhfh/N3uECHC3a4UIcLd7hIh4t2uFiHi3e4RIdLdrhUh0t3SIfLdLhsh8t1uHyHK3S4Yocrdbhyh6t0uGqHq3W4eodrdLhmh2t1uHaH63S4bofrdbh+hxt0uGGHG3W4cYebdLhph5t1uHmHW3S4ZYdbdbh1h9t0uG2H23W4fYc7dLhjhzt1uHOHu3S4a4e7dbh7h3t0uGeHe3W4d4f7dLhvh/t1uH+HB3R4YIcHdXhwh4d0eGiHh3V4eIdHdHhkh0d1eHSHx3R4bIfHdXh8hyd0eGKHJ3V4coendGiHp3Z4Woend3hGh2d2eFaHZ3d4Tofndnheh0M7PL/DCzq8sMOLOry4w0s6vLTDyzq8vMMrOryyw6s6vLrDQYdBh2GHUYdxh0mHaYdZh3mHRYdlh1WHdYdNh22HXYd9h9d0eG2H13V4fYc3dHhjhzd1eHOHt3R4a4e3dXh7h3d0eGeHd3V4d4f3dHhvh/d1eH+HD3T4YIcPdfhwh490+GiHj3U4rMPhHY7ocGSHozoc3eHjHT7R4ZMdPtXh0x0+0+GzHT7X4fMdvtDhix2+1OHLHb7S4asdvtbh6x2+0eGbHb7V4dsdvtPhux2+1+H7HX7Q4YcdftThxx1+0uGnHX7W4ecdftHhlx1+1eHXHX7T4bcdftfh9x3+0OGPHf7U4c8d/tLhrx3+1uHvQ4f4R4d/dvhXh393+E+H/3b4X4djOhzb4ZAex+lx3B7H63H8HifoccIeJ+px4h4n6XHSHifrcfIep+hxyh6n6nHqHqfpcdoep+tx+h5n6HHGHmfqceYeZ+lx1h5n63H2Hufocc4e5+px7h7n6XHeHufrcf4eF+hxwR4X6nHhHhfpcdEeF+tx8R6X6HHJHpfqceke6XGZHpftcbkel+9xhR5X7HGlHlfucZUeV+1xtR5X73GNHtfsca0e1+5xnR7X7XG9HtfvcYMeN+xxox437nGTHjftcbMeN+9xix637HGrHrfucZset+1xux6373GHHnfscaced+5xlx537XG3HnfvcY8e9+xxrx737nGfHvftcb8e9+/xgB4P7PGgHg/u8ZAeD+3xsB4P7/GIHo/s8agej+7xmB6P7fG4Ho/v8YQeT+zxpB5P7vGUHu3x1B5P6/H0Hs/o8cwez+rx7B7P6fHcHs/rcWiP5/d4QY8X9nhRjxf3eEmPl/Z4WY+X93hFj1f2eFWPV/c46DHoMewx6jHuMekx7THrMe+x6LHsseqx7rHpse2x67Hv8Zoer+3xuh6v7/GGHm/s8aYeb+7xlh5v7fG2Hm/v8Y4e7+zxrh7v7vGeHu/t8b4e7+/xgR4f7PGhHh/u8ZEeH+3xsR6H9Ti8xxE9juxxVI+je/6Ppnfu4fxwnG+3W2xt29apbdu2bZ/ato33y0ZtL7q7tW3bvPnmfn4PYU4yf0wyyfGZAT47wOEDHDHAkQMcNcDnBjh6gGMGOHaAzw/whQG+OMCXBvjyAF8Z4KsDfG2Arw/wjQG+OcC3Bvj2AN8Z4LsDfG+A7w/wgwF+OMCPBvjxAD8Z4KcD/GyAnw/wiwF+OcCvBvj1AL8Z4LcD/G6A3w/whwH+OMCfBvjzAH8Z4K8D/G2Avw/wjwH+OcC/Bvj3AP8Z4L8D/G+AQwIcJ8ChAY4b4HgBjh/gBAEOC3DCACcKcOIAJwlw0gAnC3DyAKcIcMoApwpw6gCnCXDaAKcLcPoAZwhwxgBnCnDmAGcJcNYAZwtw9gDnCHDOAOcKcO4A5wlw3gDnC3D+ABcIcMEAFwpw4QAXCXDRABcLcPEAlwhwyQAJcKkAlw5wmQCXDXC5AJcPcIUAVwxwpQBXDnCVAFcNcLUAVw9wjQDXDHCtANcOcJ0A1w1wvQDXD3CDADcMcKMANw5wkwA3DXCzADcPcIsAtwxwqwC3DnCbALcNcLsAtw9whwB3DHCnAHcOcJcAdw1wtwB3D3CPAPcMcK8A9w5wnwD3DXC/APcP8IBh/xNXBHhwgIcEeGiAhwV4eIBHBHhkgEcFeHSAxwR4bIDHBXh8gCcEeGKAJwVogCcHeEqApwZ4WoCnB3hGgGcGeFaAZwd4ToDnBnhegOcHeEGAFwZ4UYAXB3hJgJcGeFmAlwd4RYBXBnhVgFcHeE2A1wZ4XYDXB3hDgDcGeFOANwd4S4C3BnhbgLcHeEeAdwZ4V4CDAIMAwwCjAOMAkwDTALMA8wCLAMsAqwDrAJsA2wC7APsA7w7wngDvDfC+AO8P8IEAHwzwoQAfDvCRAB8N8LEAHw/wiQCfDPCpAJ8O8JkAnw1weIAjAhwZ4KgAnwtwdIBjAhwb4PMBvhDgiwG+FODLAb4S4KsBvhbg6wG+EeCbAb4V4NsBvhPguwG+F+D7AX4Q4IcBfhTgxwF+EuCnAX4W4OcBfhHglwF+FeDXAX4T4LcBfhfg9wH+EOCPAf4U4M8B/hLgrwH+FuDvAf4R4J8B/hXg3wH+E+C/Af4XjOuQEMcJcWiI44Y4XojjhzhBiMNCnDDEiUKcOMRJQpw0xMlCnDzEKUKcMsSpQpw6xGlCnDbE6UKcPsQZQpwxxJlCnDnEWUKcNcTZQpw9xDlCnDPEuUKcO8R5Qpw3xPlCnD/EBUJcMMSFQlw4xEVCXDTExUJcPMQlQlwyREJcKsSlQ1wmxGVDXC7E5UNcIcQVQ1wpxJVDXCXEVUNcLcTVQ1wjxDVDXCvEtUNcJ8R1Q1wvxPVD3CDEDUPcKMSNQ9wkxE1D3CzEzUPcIsQtQ9wqxK1D3CbEbUPcLsTtQ9whxB1D3CnEnUPcJcRdQ9wtxN1D3CPEPUPcK8S9Q9wnxH1D3C/E/UM8IMQDQzwoxINDPCTEQ0M8LMTDQzwixCNDPCrEo0M8JsRjQzwuxONDPCHEE0M8KURDPDnEU0I8NcTTQjw9xDNCPDPEs0I8O8RzQjw3xPNCPD/EC0K8MMSLQrw4xEtCvDTEy0K8PMQrQrwyxKtCvDrEa0K8NsTrQrw+xBtCvDHEm0K8OcRbQrw1xNtCvD3EO0K8M8S7QhyEGIQYhhiFGIeYhJiGmIWYh1iEWIZYhViH2ITYhtiF2Id4d4j3hHhviPeFeH+ID4T4YIgPhfhwiI+E+GiIj4X4eIhPhPhkiE+F+HSIz4T4bIjDQxwR4sgQR4X4XIijQxwT4tgQnw/xhRBf/H+ioRBfCfHVEF8L8fUQ3wjxzRDfCvHtEN8J8d0Q3wvx/RA/CPHDED8K8eMQPwnx0xA/C/HzEL8I8csQvwrx6xC/CfHbEL8L8fsQfwjxxxB/CvHnEH8J8dcQfwvx9xD/CPHPEP8K8e8Q/wnx3xD/C3FIhONEODTCcSMcL8LxI5wgwmERThjhRBFOHOEkEU4a4WQRTh7hFBFOGeFUEU4d4TQRThvhdBFOH+EMEc4Y4UwRzhzhLBHOGuFsEc4e4RwRzhnhXBHOHeE8Ec4b4XwRzh/hAhEuGOFCES4c4SIRLhrhYhEuHuESES4ZIREuFeHSES4T4bIRLhfh8hGuEOGKEa4U4coRrhLhqhGuFuHqEa4R4ZoRrhXh2hGuE+G6Ea4X4foRbhDhhhFuFOHGEW4S4aYRbhbh5hFuEeGWEW4V4dYRbhPhthFuF+H2Ee4Q4Y4R7hThzhHuEuGuEe4W4e4R7hHhnhHuFeHeEe4T4b4R7hfh/hEeEOGBER4U4cERHhLhoREeFuHhER4R4ZERHhXh0REeE+GxER4X4fERnhDhiRGeFKERnhzhKRGeGuFpEZ4e4RkRnhnhWRGeHeE5EZ4b4XkRnh/hBRFeGOFFEV4c4SURXhrhZRFeHuEVEV4Z4VURXh3hNRFeG+F1EV4f4Q0R3hjhTRHeHOEtEd4a4W0R3h7hHRHeGeFdEQ4iDCIMI4wijCNMIkwjzCLMIywiLCOsIqwjbCJsI+wi7CO8O8J7Irw3wvsivD/CByJ8MMKHInw4wkcifDTCxyJ8PMInInwywqcifDrCZyJ8NsLhEY6IcGSEoyJ8LsLREY6JcGyEz0f4QoQvRvhShC9H+EqEr0b4WoSvR/hGhG9G+FaEb0f4ToTvRvhehO9H+EGEH0b4UYQfR/hJhJ9G+FmEn0f4RYRfRvhVhF9H+E2E30b4XYTfR/hDhD9G+FOEP0f4S4S/RvhbhL9H+EeEf0b4V4R/R/hPhP9G+F+EQ2IcJ8ahMY4b43gxjh/jBDEOi3HCGCeKceIYJ4lx0hgni3HyGKeIccoYp4px6hiniXHaGKeLcfoYZ4hxxhhninHmGGeJcdYYZ4tx9hjniHHOGOeKce4Y54lx3hjni3H+GBeIccEYF4px4RgXiXHRGBeLcfEYl4hxyRiJcakYl45xmRiXjXG5GJePcYUYV4xxpRhXjnGVGFeNcbUYV49xjRjXjHGtGNeOcZ0Y141xvRjXj3GDGDeMcaMYN45xkxg3HTpkyP9x2zzGLWLcMsatYtw6xm1i3DbG7WLcPsYdYtwxxp1i3DnGXWLcNcbdYtw9xj1i3DPGvWLcO8Z9Ytw3xv1i3D/GA2I8MMaDYjw4xkNiPDTGw2I8PMYjYjwyxqNiPDrGY2I8NsbjYjw+xhNiPDHGk2I0xpNjPCXGU2M8LcbTYzwjxjNjPCvGs2M8J8ZzYzwvxvNjvCDGC2O8KMaLY7wkxktjvCzGy2O8IsYrY7wqxqtjvCbGa2O8LsbrY7whxhtjvCnGm2O8JcZbY7wtxttjvCPGO2O8K8ZBjEGMYYxRjHGMSYxpjFmMeYxFjGWMVYx1jE2MbYxdjH2Md8d4T4z3xnhfjPfH+ECMD8b4UIwPx/hIjI/G+FiMj8f4RIxPxvhUjE/H+EyMz8Y4PMYRMY6McVSMz8U4OsYxMY6N8fkYX4jxxRhfivHlGF+J8dUYX4vx9RjfiPHNGN+K8e0Y34nx3Rjfi/H9GD+I8cMYP4rx4xg/ifHTGD+L8fMYv4jxyxi/ivHrGL+J8dsYv4vx+xh/iPHHGH+K8ecYf4nx1xh/i/H3GP+I8c8Y/4rx7xj/ifHfGP+LcUiC4yQ4NMFxExwvwfETnCDBYQlOmOBECU6c4CQJTprgZAlOnuAUCU6Z4FQJTp3gNAlOm+B0CU6f4AwJzpjgTAnOnOAsCc6a4GwJzp7gHAnOmeBcCc6d4DwJzpvgfAnOn+ACCS6Y4EIJLpzgIgkumuBiCS6e4BIJLpkgCS6V4NIJLpPgsgkul+DyCa6Q4IoJrpTgygmukuCqCa6W4OoJrpHgmgmuleDaCa6T4LoJrpfg+glukOCGCW6U4MYJbpLgpgluluDmCW6R4JYJbpXg1gluk+C2CW6X4PYJ7pDgjgnulODOCe6S4K4J7pbg7gnukeCeCe6V4N4J7pPgvgnul+D+CR6Q4IEJHpTgwQkekuChCR6W4OEJHpHgkQkeleDRCR6T4LEJHpfg8QmekOCJCZ6UoAmenOAp503sqQmeluDpCZ6R4JkJnpXg2Qmek+C5CZ6X4PkJXpDghQlelODFCV6S4KUJXpbg5QlekeCVCV6V4NUJXpPgtQlel+D1Cd6Q4I0J3pTgzQnekuCtCd6W4O0J3pHgnQneleAgwSDBMMEowTjBJME0wSzBPMEiwTLBKsE6wSbBNsEuwT7BuxO8J8F7E7wvwfsTfCDBBxN8KMGHE3wkwUcTfCzBxxN8IsEnE3wqwacTfCbBZxMcnuCIBEcmOCrB5xIcneCYBMcm+HyCLyT4YoIvJfhygq8k+GqCryX4eoJvJPhmgm8l+HaC7yT4boLvJfh+gh8k+GGCHyX4cYKfJPhpgp8l+HmCXyT4ZYJfJfh1gt8k+G2C3yX4fYI/JPhjgj8l+HOCvyT4a4K/Jfh7gn8k+GeCfyX4d4L/JPhvgv8lOCTFcVIcmuK4KY6X4vgpTpDisBQnTHGiFCdOcZIUJ01xshQnT3GKFKdMcaoUp05xmhSnTXG6FKdPcYYUZ0xxphRnTnGWFGdNcbYUZ09xjhTnTHGuFOdOcZ4U501xvhTnT3GBFBdMcaEUF05xkRQXTXGxFBdPcYkUl0yRFJdKcekUl0lx2RSXS3H5FFdIccUUV0px5RRXSXHVFFdLcfUU10hxzRTXSnHtFNdJcd0U10tx/RQ3SHHDFDdKceMUN0lx0xQ3S3HzFLdIccsUt0px6xS3SXHbFLdLcfsUd0hxxxR3SnHnFHdJcdcUd0tx9xT3SHHPFPdKce8U9/kf7/1S3D/FA1I8MMWDUjw4xUNSPDTFw1I8PMUjUjwyxaNSPDrFY1I8NsXjUjw+xRNSPDHFk1I0xZNTPCXFU1M8LcXTUzwjxTNTPCvFs1M8J8VzUzwvxfNTvCDFC1O8KMWLU7wkxUtTvCzFy1O8IsUrU7wqxatTvCbFa1O8LsXrU7whxRtTvCnFm1O8JcVbU7wtxdtTvCPFO1O8K8VBikGKYYpRinGKSYppilmKeYpFimWKVYp1ik2KbYpdin2Kd6d4T4r3pnhfiven+ECKD6b4UIoPp/hIio+m+FiKj6f4RIpPpvhUik+n+EyKz6Y4PMURKY5McVSKz6U4OsUxKY5N8fkUX0jxxRRfSvHlFF9J8dUUX0vx9RTfSPHNFN9K8e0U30nx3RTfS/H9FD9I8cMUP0rx4xQ/SfHTFD9L8fMUv0jxyxS/SvHrFL9J8dsUv0vx+xR/SPHHFH9K8ecUf0nx1xR/S/H3FP9I8c8U/0rx7xT/SfHfFP9LcUiG42Q4NMNxMxwvw/EznCDDYRlOmOFEGU6c4SQZTprhZBlOnuEUGU6Z4VQZTp3hNBlOm+F0GU6f4QwZzpjhTBnOnOEsGc6a4WwZzp7hHBnOmeFcGc6d4TwZzpvhfBnOn+ECGS6Y4UIZLpzhIhkumuFiGS6e4RIZLpkhGS6V4dIZLpPhshkul+HyGa6Q4YoZrpThyhmukuGqGa6W4eoZrpHhmhmuleHaGa6T4boZrpfh+hlukOGGGW6U4cYZbpLhphluluHmGW6R4ZYZbpXh1hluk+G2GW6X4fYZ7pDhjhnulOHOGe6S4a4Z7pbh7hnukeGeGe6V4d4Z7pPhvtn/DQzcP8MDMjwww4MyPDjDQzI8NMPDMjw8wyMyPDLDozI8OsNjMjw2w+MyPD7DEzI8McOTMjTDkzM8JcNTMzwtw9MzPCPDMzM8K8OzMzwnw3MzPC/D8zO8IMMLM7wow4szvCTDSzO8LMPLM7wiwyszvCrDqzO8JsNrM7wuw+szvCHDGzO8KcObM7wlw1szvC3D2zO8I8M7M7wrw0GGQYZhhlGGcYZJhmmGWYZ5hkWGZYZVhnWGTYZthl2GfYZ3Z3hPhvdmeF+G92f4QIYPZvhQhg9n+EiGj2b4WIaPZ/hEhk9m+FSGT2f4TIbPZjg8wxEZjsxwVIbPZTg6wzEZjs3w+QxfyPDFDF/K8OUMX8nw1Qxfy/D1DN/I8M0M38rw7QzfyfDdDN/L8P0MP8jwwww/yvDjDD/J8NMMP8vw8wy/yPDLDL/K8OsMv8nw2wy/y/D7DH/I8McMf8rw5wx/yfDXDH/L8PcM/8jwzwz/yvDvDP/J8N8M/8twSI7j5Dg0x3FzHC/H8XOcIMdhOU6Y40Q5TpzjJDlOmuNkOU6e4xQ5TpnjVDlOneM0OU6b43Q5Tp/jDDnOmONMOc6c4yw5zprjbDnOnuMcOc6Z41w5zp3jPDnOm+N8Oc6f4wI5LpjjQjkunOMiOS6a42I5Lp7jEjkumSM5LpXj0jkuk+OyOS6X4/I5rpDjijmulOPKOa6S46o5rpbj6jmukeOaOa6V49o5rpPjujmul+P6OW6Q44Y5bpTjxjlukuOmOW6W4+Y5bpHjljlulePWOW6T47Y5bpfj9jnukOOOOe6U48457pLjrjnuluPuOe6R45457pXj3jnuk+O+Oe6X4/45HpDjgTkelOPBOR6S46E5Hpbj4TkekeOROR6V49E5HpPjsTkel+PxOZ6Q44k5npSjOZ6c4yk5nprjaTmenuMZOZ6Z41k5np3jOTmem+N5OZ6f4wU5XpjjRTlenOMlOV6a42U5Xp7jFTlemeNVOV6d4zU5XpvjdTlen+MNOd6Y40053pzjLTnemuNtOd6e4x053pnjXTkOcgxyDHOMcoxzTHJMc8xyzHMscixzrHKsc2xybHPscuxzvDvHe3K8N8f7crw/xwdyfDDHh3J8OMdHcnw0x8dyfDzHJ3J8Msencnw6x2dyfDbH4TmOyHFkjqNyfC7H0TmOyXFsjs/n+EKOL+b4Uo4v5/hKjq/m+FqOr+f4Ro5v5vhWjm/n+E6O7+b4Xo7v5/hBjh/m+FGOH+f4SY6f5vhZjp/n+EWOX+b4VY5f5/hNjt/m+F2O3+f4Q44/5vhTjj/n+EuOv+b4W46/5/hHjn/m+FeOf+f4T47/5vhfjkMKHKfAoQWOW+B4BY5f4AQFDitwwgInKnDiAicpcNICJytw8gKnKHDKAqcqcOoCpylw2gKnK3D6AmcocMYCZypw5gJnKXDWAmcrcPYC5yhwzgLnKnDuAucpcN4C5ytw/gIXKHDBAhcqcOECFylw0QIXK3DxApcocMkCKXCpApcucJkCly1wuQKXL3CFAlcscKUCVy5wlQJXLXC1AlcvcI0C1yxwrQLXLnCdAtctcL0C1y9wgwI3LHCjAjcucJMCNy1wswI3L3CLArcscKsCty5wmwK3LXC7ArcvcIcCdyxwpwJ3LnCXAnctcLcCdy9wjwL3LHCvAvcucJ8C9y1wvwL3L/CAAg8s8KACDy7wkAIPLfCwAg8v8IgCjyzwqAKPLvCYAo8t8LgCjy/whAJPLPCkAi3w5AJPKfDUAk8r8PQCzyjwzALPKvDsAs8p8NwCzyvw/AIvKPDCAi8q8OICLynw0gIvK/DyAq8o8MoCryrw6gKvKfDaAq8r8PoCbyjwxgJvKvDmAm8p8NYCbyvw9gLvKPDOAu8qcFBgUGBYYFRgXGBSYFpgVmBeYFFgWTBsyJAh1gU2BbYFdgX2Bd5d4D0F3lvgfQXeX+ADBT5Y4EMFPlzgIwU+WuBjBT5e4BMFPlngUwU+XeAzBT5b4PACRxQ4ssBRBT5X4OgCxxQ4tsDnC3yhwBcLfKnAlwt8pcBXC3ytwNcLfKPANwt8q8C3C3ynwHcLfK/A9wv8oMAPC/yowI8L/KTATwv8rMDPC/yiwC8L/KrArwv8psBvC/yuwO8L/KHAHwv8qcCfC/ylwF8L/K3A3wv8o8A/C/yrwL8L/KfAfwv8r8AhJY5T4tASxy1xvBLHL3GCEoeVOGGJE5U4cYmTlDhpiZOVOHmJU5Q4ZYlTlTh1idOUOG2J05U4fYkzlDhjiTOVOHOJs5Q4a4mzlTh7iXOUOGeJc5U4d4nzlDhvifOVOH+JC5S4YIkLlbhwiYuUuGiJi5W4eIlLlLhkiZS4VIlLl7hMicuWuFyJy5e4QokrlrhSiSuXuEqJq5a4Womrl7hGiWuWuFaJa5e4TonrlrheieuXuEGJG5a4UYkbl7hJiZuWuFmJm5e4RYlblrhViVuXuE2J25a4XYnbl7hDiTuWuFOJO5e4S4m7lrhbibuXuEeJe5a4V4l7l7hPifuWuF+J+5d4QIkHlnhQiQeXeEiJh5Z4WImHl3hEiUeWeFSJR5d4TInHlnhciceXeEKJJ5Z4UomWeHKJp5R4aomnlXh6iWeUeGaJZ5V4donnlHhuieeVeH6JF5R4YYkXlXhxiZeUeGmJl5V4eYlXlHhliVeVeHWJ15R4bYnXlXh9iTeUeGOJN5V4c4m3lHhribeVeHuJd5R4Z4l3lTgoMSgxLDEqMS4xKTEtMSsxL7EosSyxKrEusSmxLbErsS/x7hLvKfHeEu8r8f4SHyjxwRIfKvHhEh8p8dESHyvx8RKfKPHJEp8q8ekSnynx2RKHlziixJEljirxuRJHlzimHOrYEp8v8YUSXyzxpRJfLvGVEl8t8bUSX5/of7+AEt8q8e0S3ynx3RLfK/H9Ej8o8cMSPyrx4xI/KfHTEj8r8fMSvyjxyxK/KvHrEr8p8dsSvyvx+xJ/KPHHEn8q8ecSfynx1xJ/K/H3Ev8o8c8S/yrx7xL/KfHfEv8rcUiF41Q4tMJxKxyvwvErnKDCYRVOWOFEFU5c4SQVTlrhZBVOXuEUFU5Z4VQVTl3hNBVOW+F0FU5f4QwVzljhTBXOXOEsFc5a4WwVzl7hHBXOWeFcFc5d4TwVzlvhfBXOX+ECFS5Y4UIVLlzhIhUuWuFiFS5e4RIVLlkhFS5V4dIVLlPhshUuV+HyFa5Q4YoVrlThyhWuUuGqFa5W4eoVrlHhmhWuVeHaFa5T4boVrlfh+hVuUOGGFW5U4cYVblLhphVuVuHmFW5R4ZYVblXh1hVuU+G2FW5X4fYV7lDhjhXuVOHOFe5S4a4V7lbh7hXuUeGeFe5V4d4V7lPhvhXuV+H+FR5Q4YEVHlThwRUeUuGhFR5W4eEVHlHhkRUeVeHRFR5T4bEVHlfh8RWeUOGJFZ5UoRWeXOEpFZ5a4WkVnl7hGRWeWeFZFZ5d4TkVnlvheRWeX+EFFV5Y4UUVXlzhJRVeWuFlFV5e4RUVXlnhVRVeXeE1FV5b4XUVXl/hDRXeWOFNFd5c4S0V3lrhbRXeXuEdFd5Z4V0VDioMKgwrjCqMK0wqTCvMKswrLCosK6wqrCtsKmwr7CrsK7y7wnsqvLfC+yq8v8IHKnywwocqfLjCRyp8tMLHKny8wicqfLLCpyp8usJnKny2wuEVjqhwZIWjKnyuwtEVjqlwbIXPV/hChS9W+FKFL1f4SoWvVvhaha9X+EaFb1b4VoVvV/hOhe9W+F6F71f4QYUfVvhRhR9X+EmFn1b4WYWfV/hFhV9W+FWFX1f4TYXfVvhdhd9X+EOFP1b4U4U/V/hLhb9W+FuFv1f4R4V/VvhXhX9X+E+F/1b4X4VDahynxqE1jlvjeDWOX+MENQ6rccIaJ6px4honqXHSGiercfIap6hxyhqnqnHqGqepcdoap6tx+hpnqHHGGmeqceYaZ6lx1hpnq3H2Gueocc4a56px7hrnqXHeGuercf4aF6hxwRoXqnHhGhepcdEaF6tx8RqXqHHJGqlxqRqXrnGZGpetcbkal69xhRpXrHGlGleucZUaV61xtRpXr3GNGtesca0a165xnRrXrXG9GtevcYMaN6xxoxo3rnGTGjetcbMaN69xixq3rHGrGreucZsat61xuxq3r3GHGnescacad65xlxp3rXG3GnevcY8a96xxrxr3rnGfGvetcb8a96/xgBoPrPGgGg+u8ZAaD63xsBoPr/GIGo+s8agaj67xmBqPrfG4Go+v8YQaT6zxpBqt8eQaT6nx1BpPq/H0Gs+o8cwaz6rx7BrPqfHcGs+r8fwaL6jxwhovqvHiGi+p8dIaL6vx8hqvqPHKGq+q8eoar6nx2hqvq/H6Gm+o8cYab6rx5hpvqfHWGm+r8fYa76jxzhrvqnFQY1BjWGNUY1xjUmNaY1ZjXmNRY1ljVWNdY1NjW2NXY1/j3TXeU+O9Nd5X4/01PlDjgzU+VOPDNT5S46M1Plbj4zU+UeOTNT5V49M1PlPjszUOr3FEjSNrHFXjczWOrnFMjWNrfL7GF2p8scaXany5xldqfLXG12p8vcY3anyzxrdqfLvGd2p8t8b3any/xg9q/LDGj2r8uMZPavy0xs9q/LzGL2r8ssavavy6xm9q/LbG72r8vsYfavyxxp9q/LnGX2r8tcbfavy9xj9q/LPGv2r8u8Z/avy3xv9qHNLgOA0ObXDcBsdrcPwGJ2hwWIMTNjhRgxM3OEmDkzY4WYOTNzhFg1M2OFWDUzc4TYPTNjhdg9M3OEODMzY4U4MzNzhLg7M2OFuDszc4R4NzNjhXg3M3OE+D8zY4X4PzN7hAgws2uFCDCze4SIOLNrhYg4s3uESDSzZIg0s1uHSDyzS4bIPLNbh8gys0uGKDKzW4coOrNLhqg6s1uHqDazS4ZoNrNbh2g+s0uG6D6zW4foMbNLhhgxs1uHGDmzS4aYObNbh5g1s0uGWDWzW4dYPbNLhtg9s1uH2DOzS4Y4M7Nbhzg7s0uGuDuzW4e4N7NLhng3s1uHeD+zS4b4P7Nbh/gwc0eGCDBzV4cIOHNHhog4c1eHiDRzR4ZINHNXh0g8c0eGyDxzV4fIMnNHhigyc1aIMnN3hKg6c2eFqDpzd4RoNnNnhWg2c3eE6D5zZ4XoPnN3hBgxc2eFGDFzd4SYOXNnhZg5c3eEWDVzZ4VYNXN3hNg9c2eF2D1zd4Q4M3NnhTgzc3eEuDtzZ4W4O3N3hHg3c2eFeDgwaDBsMGowbjBpMG0wazBvMGiwbLBqsG6wabBtsGuwb7Bu9u8J4G723wvgbvb/CBBh9s8KEGH27wkQYfbfCxBh9v8IkGn2zwqQafbvCZBp9tcHiDIxoc2eCoBp9rcHSDYxoc2+DzDb7Q4IsNvtTgyw2+0uCrDb7W4OsNvtHgmw2+1eDbDb7T4LsNvtfg+w1+0OCHDX7U4McNftLgpw1+1uDnDX7R4JcNftXg1w1+0+C3DX7X4PcN/tDgjw3+1ODPDf7S4K8N/tbg7w3+0eCfDf7V4N8N/tPgvw3+1+CQFsdpcWiL47Y4XovjtzhBi8NanLDFiVqcuMVJWpy0xclanLzFKVqcssWpWpy6xWlanLbF6VqcvsUZWpyxxZlanLnFWVqctcXZWpy9xTlanLPFuVqcu8V5Wpy3xflanL/FBVpcsMWFWly4xUVaXLTFxVpcvMUlWlyyRVpcqsWlW1ymxWVbXK7F5VtcocUVW1ypxZVbXKXFVVtcrcXVW1yjxTVbXKvFtVtcp8V1W1yvxfVb3KDFDVvcqMWNW9ykxU1b3KzFzVvcosUtW9yqxa1b3KbFbVvcrsXtW9yhxR1b3KnFnVvcpcVdW9ytxd1b3KPFPVvcq8W9W9ynxX1b3K/F/Vs8oMUDWzyoxYNbPKTFQ1s8rMXDWzyixSNbPKrFo1s8psVjWzyuxeNbPKHFE1s8qUVbPLnFU1o8tcXTWjy9xTNaPLPFs1o8u8VzWjy3xfNaPL/FC1q8sMWLWry4xUtavLTFy1q8vMUrWryyxatavLrFa1q8tsXrWry+xRtavLHFm1q8ucVbWry1xdtavL3FO1q8s8W7Why0GLQYthi1GLeYtJi2mLWYt1i0WLZYtVi32LTYtti12Ld4d4v3tHhvi/e1eH+LD7T4YIsPtfhwi4+0+GiLj7X4eItPtPhki0+1+HSLz7T4bIvDWxzR4sgWR7X/f19GtzimxbEtPt/iCy2+2OJLLb7c4istvtriay2+3uIbLb7Z4lstvt3iOy2+2+J7Lb7f4gctftjiRy1+3OInLX7a4mctft7iFy1+OSF+1eLXLX7T4rctftfi9y3+0OKPLf7U4s8t/tLiry3+1uLvLf7R4p8t/tXi3y3+0+K/Lf73f3k6HKfDoR2O2+F4HY7f4QQdDutwwg4n6nDiDifpcNIOJ+tw8g6n6HDKDqfqcOoOp+lw2g6n63D6DmfocMYOZ+pw5g5n6XDWDmfrcPYO5+hwzg7n6nDuDufpcN4O5+tw/g4X6HDBDhfqcOEOF+lw0Q4X63DxDpfocMkO6XCpDpfucJkOl+1wuQ6X73CFDlfscKUOV+5wlQ5X7XC1DlfvcI0O1+xwrQ7X7nCdDtftcL0O1+9wgw437HCjDjfucJMON+1wsw4373CLDrfscKsOt+5wmw637XC7DrfvcIcOd+xwpw537nCXDnftcLcOd+9wjw737HCvDvfucJ8O9+1wvw737/CADg/s8KAOD+7wkA4P7fCwDg/v8IgOj+zwqA6P7vCYDo/t8LgOj+/whA5P7PCkDu3w5A5P6fDUDk/r8PQOz+jwzA7P6vDsDs/p8NwOz+vw/A4v6PDCDi/q8OIOL+nw0g4v6/DyDq/o8MoOr+rw6g6v6fDaDq/r8PoOb+jwxg5v6vDmDm/p8NYOb+vw9g7v6PDODu/qcNBh0GHYYdRh3GHSYdph1mHeYdFh2WHVYd1h02HbYddh3+HdHd7T4b0d3tfh/R0+0OGDHT7U4cMdPtLhox0+1uHjHT7R4ZMdPtXh0x0+0+GzHQ7vcESHIzsc1eFzHY7ucEyHYzt8vsMXOnyxw5c6fLnDVzp8tcPXOny9wzc6fLPDtzp8u8N3Ony3w/c6fL/DDzr8sMOPOvy4w086/LTDzzr8vMMvOvyyw686/LrDbzr8tsPvOvy+wx86/LHDnzr8ucNfOvy1w986/L3DPzr8s8O/Ovy7w386/LfD/zoc0uM4PQ7tcdwex+tx/B4n6HFYjxP2OFGPE/c4SY+T9jhZj5P3OEWPU/Y4VY9T9zhNj9P2OF2P0/c4Q48z9jhTjzP3OEuPs/Y4W4+z9zhHj3P2OFePc/c4T4/z9jhfj/P3uECPC/a4UI8L97hIj4v2uFiPi/e4RI9L9kiPS/W4dI/L9Lhsj8v1uHyPK/S4Yo8r9bhyj6v0uGqPq/W4eo9r9Lhmj2v1uHaP6/S4bo/r9bh+jxv0uGGPG/W4cY+b9Lhpj5v1uHmPW/S4ZY9b9bh1j9v0uG2P2/W4fY879Lhjjzv1uHOPu/S4a4+79bh7j3v0uGePe/W4d4/79Lhvj/v1uH+PB/R4YI8H9Xhwj4f0eGiPh/V4eI9H9Hhkj0f1eHSPx/R4bI/H9Xh8jyf0eGKPJ/Vojyf3eEqPp/Z4Wo+n93hGj2f2eFaPZ/d4To/n9nhej+f3eEGPF/Z4UY8X93hJj5f2eFmPl/d4RY9X9nhVj1f3eE2P1/Z4XY/X93hDjzf2eFOPN/d4S4+39nhbj7f3eEePd/Z4V4+DHoMewx6jHuMekx7THrMe8x6LHsseqx7rHpse2x67Hvse7+7xnh7v7fG+Hu/v8YEeH+zxoR4f7vGRHh/t8bEeH+/xiR6f7PGpHp/u8Zken+1xeI8jehzZ46gen+txdI9jehzb/380nGPz2AcDZZM2RWrbdntq27Zt26dtatu23eb/s1HbRmobabjzzO7eb3Bn7n135uDrA/jGAL45gG8N4NsD+M4AvjuA7w3g+wP4wQB+OIAfDeDHA/jJAH46gJ8N4OcDOGIAvxjALwfwqwH8egC/GcBvB/C7Afx+AH8YwB8H8KcB/HkAfxnAXwfwtwH8fQD/GMA/B/CvAfx7AP8ZwH8HcOQA/jeAowZw9ACOGcCxAzhuAMcP4KAABwc4QYATBjgkwIkCnDjASQKcNMChAU4W4OQBThHglAFOFeDUAU4T4LQBThfg9AHOEOCMAc4U4MwBzhLgrAHOFuDsAc4R4JwBzhXg3AHOE+C8Ac4X4PwBLhDgggEuFODCAS4S4KIBLhbg4gEuEeCSAS4V4NIBLhMgAS4b4HIBLh/gCgGuGOBKAa4c4CoBrhrgagGuHuAaAa4Z4FoBrh3gOgGuG+B6Aa4f4AYBbhjgRgFuHOAmAW4a4GYBbh7gFgFuGeBWAW4d4DYBbhvgdgFuH+AOAe4Y4E4B7hzgLgHuGuBuAe4e4B4B7hngXgHuHeA+Ae4b4H4B7h/gAQEeGOBBAR4c4CEBHhrgYQEeHuARAR4Z4FEBHh3gMQEeG+BxAR4f4AkBnhjgSQGeHOApAZ4aoAGeFuDpAZ4R4LAAzwzwrADPDvCcAM8N8LwAzw/wggAvDPCiAC8O8JIALw3wsgAvD/CKAK8M8KoArw7wmgCvDfC6AK8P8IYAbwzwpgBvDvCWAG8N8LYAbw/wjgDvDPCuAO8O8J4A7w3wvgDvD/CBAB8M8KEAHw7wkQAfDfCxAB8P8IkAnwzwqQCfDnB4gAMBBgGGAUYBxgEmAaYBZgHmARYBlgFWAdYBNgG2AXYB9gE+E+CzAT4X4PMBvhDgiwG+FODLAb4S4KsBvhbg6wG+EeCbAb4V4NsBvhPguwG+F+D7AX4Q4IcBfhTgxwF+EuCnAX4W4OcBjgjwiwC/DPCrAL8O8JsAvw3wuwC/D/CHAH8M8KcAfw7wlwB/DfC3AH8P8I8A/wzwrwD/DvCfAP8NcGSA/wU4KsDRAY4JcGyA4wIcH+CgEAeHOEGIE4Y4JMSJQpw4xElCnDTEoSFOFuLkIU4R4pQhThXi1CFOE+K0IU4X4vQhzhDijCHOFOLMIc4S4qwhzhbi7CHOEeKcIc4V4twhzhPivCHOF+L8IS4Q4oIhLhTiwiEuEuKiIS4W4uIhLhHikiEuFeLSIS4TIiEuG+JyIS4f4gohrhjiSiGuHOIqIa4a4mohrh7iGiGuGeJaIa4d4johrhvieiGuH+IGIW4Y4kYhbhziJiFuGuJmIW4e4hYhbhniViFuHeI2IW4b4nYhbh/iDiHuGOJOIe4c4i4h7hribiHuHuIeIe4Z4l4h7h3iPiHuG+J+Ie4f4gEhHhjiQSEeHOIhIR4a4mEhHh7iESEeGeJRIR4d4jEhHhvicSEeH+IJIZ4Y4kkhnhziKSGeGqIhnhbi6SGeEeKwEM8M8awQzw7xnBDPDfG8EM8P8YIQLwzxohAvDvGSEC8N8bIQLw/xihCvDPGqEK8O8ZoQrw3xuhCvD/GGEG8M8aYQbw7xlhBvDfG2EG8P8Y4Q7wzxrhDvDvGeEO8N8b4Q7w/xgRAfDPGhEB8O8ZEQHw3xsRAfD/GJEJ8M8akQnw5xeIgDIQYhhiFGIcYhJiGmIWYh5iEWIZYhViHWITYhtiF2IfYhPhPisyE+F+LzIb4Q4oshvhTiyyG+EuKrIb4W4ushvhHimyG+FeLbIb4T4rshvhfi+yF+EOKHIX4U4schfhLipyF+FuLnIY4I8YsQvwzxqxC/DvGbEL8N8bsQvw/xhxB/DPGnEH8O8ZcQfw3xtxB/D/GPEP8M8a8Q/w7xnxD/DXFkiP+FOCrE0SGOCXFsiONCHB/ioAgHRzhBhBNGOCTCiSKcOMJJIpw0wqERThbh5BFOEeGUEU4V4dQRThPhtBFOF+H0Ec4Q4YwRzhThzBHOEuGsEc4W4ewRzhHhnBHOFeHcEc4T4bwRzhfh/BEuEOGCES4U4cIRLhLhohEuFuHiES4R4ZIRLhXh0hEuEyERLhvhchEuH+EKEa4Y4UoRrhzhKhGuGuFqEa4e4RoRrhnhWhGuHeE6Ea4b4XoRrh/hBv/f5RDhxhFuEuGmEW4W4eYRbhHhlhFuFeHWEW4T4bYRbhfh9hHuEOGOEe4U4c4R7hLhrhHuFuHuEe4R4Z4R7hXh3hHuE+G+Ee4X4f4RHhDhgREeFOHBER4S4aERHhbh4REeEeGRER4V4dERHhPhsREeF+HxEZ4Q4YkRnhThyRGeEuGpERrhaRGeHuEZEQ6L8MwIz4rw7AjPifDcCM+L8PwIL4jwwggvivDiCC+J8NIIL4vw8giviPDKCK+K8OoIr4nw2givi/D6CG+I8MYIb4rw5ghvifDWCG+L8PYI74jwzgjvivDuCO+J8N4I74vw/ggfiPDBCB+K8OEIH4nw0Qgfi/DxCJ+I8MkIn4rw6QiHRzgQYRBhGGEUYRxhEmEaYRZhHmERYRlhFWEdYRNhG2EXYR/hMxE+G+FzET4f4QsRvhjhSxG+HOErEb4a4WsRvh7hGxG+GeFbEb4d4TsRvhvhexG+H+EHEX4Y4UcRfhzhJxF+GuFnEX4e4YgIv4jwywi/ivDrCL+J8NsIv4vw+wh/iPDHCH+K8OcIf4nw1wh/i/D3CP+I8M8I/4rw7wj/ifDfCEdG+F+EoyIcHeGYCMdGOC7C8REOinFwjBPEOGGMQ2KcKMaJY0aO/79xaIyTxTh5jFPEOGWMU8U4dYzTxDhtjNPFOH2MM8Q4Y4wzxThzjLPEOGuMs8U4e4xzxDhnjHPFOHeM88Q4b4zzxTh/jAvEuGCMC8W4cIyLxLhojIvFuHiMS8S4ZIxLxbh0jMvESIzLxrhcjMvHuEKMK8a4Uowrx7hKjKvGuFqMq8e4RoxrxrhWjGvHuE6M68a4Xozrx7hBjBvGuFGMG8e4SYybxrhZjJvHuEWMW8a4VYxbx7hNjNvGuF2M28e4Q4w7xrhTjDvHuEuMu8a4W4y7x7hHjHvGuFeMe8e4T4z7xrhfjPvHeECMB8Z4UIwHx3hIjIfGeFiMh8d4RIxHxnhUjEfHeEyMx8Z4XIzHx3hCjCfGeFKMJ8d4SoynxmiMp8V4eoxnxDgsxjNjPCvGs2M8J8ZzYzwvxvNjvCDGC2O8KMaLY7wkxktjvCzGy2O8IsYrY7wqxqtjvCbGa/+3n0GDBl0f4w0x3hjjTTHeHOMtMd4a420x3h7jHTHeGeNdMd4d4z0x3hvjfTHeH+MDMT4Y40MxPhzjIzE+GuNjMT4e4xMxPhnjUzE+HePwGAdiDGIMY4xijGNMYkxjzGLMYyxiLGOsYqxjbGJsY+xi7GN8JsZnY3wuxudjfCHGF2N8KcaXY3wlxldjfC3G12N8I8Y3Y3wrxrdjfCfGd2N8L8b3Y/wgxg9j/CjGj2P8JMZPY/wsxs9jHBHjFzF+GeNXMX4d4zcxfhvjdzF+H+MPMf4Y408x/hzjLzH+GuNvMf4e4x8x/hnjXzH+HeM/Mf4b48gY/4txVIyjYxwT49gYx8U4PsZBCQ5OcIIEJ0xwSIITJThxgpMkOGmCQxOcLMHJE5wiwSkTnCrBqROcJsFpE5wuwekTnCHBGROcKcGZE5wlwVkTnC3B2ROcI8E5E5wrwbkTnCfBeROcL8H5E1wgwQUTXCjBhRNcJMFFE1wswcUTXCLBJRNcKsGlE1wmQRJcNsHlElw+wRUSXDHBlRJcOcFVElw1wdUSXD3BNRJcM8G1Elw7wXUSXDfB9RJcP8ENEtwwwY0S3DjBTRLcNMHNEtw8wS0S3DLBrRLcOsFtEtw2we0S3D7BHRLcMcGdEtw5wV0S3DXB3RLcPcE9Etwzwb0S3DvBfRLcN8H9Etw/wQMSPDDBgxI8OMFDEjw0wcMSPDzBIxI8MsGjEjw6wWMSPDbB4xI8PsETEjwxwZMSPDnBUxI8NUETPC3B0xM8I8FhCZ6Z4FkJnp3gOQmem+B5CZ6f4AUJXpjgRQlenOAlCV6a4GUJXp7gFQlemeBVCV6d4DUJXpvgdQlen+ANCd6Y4E0J3pzgLQnemuBtCd6e4B0J3pngXQneneA9Cd6b4H0J3p/gAwk+mOBDCT6c4CMJPprgYwk+nuATCT6Z4FMJPp3g8AQHEgwSDBOMEowTTBJME8wSzBMsEiwTrBKsE2wSbBPsEuwTfCbBZxN8LsHnE3whwRcTfCnBlxN8JcFXE3wtwdcTfCPBNxN8K8G3E3wnwXcTfC/B9xP8IMEPE/wowY8T/CTBTxP8LMHPExyR4BcJfpngVwl+neA3CX6b4HcJfp/gDwn+mOBPCf6c4C8J/prgbwn+nuAfCf6Z4F8J/p3gPwn+m+DIBP9LcFSCoxMck+DYBMclOD7BQSkOTnGCFCdMcUiKE6U4cYqTpDhpikNTnCzFyVOcIsUpU5wqxalTnCbFaVOcLsXpU5whxRlTnCnFmVOcJcVZU5wtxdlTnCPFOVOcK8W5U5wnxXlTnC/F+VNcIMUFU1woxYVTXCTFRVNcLMXFU1wixSVTXCrFpVNcJkVSXDbF5VJcPsUVUlwxxZVSXDnFVVJcNcXVUlw9xTVSXDPFtVJcO8V1Ulw3xfVSXD/FDVLcMMWNUtw4xU1S3DTFzVLcPMUtUtwyxa1S3DrFbVLcNsXtUtw+xR1S3DHFnVLcOcVdUtw1xd1S3D3FPVLcM8W9Utw7xX1S3DfF/VLcP8UDUjwwxYNSPDjFQ1I8NMXDUjw8xSNSPDLFo1I8OsVjUjw2xeNSPD7FE1I8McWTUjw5xVNSPDVFUzwtxdNTPCPFYSmemeJZKZ6d4jkpnpvieSmen+IFKV6Y4kUpXpziJSlemuJlKV6e4hUpXpniVSleneI1KV6b4nUpXp/iDSnemOJNKd6c4i0p3pribSnenuIdKd6Z4l0p3p3iPSnem+J9Kd6f4gMpPpjiQyk+nOIjKT6a4mMpPp7iEyk+meJTKT6d4vAUB1IMUgxTjFKMU0xSTFPMUsxTLFIsU6xSrFNsUmxT7FLsU3wmxWdTfC7F51N8IcUXU3wpxZdTfCXFV1N8LcXXU3wjxTdTfCvFt1N8J8V3U3wvxfdT/CDFD1P8KMWPU/wkxU9T/CzFz1MckeIXKX6Z4lcpfp3iNyl+m+J3KX6f4g8p/pjiTyn+nOIvKf6a4m8p/p7iHyn+meJfKf6d4j8p/pviyBT/S3FUiqNTHJPi2BTHpTg+xUEZDs5wggwnzHBIhhNlOHGGk2Q4aYZDM5wsw8kznCLDKTOcKsOpM5wmw2kznC7D6TOcIcMZM5wpw5kznCXDWTOcLcPZM5wjwzkznCvDuTOcJ8N5M5wvw/kzXCDDBTNcKMOFM1wkw0UzXCzDxTNcIsMlM1wqw6UzXCZDMlw2w+UyXD7DFTJcMcOVMlw5w1UyXDXD1TJcPcM1Mlwzw7UyXDvDdTJcN8P1Mlw/ww0y3DDDjTLcOMNNMtw0w80y3DzDLTLcMsOtMtw6w20y3DbD7TLcPsMdMtwxw50y3DnDXTLcNcPdMtw9wz0y3DPDvTLcO8N9Mtw3w/0y3D/DAzI8MMODMjw4w0MyPDTDwzI8PMMjMjwyw6MyPDrDYzI8NsPjMjw+wxMyPDHDkzI8OcNTMjw1QzM8LcPTMzwjw2EZnpnhWRmeneE5GZ6b4XkZnp/hBRlemOFFGV6c4SUZXprhZRlenuEVGV6Z4VUZXp3hNRlem+F1GV6f4Q0Z3pjhTRnenOEtGd6a4W0Z3p7hHRnemeFdGd6d4T0Z3pvhfRnen+EDGT6Y4UMZPpzhIxk+muFjGT6e4RMZPpnhUxk+neHwDAcyDDIMM4wyjDNMMkwzzDLMMywyLDOsMqwzbDJsM+wy7DN8JsNnM3wuw+czfCHDFzN8KcOXM3wlw1czfC3D1zN8I8M3M3wrw7czfCfDdzN8L8P3M/wgww8z/CjDjzP8JMNPM/wsw88zHJHhFxl+meFXGX6d4TcZfpvhdxl+n+EPGf6Y4U8Z/pzhLxn+muFvGf6e4R8Z/pnhXxn+neE/Gf6b4cgM/8twVIajMxyT4dgMx2U4PsNBOQ7OcYIcJ8xxSI4T5ThxjpPkOGmOQ3OcLMfJc5wixylznCrHqXOcJsdpc5wux+lznCHHGXOcKceZc5wlx1lznC3H2XOcI8c5c5wrx7lznCfHeXOcL8f5c1wgxwVzXCjHhXNcJMdFc1wsx8VzXCLHJXNcKselc1wmR3JcNsflclw+xxVyXDHHlXJcOcdVclw1x9VyXD3HNXJcM8e1clw7x3VyXDfH9XJcP8cNctwwx41y3DjHTXLcNMfNctw8xy1y3DLHrXLcOsdtctw2x+1y3D7HHXLcMcedctw5x11y3DXH3XLcPcc9ctwzx71y3DvHfXLcN8f9ctw/xwNyPDDHg3I8OMdDcjw0x8NyPDzHI3I8Msejcjw6x2NyPDbH43I8PscTcjwxx5NyPDnHU3I8NUdzPC3H03M8I8dhOZ6Z41k5np3jOTmem+N5OZ6f4wU5XpjjRTlenOMlOV6a42U5Xp7jFTlemeNVOV6d4zU5XpvjdTlen+MNOd6Y40053pzjLTnemuNtOd6e4x053pnjXTneneM9Od6b43053p/jAzk+mONDOT6c4yM5PprjYzk+nuMTOT6Z41M5Pp3j8BwHcgxyDHOMcoxzTHJMc8xyzHMscixzrHKsc2xybHPscuyHDhr0v088m+NzOT6f4ws5vpjjSzm+nOMrOb6a42s5vp7jGzm+meNbOb6d4zs5vpvjezm+n+MHOX6Y40c5fpzjJzl+muNnOX6e44gcv8jxyxy/yvHrHL/J8dscv8vx+xx/yPHHHH/K8eccf8nx1xx/y/H3HP/I8c8c/8rx7xz/yfHfHEfm+F+Oo3IcneOYHMfmOC7H8TkOKnBwgRMUOGGBQwqcqMCJC5ykwEkLHFrgZAVOXuAUBU5Z4FQFTl3gNAVOW+B0BU5f4AwFzljgTAXOXOAsBc5a4GwFzl7gHAXOWeBcBc5d4DwFzlvgfAXOX+ACBS5Y4EIFLlzgIgUuWuBiBS5e4BIFLlngUgUuXeAyBVLgsgUuV+DyBa5Q4IoFrlTgygWuUuCqBa5W4OoFrlHgmgWuVeDaBa5T4LoFrlfg+gVuUOCGBW5U4MYFblLgpgVuVuDmBW5R4JYFblXg1gVuU+C2BW5X4PYF7lDgjgXuVODOBe5S4K4F7lbg7gXuUeCeBe5V4N4F7lPgvgXuV+D+BR5Q4IEFHlTgwQUeUuChBR5W4OEFHlHgkQUeVeDRBR5T4LEFHlfg8QWeUOCJBZ5U4MkFnlLgqQVa4GkFnl7gGQUOK/DMAs8q8OwCzynw3ALPK/D8Ai8o8MICLyrw4gIvKfDSAi8r8PICryjwygKvKvDqAq8p8NoCryvw+gJvKPDGAm8q8OYCbynw1gJvK/D2Au8o8M4C7yrw7gLvKfDeAu8r8P4CHyjwwQIfKvDhAh8p8NECHyvw8QKfKPDJAp8q8OkChxc4UGBQYFhgVGBcYFJgWmBWYF5gUWBZYFVgXWBTYFtgV2Bf4DMFPlvgcwU+X+ALBb5Y4EsFvlzgKwW+WuBrBb5e4BsFvlngWwW+XeA7Bb5b4HsFvl/gBwV+WOBHBX5c4CcFflrgZwV+XuCIAr8o8MsCvyrw6wK/KfDbAr8r8PsCfyjwxwJ/KvDnAn8p8NcCfyvw9wL/KPDPAv8q8O8C/ynw3wJHFvhfgaMKHF3gmALHFjiuwPEFDipxcIkTlDhhiUNKnKjEiUucpMRJSxxa4mQlTl7iFCVOWeJUJU5d4jQlTlvidCVOX+IMJc5Y4kwlzlziLCXOWuJsJc5e4hwlzlniXCXOXeI8Jc5b4nwlzl/iAiUuWOJCJS5c4iIlLlriYiUuXuISJS5Z4lIlLl3iMiVS4rIlLlfi8iWuUOKKJa5U4solrlLiqiWuVuLqJa5R4polrlXi2iWuU+K6Ja5X4volblDihiVuVOLGJW5S4qYlblbi5iVuUeKWJW5V4tYlblPitiVuV+L2Je5Q4o4l7lTiziXuUuKuJe5W4u4l7lHiniXuVeLeJe5T4r4l7lfi/iUeUOKBJR5U4sElHlLioSUeVuLhJR5R4pElHlXi0SUeU+KxJR5X4vElnlDiiSWeVOLJJZ5S4qklWuJpJZ5e4hklDivxzBLPKvHsEs8p8dwSzyvx/BIvKPHCEi8q8eISLynx0hIvK/HyEq8o8coSryrx6hKvKfHaEq8r8foSbyjxxhJvKvHmEm8p8dYSbyvx9hLvKPHOEu8q8e4S7ynx3hLvK/H+Eh8o8cESHyrx4RIfKfHREh8r8fESnyjxyRKfKvHpEoeXOFBiUGJYYlRiXGJSYlpiVmJeYlFiWWJVYl1iU2JbYldiX+IzJT5b4nMlPl/iCyW+WOJLJb5c4islvlriayW+XuIbJb5Z4lslvl3iOyW+W+J7Jb5f4gclfljiRyV+XOInJX5a4mclfl7iiBK/KPHLEr8q8esSvynx2xK/K/H7En8o8ccSfyrx5xJ/KfHXEn8r8fcS/yjxzxL/KvHvEv8p8d8SR5b4X4mjShxd4pgSx5Y4rsTxJQ6qcHCFE1Q4YYVDKpyowokrnKTCSSscWuFkFU5e4RQVTlnhVBVOXeE0FU5b4XQVTl/hDBXOWOFMFc5c4SwVzlrhbBXOXuEcFc5Z4VwVzl3hPBXOW+F8Fc5f4QIVLljhQhUuXOEiFS5a4WIVLl7hEhUuWeFSFS5d4TIVUuGyFS5X4fIVrlDhihWuVOHKFa5S4aoVrlbh6hWuUeGaFa5V4doVrlPhuhWuV+H6FW5Q4YYVblThxhVuUuGmFW5W4eYVblHhlhVuVeHWFW5T4bYVblfh9hXuUOGOFe5U4c4V7lLhrhXuVuHuFe5R4Z4V7lXh3hXuU+G+Fe5X4f4VHlDhgRUeVOHBFR5S4aEVHlbh4RUeUeGRFR5V4dEVHlPhsRUeVzFi+KBBnlDhiRWeVOHJFZ5S4akVWuFpFZ5e4RkVDqvwzArPqvDsCs+p8NwKz6vw/AovqPDCCi+q8OIKL6nw0govq/DyCq+o8MoKr6rw6gqvqfDaCq+r8PoKb6jwxgpvqvDmCm+p8NYKb6vw9grvqPDOCu+q8O4K76nw3grvq/D+Ch+o8MEKH6rw4QofqfDRCh+r8PEKn6jwyQqfqvDpCodXOFBhUGFYYVRhXGFSYVphVmFeYVFhWWFVYV1hU2FbYVdhX+EzFT5b4XMVPl/hCxW+WOFLFb5c4SsVvlrhaxW+XuEbFb5Z4VsVvl3hOxW+W+F7Fb5f4QcVfljhRxV+XOEnFX5a4WcVfl7hiAq/qPDLCr+q8OsKv6nw2wq/q/D7Cn+o8McKf6rw5wp/qfDXCn+r8PcK/6jwzwr/qvDvCv+p8N8KR1b4X4WjKhxd4ZgKx1Y4rsLxFQ6qcXCNE9Q4YY1DapyoxolrnKTGSWscWuNkNU5e4xQ1TlnjVDVOXeM0NU5b43Q1Tl/jDDXOWONMNc5c4yw1zlrjbDXOXuMcNc5Z41w1zl3jPDXOW+N8Nc5f4wI1LljjQjUuXOMiNS5a42I1Ll7jEjUuWeNSNS5d4zI1UuOyNS5X4/I1rlDjijWuVOPKNa5S46o1rlbj6jWuUeOaNa5V49o1rlPjujWuV+P6NW5Q44Y1blTjxjVuUuOmNW5W4+Y1blHjljVuVePWNW5T47Y1blfj9jXuUOOONe5U48417lLjrjXuVuPuNe5R45417lXj3jXuU+O+Ne5X4/41HlDjgTUeVOPBNR5S46E1Hlbj4TUeUeORNR5V49E1HlPjsTUeV+PxNZ5Q44k1nlTjyTWeUuOpNVrjaTWeXuMZNQ6r8cwaz6rx7BrPqfHcGs+r8fwaL6jxwhovqvHiGi+p8dIaL6vx8hqvqPHKGq+q8eoar6nx2hqvq/H6Gm+o8cYab6rx5hpvqfHWGm+r8fYa76jxzhrvqvHuGu+p8d4a76vx/hofqPHBGh+q8eEaH6nx0Rofq/HxGp+o8ckan6rx6RqH1zhQY1BjWGNUY1xjUmNaY1ZjXmNRY1ljVWNdY1NjW2NXY1/jMzU+W+NzNT5f4ws1vljjSzW+XOMrNb5a42s1vl7jGzW+WeNbNb5d4zs1vlvjezW+X+MHNX5Y40c1flzjJzV+WuNnNX5e44gav6jxyxq/qvHrGr+p8dsav6vx+xp/qPHHGn+q8ecaf6nx1xp/q/H3Gv+o8c8a/6rx7xr/qfHfGkfW+F+No2ocXeOYGsfWOK7G8TUOanBwgxM0OGGDQxqcqMGJG5ykwUkbHNrgZA1O3uAUDU7Z4FQNTt3gNA1O2+B0DU7f4AwNztjgTA3O3OAsDc7a4GwNzt7gHA3O2eBcDc7d4DwNztvgfA3O3+ACDS7Y4EINLtzgIg0u2uBiDS7e4BINLtngUg0u3eAyDdLgsg0u1+DyDa7Q4IoNrtTgyg2u0uCqDa7W4OoNrtHgmg2u1eDaDa7T4LoNrtfg+g1u0OCGDW7U4MYNbtLgpg1u1uDmDW7R4JYNbtXg1g1u0+C2DW7X4PYN7tDgjg3u1ODODe7S4K4N7tbg7g3u0eCeDe7V4N4N7tPgvg3u1+D+DR7Q4IENHtTgwQ0e0uChDR7W4OENHtHgkQ0e1eDRDR7T4LENHtfg8Q2e0OCJDZ7U4MkNntLgqQ3a4GkNnt7gGQ0Oa/DMBs9q8OwGz2nw3AbPa/D8Bi9o8MIGL2rw4gYvafDSBi9r8PIGr2jwygavavDqBq9p8NoGr2vw+gZvaPDGBm9q8OYGb2nw1gZva/D2Bu9o8M4G72rw7gbvafDeBu9r8P4GH2jwwQYfavDhBh9p8NEGH2vw8QafaPDJBp9q8OkGhzc40GDQYNhg1GDcYNJg2mDWYN5g0WDZYNVg3WDTYNtg12Df4DMNPtvgcw0+3+ALDb7Y4EsNvtzgKw2+2uBrDb7e4BsNvtngWw2+3eA7Db7b4HsNvt/gBw1+2OBHDX7c4CcNftrgZw1+3uCIBr9o8MsGv2rw6wa/afDbBr9r8PsGf2jwxwZ/avDnBn9p8NcGf2vw9wb/aPDPBv9q8O8G/2nw3wZHNvhfg6MaHN3gmAbHNjiuwfENDmpxcIsTtDhhi0NanKjFiVucpMVJWxza4mQtTt7iFC1O2eJULU7d4jQtTtvidC1O3+IMLc7Y4kwtztziLC3O2uJsLc7e4hwtztniXC3O3eI8Lc7b4nwtzt/iAi0u2OJCLS7c4iItLtriYi0u3uISLS7Z4lItLt3iMi3S4rItLjdmsMu3uEKLK7a4Uosrt7hKi6u2uFqLq7e4RotrtrhWi2u3uE6L67a4Xovrt7hBixu2uFGLG7e4SYubtrhZi5u3uEWLW7a4VYtbt7hNi9u2uF2L27e4Q4s7trhTizu3uEuLu7a4W4u7t7hHi3u2uFeLe7e4T4v7trhfi/u3eECLB7Z4UIsHt3hIi4e2eFiLh7d4RItHtnhUi0e3eEyLx7Z4XIvHt3hCiye2eFKLJ7d4SountmiLp7V4eotntDisxTNbPKvFs1s8p8VzWzyvxfNbvKDFC1u8qMWLW7ykxUtbvKzFy1u8osUrW7yqxatbvKbFa1u8rsXrW7yhxRtbvKnFm1u8pcVbW7ytxdtbvKPFO1u8q8W7W7ynxXtbvK/F+1t8oMUHW3yoxYdbfKTFR1t8rMXHW3yixSdbfKrFp1sc3uJAi0GLYYtRi3GLSYtpi1mLeYtFi2WLVYt1i02LbYtdi32Lz7T4bIvPtfh8iy+0+GKLL7X4couvtPj/2Nhhr7f4RotvtvhWi2+3+E6L77b4Xovvt/hBix+2+FGLH7f4SYuftvhZi5+3OKLFL1r8ssWvWvy6xW9a/LbF71r8vsUfWvyxxZ9a/LnFX1r8tcXfWvy9xT9a/LPFv1r8u8V/Wvy3xZEt/tfiqBZHtzimxbEtjvtfhxYHdTi4wwk6nLDDIR1O1OHEHU7S4aQdDu1wsg4n73CKDqfscKoOp+5wmg6n7XC6DqfvcIYOZ+xwpg5n7nCWDmftcLYOZ+9wjg7n7HCuDufucJ4O5+1wvg7n73CBDhfscKEOF+5wkQ4X7XCxDhfvcIkOl+xwqQ6X7nCZDulw2Q6X63D5DlfocMUOV+pw5Q5X6XDVDlfrcPUO1+hwzQ7X6nDtDtfpcN0O1+tw/Q436HDDDjfqcOMON+lw0w4363DzDrfocMsOt+pw6w636XDbDrfrcPsOd+hwxw536nDnDnfpcNcOd+tw9w736HDPDvfqcO8O9+lw3w7363D/Dg/oGDJo0CAP6vDgDg/p8NAOD+vw8A6P6PDIDo/q8OgOj+nw2A6P6/D4Dk/o8MQOT+rw5A5P6fDUDu3wtA5P7/CMDod1eGaHZ3V4dofndHhuh+d1eH6HF3R4YYcXdXhxh5d0eGmHl3V4eYdXdHhlh1d1eHWH13R4bYfXdXh9hzd0eGOHN3V4c4e3dHhrh7d1eHuHd3R4Z4d3dXh3h/d0eG+H93V4f4cPdPhghw91+HCHj3T4aIePdfh4h090+GSHT3X4dIfDOxzoMOgw7DDqMO4w6TDtMOsw77DosOyw6rDusOmw7bDrsO/wmQ6f7fC5Dp/v8IUOX+zwpQ5f7vCVDl/t8LUOX+/wjQ7f7PCtDt/u8J0O3+3wvQ7f7/CDDj/s8KMOP+7wkw4/7fCzDj/vcESHX3T4ZYdfdfh1h990+G2H33X4fYc/dPhjhz91+HOHv3T4a4e/dfh7h390+GeHf3X4d4f/dPhvhyM7/K/DUR2O7nBMh2M7HNfh+A4H9Ti4xwl6nLDHIT1O1OPEPU7S46Q9Du1xsh4n73GKHqfscaoep+5xmh6n7XG6HqfvcYYeZ+xxph5n7nGWHmftcbYeZ+9xjh7n7HGuHufucZ4e5+1xvh7n73GBHhfscaEeF+5xkR4X7XGxHhfvcYkel+xxqR6X7nGZHulx2R6X63H5HlfoccUeV+px5R5X6XHVHlfrcfUe1+hxzR7X6nHtHtfpcd0e1+tx/R436HHDHjfqceMeN+lx0x4363HzHrfoccset+px6x636XHbHrfrcfsed+hxxx536nHnHnfpcdced+tx9x736HHPHvfqce8e9+lx7Pjx4/frcf8eD+jxwB4P6vHgHg/p8dAeD+vx8B6P6PHIHo/q8egej+nx2B6P6/H4Hk/o8cQeT+rx5B5P6fHUHu3xtB5P7/GMHof1eGaPZ/V4do/n9Hhuj+f1eH6PF/R4YY8X9Xhxj5f0eGmPl/V4eY9X9Hhlj1f1eHWP1/R4bY/X9Xh9jzf0eGOPN/V4c4+39Hhrj7f1eHuPd/R4Z4939Xh3j/f0eG+P9/V4f48P9Phgjw/1+HCPj/T4aI+P9fh4j0/0+GSPT/X4dI/Dexzo8f8EAAD//9eYyt4=")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x184a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
write$FUSE_OPEN(r0, &(0x7f0000000100)={0x20, 0x8cf2826c8227b098, 0x0, {0x0, 0x11}}, 0x20)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x408, 0x1)
getdents(0xffffffffffffffff, 0x0, 0x56)

28.220772219s ago: executing program 0 (id=611):
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x8015, 0x3, 'dh\x00', 0x1, 0x4, 0x6d}, 0x2c)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1f00, 0x12)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x40, 0xfe}, {0x20, 0xf2, 0x0, 0xffff7010}, {0x6, 0x0, 0x0, 0x2000000}]}, 0x10)
writev(r6, &(0x7f0000000500)=[{&(0x7f0000000080)="0ccc3611", 0x4}], 0x1)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000100)={0xc})

27.148007437s ago: executing program 0 (id=602):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
fcntl$setstatus(r1, 0x4, 0xc00)
read$char_usb(r1, &(0x7f00000000c0)=""/30, 0x1e)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)

25.917964762s ago: executing program 0 (id=609):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5514, &(0x7f0000009a00)="$eJzs3E1vG1UXAODjpGnTj7dvhFiw60gVUiLVVpyPCnYBWvEhUkUFFqzAsR3Lre2JYscJWbFgiVjwTxBIrFjyG1iwZodYgNghgTwzhgaoQIoTk/Z5pPGZe3195lyrqnRmIgfw1FpIfv6xFNfjckTMRsS1iOy8VByZjTw8FxE3ImLmkaNUzP8+cTEirkTE9VHyPGepeOvTW8Ob6z+88dNX31y6cPWzL7+d3q6BaXs+Irq7+flBN49pK48PivnasJ3F7tqwiPkb3YfFOM3jQXM7y3BQG6+rZXG1la9Pd/f7o7jTqdVHsdXeyeZ3e/kF+8PWOE/2gQe1vWzcaG5nsd1Ps9g6yus6PMr/bzvqD/I8jSLfB1n6GAzGMZ9vHjbz/ew+zGK9Nyjm87xpo3k4isMiFpeLetppZHVsn+Sb/m97s93bP0yGzb1+O+0l65XqC5Xq7XJ1L200B821cq3buL2WLLY6o2XlQbPW3WilaavTrNTT7lKy2KrXy9Vqsninud2u9ZJqtbJaWS6vLxVnt5JX772TdBrJ4ii+3O7tD9qdfrKT7iX5J5aSlcrqi0vJzWry1uZWsnX/7t3Nrbffu/PuvZc2X3+lWPSXspLFleWVlXJ1ubxSXTrJ7ufP1/4/Ksqe2P7hhErTLgDg/NH/A9Nwev3/3v2I0+//4/H9/+XxHvX//+xc9b8T7//tH05E/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8NT6bu7z17KThXx8tZj/XzH1TDEuRcRMRPz6N2bj4rGcs0Weucesn/tTDV+XIsswusal4rgSERvF8cv/T/tbAAAAgCfXFx/e+CTv1vOXhWkXxFnKb9rMXHt/QvnmI2Ju4fsJZZsZvTw7oWTZv+8LcTihbNkNrPkJJctvuV2YVLZ/ZfZYmH8klPIwc6blAAAAZ+J4J3C2XQgAAABn6eNpF8B0lGL8KHP8LDj7y/s/HghePjYCAAAAzqHStAsAAAAATl3W//v9PwAAAHiy5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAb+zcz23iQBQH4GeDF/afFq32vq3sDcrYEva4x4gC0gQF5EBaSAPUQG4pIYIIj0Mg4hDJY1uJvk9yJmOZH28QHGZGGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE/szzsKhEAYhMHe9Z3J3P+w0qCpqUkVCB9/YzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLE/LykQAkEQBXPG/076/oeVBD2DCBHQ8KiiFg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLFz/75xU3EAwJ/t84UWEEdANwQhkBhgoddraemGGEARA38CUpReS+iVH20GWlWILGwocxcEI0JIoLD1f+jcSl3K1uGGIjGDns9O3CYSB6H2Jfl8pHfva8vy+z6fFOXrZx8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVCbvlsFCCFnse9PNtNx95+GN1djffayPbm3eW4otxknDeR8AL9c3kn57iQAAAHB0ZGWL7udby7FPe0X9n1fHxJr/+2encVXPP173V31V+8f2268PXtweqDcdJ570wtp4dHJ3Kp0nN8v59tw/HtEprnxx7yUrvpD0g40XJnlxPZNvb99+r1uEC01kCwD8Fyeqvgyq/4diP2wzMQCOjE6t8K7q/6zXbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATZhshKerOAkhLHV24ujuwxure/W3Nu8tVe3szZub4eudc8ZT5CGEC2vj0clGZzPfrl67fmllPB5daT54JYTQ1ujvlNO/9NEMB4fQyvUR/E9BWn7Z85LPwQha/KMEAMChlJct1vX3863luC9ZDOGvHx6t/1+vxWHG+v/Bx2fv1Meq1//DxmY4/wbrlz8fXL12/c21yysXRxdHn751avj28PS5M2fODYp7JQN3TAAAANifbtnq9X+6uHv9/3gtDjPW/198N/yqPlam/t/TzqJf25kAAAAcbc+/+ucfyR77k243fLmyvn5lOP3c3j41/Wwh1X9toWz1+j9bbDsrAAAAoAmTjeSR9f/ztTjMuP7/zI8v/Vw/ZxZCOFau/59Y/Wx8vrnpzLXZ3gfu7Ot14rbnCAAAQLuOla2+/p8Xz/+n2488pCGEN16bxuXPAM5U/2fvf/NTfaz68/+nm5viXEr70+tR9P0QOv22MwIAAOAwe6pssdj/Pd9a/uSX4x92Pf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA///RHjzw")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x167)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000200)='./file0\x00')

24.419664309s ago: executing program 0 (id=616):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5'])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, &(0x7f00000000c0)='/', 0x1, 0x2f70000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x185942, 0x0)
sendfile(r1, r1, 0x0, 0x80000000)

22.507321708s ago: executing program 0 (id=625):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
fcntl$setstatus(r1, 0x4, 0x42000)
read$FUSE(r1, &(0x7f0000000f40)={0x2020}, 0x2020)
write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x2, 0xfffffffffffffff8}, 0xf)

21.956473684s ago: executing program 34 (id=625):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
fcntl$setstatus(r1, 0x4, 0x42000)
read$FUSE(r1, &(0x7f0000000f40)={0x2020}, 0x2020)
write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x2, 0xfffffffffffffff8}, 0xf)

6.032526151s ago: executing program 6 (id=678):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
syz_mount_image$ext4(&(0x7f0000000900)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000240)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@jqfmt_vfsv1}, {@journal_dev={'journal_dev', 0x3d, 0x9}}, {@commit}]}, 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
sendfile(r1, r1, 0x0, 0xe3aa6ea)
creat(&(0x7f0000002380)='./file1\x00', 0x0)

4.547396886s ago: executing program 2 (id=682):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x3c, 0x3, 0x4, 0x7f}, {0x6, 0xff, 0x2, 0xfffffff3}]})
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.412764314s ago: executing program 3 (id=683):
syz_mount_image$cramfs(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x2200400, &(0x7f0000000080)=ANY=[@ANYRES8=0x0], 0xfe, 0x160, &(0x7f0000000200)="$eJzs0M+LEnEYx/H3d+brKKRYZCBBKXTIksAf1C3CiSQhGyi6dBJs+gGKkVDeUqJbB6Grh9q9Lgv7F+jqYdlFL7v/xF68LezRZWbcXZb1P9jndZvP830+D8yLp7OM4tzzVvPrN7fddj+k3zjV8tvD4bDk5RZ0ti7Mg/ejEnxGM9Iw74EXT2Lw8UvDNeqthvc9L0EYsK8tc5rx03t2QtPTkCfYz9yD8S3/ncHlzC0S8vdua7DjQZYDFv/hvgX2jSDz+o4AE5SylsfumPyuZFM3FXQG2c2NvdfT3cqjh8/cP4Vy/0E0aWZ/whq2iuxMPh2Yy63ZtPrKqTqzYqHwpJjLGzze9wu7ffTL6Hd4r0B7fQZ+n0Xyrn4HvxT89W/Nt1UMGP87dprhs3/d/WGmQaUG9VoytF5LXDcwM9qbLFjBnxBZNRJCCCGEEEIIIYQQQgghhBBCCHHVnQQAAP//A2lTBA==")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000000)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x15, r2, 0x0, r1})
getdents(0xffffffffffffffff, 0x0, 0x0)

4.25386134s ago: executing program 5 (id=685):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x80042, 0x1}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x48004)

4.070226015s ago: executing program 6 (id=687):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x268})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
read(r0, &(0x7f0000000300)=""/172, 0xdc)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x80000a, 0x31, 0xffffffffffffffff, 0xd0fb8000)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f00000004c0)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})

3.912326554s ago: executing program 3 (id=688):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@random="00008000", @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x18, 0x3a, 0x0, @loopback, @loopback, {[], @mld={0x82, 0x0, 0x0, 0x9, 0xc036, @remote}}}}}}, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x90)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48)

3.890201617s ago: executing program 5 (id=689):
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0)

3.15998016s ago: executing program 3 (id=690):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
unshare(0x22020600)

3.129868538s ago: executing program 2 (id=691):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
fdatasync(r0)

2.889382176s ago: executing program 7 (id=693):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xd, 0xfff1}, {}, {0xfff1, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x3, 0x67e6}, {0x9, 0x3, 0x5, 0x9}}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{0x24, 0x2, 0x1}, {0x8, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}]}}]}, 0x70}}, 0x20004000)

2.759096072s ago: executing program 2 (id=694):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r1, r3, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0)
syz_emit_ethernet(0xd81, &(0x7f0000000740)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xd73, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xd5f, 0x0, @opaque="4c9bbb99bc1296031d53e416a4a02ce14a9435c9e79fab854aa74c614a38f42fc6f0abd88e1f25d727ad534c444434f1f3cd363b8e41ab79d685f674e5698b50056d7399fe44f1de2100316aa5c0c3cbe19d847ba3e3345490ae3340db53197dd152763cc4b49f3c6c056007e978f4d8fa7f8e26954bb8021842799850705457494488bac8007969eae1de44f9a8ffda82864164b1ee816b02131ff118999cacd987b47b54358f043d353275a94b2e9cc5aa48a00a1ba0e98ed35669307fa7dfc1c143c729d23e7e25e55cdb96bf208948eec881c34de001717f81ac241757ee2cad824d7e825004f906fcab8548feac051b0c8bdf3cddece2212ba9cdefc2e9a46946fb065f3d9aef620401fe0c19cbf2f0dc01986f97b9969df93565b25683b032b2aab1d28814b26b9ed438beff0654182fddebf3419f34d4a1b94671a1fdfd497a7e3d4a30a04f9da5e1f1750608947adf5ce273ced45a1099e58def13e43586eb9cd21fec8e14836d9032620e44841a8d43dfc9b576ee4672dcebe26c39cd77fa06adc91130ee77a514902064fe49c662bf472468b2ab29f4e1901d2b0ef6a010ea5d13026ec8b3a0fc12016cffd9caaa6dcafb27af89d08addf694d33accf7fead9773279775f4fe250049b0b11fd5e7707bde15cf6e80d1216edb9b2f92a89aa970646c22d2f09ddc6b39f6eeb6bce95ceb853e79690b347c648ec9c6803e8101044607dc5bd6ba9768c6d3d86b1d65117fcf407bbf7cf30c9ed07c0c30d9b85477fd63cfa5cc8ee9338657ea8f49c1ce3ead399f52da8fecd08b06951e17618f762903dab60b4f4e79a9dea8ac6c32c9aced013be38fdb76fcffd252a450139b6f7977ec283e263d85bad15e786a4fd33b7ea4363661e4b8c82792d5342ff21b6304a0dc244192b62120d3600704b288475842e7b6e5eb8b7e1b70696bbd606003380289b2dd9499a254e90cac7b1bb4cd9167931dfcf37c4f2c7e3d5150076f21693793b4e9d87355ea6dceb95b1d93f84f763fd9ee8d4e9654a0faf5a88fb071f44800b04cc4cac96eb51db6d40c4b97f2cf6e36f1e1b57608e5d0756a383e927a897cae9c80ddc7932b8e70c9df8c1da52f96b0b240ea1610a6959aafe48ee4be4d65611c5889ccbe59c4fbf85a7ba257fed54e2678b3018b758398119740508fb233a54e851435ce370cb02aa241cc5315e6fce2b41d3d3c938212f3683929ea87f09ee890d98216cac5438052ac0b06320d8921748cefdb3d81912b1501a6c49357a2d4351c76c82ee6ed640ddd0ea5a3d5b1c5fad927c31dd1a98282f0d378f892845bc7dd00842405e34a1942d4d20d5c994cc22289b5381e939718eed3ba207c168b8d26df5e710358df93e638d7df26da26c6c355c2243b46b461ca5c0a8065b67e031d6ffb52e9c05768d6d4d9a6f429a42e55e7f57cacbec6be695f9a619821d7eef4b7e208bf9a20d7023ab92a124c397977729bcdf8866e7777ff443ca58aaed74033c6c1c66a82205f6df98dbbe6323dc76467eeec6c96a2cbe00e7ad0c6ec03e4edf7792b40826d82c58f081b3ed9cae9a2fe95b84a322ca788d43071bdb6791de41115fea07705e7086965476d91f42eaaff22fb9efbd5c9a96fd5d7da180ba71347c6cccb52f954aedf64e53231c105a77d5e4cfd4ff48307127f5ae000137482066bca3edb4b2fded5b3dc2160d1c3dcd3d7c956f7e588bb4cbe359bc08947dc5a13b189e36b546c78f056ddfb43564d7133a6334afbf7ebd9b304676ddde7e329222b3ff93ca9239ff1364aa2098139e064bda721b86c0fd66259d1be3ed0a9d1022827da7a8bfbc72d7e9415543d213520590fa28ff96c714ddffc24adcf61df698653a3026fc77584169318fd6e95d4c0b66ff9329154b6f93d08aafd07351a85a4c079e239beb07db0c2a8a279ecd2c7ee9578c0fffd4f0bb7b8bfb7917dce8d06822abe494cb76ae023fda18f2d8aa6afae8506e9a556cfc763c61ac1ed03c41df3f9777721a84423fe52cb0c3288ca5fde62934ae360130a33b745f6d4df890e77a090c0d61df87c3c951e51b015897ebda614741966c551c4b23a54d9a7981a4aa8a4f18fee5947570f4d792319dca5dc9fe51218ffcf932b1318ba1e7c58200a4028099c8faf64c9624604aa01fbcbadc2e910211c317692127f09065ee54808c0638d3e1d33fca594e0c885e2ef96c03fc84e451b44440a223b339b92397839a388c8d04c982705c2e80391851baf3ab56e5f7948db3a9496366c69e8bd810ed7d0076bfaaa23e23600e5fdb2c6446b7ee341d420489e87b09c595cf592610f6d7bfab9276157f13136292c4ac71375f9a1bd8d895df58efa3ed556ef501032cee473e23312b5f9a18d7e29dbf031b496c557869b780a100237b803abb30be14be458d9ec7c51e4fea1e8f46998d440a3481895078eb533b6b20262c51429f5c28e1dde7fad33e2b9e1e453fca236161f714d6065c6335f62b661c0eae6a7f7d6f393f27ce502c4ec19bf377dc8566fffc4301c1ce98f65ddd7c80b16cb39a7f9f1c8e5d4f853d663d55cdcdd273b40ed491fd9fc53cebd2edcbc239993797a2c9335c63672213f4d7889a5cf386cc3349a74a28450ff95e3aacc2db4b15ba8775e91fe6b7e25dd9e186f4ccea565a2c743e0decd537ce12106a9b6ffdbed1ee60ade09029fddb4dbeebe8f7c4ea1039f67e76c06065e7c9e00980996d11ab777686933119ff00d8c69d3a916a6c00a65603829dc701b60f7a8c398ae80b1aa96d08307034b3bb2b27c248bca9a4984a14be1a7e4a434119b901fb7826f1afeffec95d0ffe7b1b3d545e08c0975c2aefcac3373ae4711f9fc7acee7181a962f8d9792f6a489c5862b6ee9e98b4ac4098a21d7f4058718ba0ae3ed9fc18c40f700c09b4e14982625832e87de949489e0bb6e0b2eab25bd0610b7af0475f871e4e5ded90e3344aade0aa700d6ff3e70185f3eac3596c99e3557089706fdef43adec3d370351e91962dbe754cd287f5f1d92887fae30e111385ca81ece3217ad26065482fd11caf910c1e98c8ca6969c2de7344ffa4d46a900f00f8a50c8f587458c683833042e0c2064a1921e24450cd025d6e2b10e4c348743f8d2bb6797b497db6ccc33d4ff535160dca5765ff3eb2f8dd7a4a350a2d3ec4f0bd8191d2caab7ff9c0409093c956647c5bc697e95e413a0bc7a1e2df576acf1aa9bd0dd19a79193708e66866341b2877aa3aad849ce2cf4e41e2d6faf99c7bde472959d962b10eee3fac370576b175cf3d8573795cde33f1955a2dccaccdcd885914df2be8a4c6ed94c8bdcde0877e7f40baca7ab0e9156323e3ed467a40c956c67ebbca736470cf230291a988e8b4e174014cf535f42721c5a53ede14ff739a4f36b996127580f5b6d53a784b8740db985fbf66e579b70262e7e50e08727ed7d0d261f1f10c9c11cfa866d6f86f7787ab4598935b8bbe0000abd8304c3efcb31ce46cf7fee832eb7d54e303429d3a0b345a061cd3a7bdbbb4a998750e075580a92a5514d11d13a6be0a6432e57afdb0d9a5567bf2f491ee7080b0f67b93366dfce533a994d5c7c09f08cbe1e020215c554b2769d240cf1cc9a6bd7a1c4385a4a13522b89f364fc78eb2179aa614b43e26f3c30e71acd5ccf8bdf67a56806a77baa5ac65294ccd0d4e9558a8e7da122b8129ac2b46d86f8a14dfbd2edd804f2b6dc23c63edb9b29e829e3c799eecf7b7e55f33581b0c168e3e735b03352986e3cb601a00f4b60030d6a6fec1407d226c18387ff2241e2c61b891879658ac92cbdbdfaf368523c7a493462c2fabe92cfed540c6590386f076d51914f0ba4deff0f80b249cce2a4f917045ca69d669fd71ffef7c62e9d810cad660630416c867bbe8177b70ff341d05db85c648061a15fe596383cee7af8058a662eecec2e47be655d634aef04bcb1571a0c391c881ed5f9fdf399466973335fbafed9f2a646fae881bc4a2a35ff79bd006e6a2bf3241400c0724516b9803ca11c3bc44c97b0571bfb8d68da9e196960d9941cfd0bafcc64e428f0ab6634894af3174a003b6f4cbd88efb46a4600f78708d35e139f5f7f9561b46c956bd07f471698926061acb3ed14f38960919fa463a7588c1b4aae8b4693ee976df28a7958b04739b8f1df58b70e75468a6fafbc13a666f781dc71be386965a601f9a86fb98808c9670753fe37d811b49bd7446238966c2add97f3f53f244f06a80f55c1546af23df595a044ca8a9859ed87addc79010d8be9b57a4001ba78e50fab6367ffdc093ceca84e1f6c0cb6584cb73b150010d39d73e3a6c173bfe79803abe4bdbc149e11fd0c534fa43fcc7387ca972a08adea3302c546f93f88e38984a610bac35787bf4ba04b2ea7a612bf57e8f3ec1d475f6a1bfb72bef171634c9824bd00726ce8fcd630728e9ab71fc13d07e33e79d6b1364d035135a06fff8dd87638cd91f2e074224bfaa993e88c3e60fa68486b698f42f4aca48e232a44daa32eed6e2f430ffdf522f12935a159412b39c25e63ad3ad5b75913976a52d02ab3116751090e7854cf86ce289b5b30a3819c2291989c4fa2b83782d2542a0d92655d3f28496e469f7c76052fac41c45e510812622bc3570644c8bb61c7528aba9ad04ec866927b7215b2e138fefbade0384c25ac9b619f03fb7e773c7479714691bcbfa8679260df4151e3b6422608b47ba8a5fbc118ba3c789ce3734e9b05fb1009d645910fde2c9f8941047bb73ff37cc5776e731fbc0820edff31c5e0e2003a50ee7d524b344b9862bad71c55bc525154d6141b7fa60585"}}}}}, 0x0)

2.736481411s ago: executing program 3 (id=695):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0xfffffffffffffffa, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000034c0)={0x2020}, 0xcac)

2.579951682s ago: executing program 7 (id=696):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRES16], 0x1, 0x2c2, &(0x7f00000006c0)="$eJzs3T+LI2UYAPBndpNJ7iySwkoEB7SwOm6vtckiOThMpaRQC128O5AkCHew4CkGK1sbSz+BINj5JWwEP4DgB7DzioNXJpkh2btJsoHLrX9+vyL77Lzv877POzPZPyzz7sevziZ3i7j/9Ze/R7ebxdEgBvE4i34cRS2llGJl8G0AAP9mj1OKP9PSJVMG5UsWEd3DlgYAHMje3/9/OnhJAMCBvff+B++cjkbDd4uiG7dn35yPy9/sy4/L9tP78WlM417cjF48Wf4toP5poXy9nVKat4pSP96Yzc/HZebso1+q8U/riU6iF/1FdDH/zmh4Uiyt5c/LOq5X8w/K+W9FL15umP/OaHirIT/Gebz5+lr9N6IXv34Sn8U07i6KWOV/dVIUb6fv/vriw7K8Mj+bn487i34r6fjFXRUAAAAAAAAAAAAAAAAAAAAAAP7rblR753RisX9Peajaf+f4SflJO4pa/+L+PMv8rB7oqf2B5im+T6nTihgNbxZFkaqOq/xWvNKK1tWsGgAAAAAAAAAAAAAAAAAAAP5ZHn7+aHI2nd570BD8dj1iQ9OGoN4NoH6sf0fW8aamwdqR1+LR5KyzecC1pqMq3DJpHNd9soity4lWux65v9dJ2D+4tqnmH37cd8Du7j7tbefn+QT13TU5y6KxTyfqI936mv683iePS86Vb2pKu2+/tSBvbOrtvfb8pUUw39Insm2FvfXH8sxVR7KnV5EvzmpjenttN47me6P5Wmx6pzwjW7yt8+f3xQcAAAAAAAAAAAAAAAAAALhg9dDvM03XdqQepc7BygIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2r1///3COZV8iU65/Hg4RUvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwMAAP//QSRWPA==")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x1ff, &(0x7f0000000440)=<r1=>0x0)
ftruncate(r0, 0x81fe)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}])

2.44227375s ago: executing program 6 (id=697):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000280)=""/193, 0xc1}], 0x1, 0x0, 0x4)
r1 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r2, {0xa}, {0x0, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040091}, 0x10)

2.425746015s ago: executing program 2 (id=698):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
syz_mount_image$ext4(&(0x7f0000000900)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000240)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@jqfmt_vfsv1}, {@journal_dev={'journal_dev', 0x3d, 0x9}}, {@commit}]}, 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
sendfile(r1, r1, 0x0, 0xe3aa6ea)
creat(&(0x7f0000002380)='./file1\x00', 0x0)

2.017039123s ago: executing program 5 (id=699):
syz_mount_image$cramfs(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x2200400, &(0x7f0000000080)=ANY=[@ANYRES8=0x0], 0xfe, 0x160, &(0x7f0000000200)="$eJzs0M+LEnEYx/H3d+brKKRYZCBBKXTIksAf1C3CiSQhGyi6dBJs+gGKkVDeUqJbB6Grh9q9Lgv7F+jqYdlFL7v/xF68LezRZWbcXZb1P9jndZvP830+D8yLp7OM4tzzVvPrN7fddj+k3zjV8tvD4bDk5RZ0ti7Mg/ejEnxGM9Iw74EXT2Lw8UvDNeqthvc9L0EYsK8tc5rx03t2QtPTkCfYz9yD8S3/ncHlzC0S8vdua7DjQZYDFv/hvgX2jSDz+o4AE5SylsfumPyuZFM3FXQG2c2NvdfT3cqjh8/cP4Vy/0E0aWZ/whq2iuxMPh2Yy63ZtPrKqTqzYqHwpJjLGzze9wu7ffTL6Hd4r0B7fQZ+n0Xyrn4HvxT89W/Nt1UMGP87dprhs3/d/WGmQaUG9VoytF5LXDcwM9qbLFjBnxBZNRJCCCGEEEIIIYQQQgghhBBCCHHVnQQAAP//A2lTBA==")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000000)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x15, r2, 0x0, r1})
getdents(0xffffffffffffffff, 0x0, 0x0)

1.856246145s ago: executing program 6 (id=700):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000086a82, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x3554000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
fadvise64(r1, 0x85f5, 0x4000000005, 0x4)

1.758710898s ago: executing program 7 (id=701):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000005000000fd0900008400", @ANYBLOB], 0x48)

1.757837384s ago: executing program 5 (id=702):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x2000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x4}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x88, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_EMATCHES={0x54, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x48, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x34, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xfffffd05}, @TCA_EM_META_RVALUE={0x12, 0x3, [@TCF_META_TYPE_VAR="f33beaa0a194a86e15e4", @TCF_META_TYPE_INT]}, @TCA_EM_META_LVALUE={0x5, 0x2, [@TCF_META_TYPE_VAR='3']}]}}]}]}]}}]}, 0x88}}, 0x0)

955.197179ms ago: executing program 3 (id=703):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f00000014c0)=0x10000b, 0x4)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x3}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000600)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x1592e566}], 0x2}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3b071, 0xffffffffffffffff, 0x2000)

890.035396ms ago: executing program 5 (id=704):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x8000010}, 0xc0d0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000026c0)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x2, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x2c, 0x2, [@TCA_CGROUP_EMATCHES={0x28, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffc}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x5, 0x1, 0x4}, {0x7, 0x8, 0x200, 0xd, 0xf, 0x1}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000004}, 0x1)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

687.729078ms ago: executing program 6 (id=705):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
fdatasync(r0)

687.562637ms ago: executing program 2 (id=706):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
unshare(0x22020600)

662.930847ms ago: executing program 7 (id=707):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="fffffffbffff0000000000008100592086dd694f9206000811fffe80000000000000000000000000001aff02"], 0x42)

515.971237ms ago: executing program 5 (id=708):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x268})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
read(r0, &(0x7f0000000300)=""/172, 0xdc)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x80000a, 0x31, 0xffffffffffffffff, 0xd0fb8000)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f00000004c0)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})

334.579719ms ago: executing program 6 (id=709):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e20, 0x26, @remote, 0x800}, 0x1c)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x840)
write$nci(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="400404"], 0x7)

313.259562ms ago: executing program 2 (id=710):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x0)

235.31792ms ago: executing program 7 (id=711):
r0 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fchdir(r1)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
unshare(0xa000400)
fchmod(r2, 0x50)

234.535865ms ago: executing program 3 (id=712):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000280)=""/193, 0xc1}], 0x1, 0x0, 0x4)
r1 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r2, {0xa}, {0x0, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040091}, 0x10)

0s ago: executing program 7 (id=713):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
close(0x3)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

kernel console output (not intermixed with test programs):

uct=2, SerialNumber=3
[  135.415822][ T5929] usb 4-1: Product: syz
[  135.426271][ T5929] usb 4-1: Manufacturer: syz
[  135.438958][ T5929] usb 4-1: SerialNumber: syz
[  135.931347][ T5929] usb 4-1: USB disconnect, device number 5
[  137.743193][ T6442] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  137.758884][ T6442] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  137.776236][ T6442] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  137.790195][ T6442] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  137.807841][ T6442] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  138.499308][ T6453] pimreg: entered allmulticast mode
[  140.086652][ T6462] loop2: detected capacity change from 0 to 4096
[  140.098315][ T6462] ntfs3: Unknown parameter '01777777777777777777777'
[  140.555410][ T6464] loop0: detected capacity change from 0 to 512
[  140.607956][ T6464] EXT4-fs: Ignoring removed nobh option
[  140.646581][ T6464] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.140: iget: bad i_size value: 38620345925642
[  140.672415][ T6464] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  140.681819][    C0] EXT4-fs (loop0): error count since last fsck: 1
[  140.697500][    C0] EXT4-fs (loop0): initial error at time 1773926921: ext4_orphan_get:1391: inode 15
[  140.706929][    C0] EXT4-fs (loop0): last error at time 1773926921: ext4_orphan_get:1391: inode 15
[  140.726593][ T6464] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.140: couldn't read orphan inode 15 (err -117)
[  140.757259][ T6464] loop0: lost filesystem error report for type 5 error -117
[  140.765956][ T6464] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.034591][ T6448] loop3: detected capacity change from 0 to 32768
[  141.701419][ T6448] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/loop3": -EINTR
[  141.739622][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.358324][ T5860] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  144.368460][ T5860] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  144.376845][ T5860] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  144.387323][ T5860] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  144.395593][ T5860] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  146.483303][ T5854] Bluetooth: hci5: command tx timeout
[  146.566931][ T6503] chnl_net:caif_netlink_parms(): no params data found
[  147.888571][ T6503] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.914819][ T6503] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.333137][ T6503] bridge_slave_0: entered allmulticast mode
[  148.421111][ T6503] bridge_slave_0: entered promiscuous mode
[  148.436843][ T6503] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.444440][ T6503] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.455620][ T6503] bridge_slave_1: entered allmulticast mode
[  148.485234][ T6503] bridge_slave_1: entered promiscuous mode
[  148.561997][ T5854] Bluetooth: hci5: command tx timeout
[  148.680308][ T6503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.692184][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  148.738976][ T6503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.833684][ T6544] mmap: syz.3.158 (6544) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  148.999734][ T6503] team0: Port device team_slave_0 added
[  149.042834][ T6503] team0: Port device team_slave_1 added
[  149.248183][ T6503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.271174][ T6503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  149.346123][ T6503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.377528][ T6503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.404886][ T6503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  149.548221][ T6503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.893633][ T6503] hsr_slave_0: entered promiscuous mode
[  149.921622][ T6503] hsr_slave_1: entered promiscuous mode
[  149.946733][ T6503] debugfs: 'hsr0' already exists in 'hsr'
[  149.956693][ T6503] Cannot create hsr debugfs directory
[  150.646894][ T5854] Bluetooth: hci5: command tx timeout
[  150.878375][ T6563] loop0: detected capacity change from 0 to 40427
[  150.929336][ T6563] F2FS-fs (loop0): build fault injection rate: 14
[  150.943550][ T6563] F2FS-fs (loop0): build fault injection type: 0xe4
[  150.997178][ T6563] F2FS-fs (loop0): invalid crc value
[  151.086168][ T6563] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[  151.086320][ T6503] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  151.196991][ T6503] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  151.277282][ T6503] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  151.351659][ T6503] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  151.459024][ T6563] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  151.519354][ T6563] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  151.531904][  T995] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  151.683486][ T6563] F2FS-fs (loop0): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x89d/0x2060
[  151.717316][  T995] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  151.745056][  T995] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  151.784176][  T995] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  151.796557][ T6579] F2FS-fs (loop0): inject alloc nid in f2fs_alloc_nid of f2fs_new_inode+0x10f/0xff0
[  151.826257][  T995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.855430][  T995] usb 4-1: Product: syz
[  151.874837][  T995] usb 4-1: Manufacturer: syz
[  151.892995][  T995] usb 4-1: SerialNumber: syz
[  151.934615][  T995] usb 4-1: config 0 descriptor??
[  151.955941][ T6569] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  151.973415][ T6569] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  151.988328][ T6503] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.056720][ T6503] 8021q: adding VLAN 0 to HW filter on device team0
[  152.080194][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.080346][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.094267][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.094434][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.252763][ T6569] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  152.252901][ T6569] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  152.774696][ T5854] Bluetooth: hci5: command tx timeout
[  153.092225][  T995] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  153.165266][ T5839] syz-executor: attempt to access beyond end of device
[  153.165266][ T5839] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  153.181203][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  153.181235][ T5839] Tainted: [L]=SOFTLOCKUP
[  153.181241][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  153.181256][ T5839] Call Trace:
[  153.181268][ T5839]  <TASK>
[  153.181276][ T5839]  dump_stack_lvl+0xe8/0x150
[  153.181315][ T5839]  f2fs_handle_critical_error+0x37c/0x540
[  153.181352][ T5839]  f2fs_write_end_io+0x1274/0x1740
[  153.181394][ T5839]  __submit_merged_bio+0x256/0x700
[  153.181431][ T5839]  __submit_merged_write_cond+0x3c9/0x4e0
[  153.181469][ T5839]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  153.181523][ T5839]  f2fs_write_data_pages+0x287e/0x34f0
[  153.181590][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.181633][ T5839]  ? unwind_get_return_address+0x4d/0x90
[  153.181654][ T5839]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  153.181707][ T5839]  ? check_noncircular+0xda/0x150
[  153.181737][ T5839]  ? lockdep_unlock+0x5d/0xd0
[  153.181763][ T5839]  ? __lock_acquire+0x146e/0x2cf0
[  153.181819][ T5839]  ? do_raw_spin_lock+0x12b/0x2f0
[  153.181856][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[  153.181883][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.181916][ T5839]  do_writepages+0x32e/0x550
[  153.181953][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[  153.181982][ T5839]  filemap_fdatawrite+0x1e9/0x2f0
[  153.182013][ T5839]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  153.182099][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[  153.182131][ T5839]  f2fs_sync_dirty_inodes+0x30e/0x860
[  153.182167][ T5839]  f2fs_write_checkpoint+0x9df/0x26a0
[  153.182224][ T5839]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  153.182304][ T5839]  kill_f2fs_super+0x314/0x720
[  153.182344][ T5839]  ? __pfx_kill_f2fs_super+0x10/0x10
[  153.182391][ T5839]  ? lockdep_hardirqs_on+0x7a/0x110
[  153.182432][ T5839]  deactivate_locked_super+0xbc/0x130
[  153.182466][ T5839]  cleanup_mnt+0x437/0x4d0
[  153.182486][ T5839]  ? _raw_spin_unlock_irq+0x23/0x50
[  153.182514][ T5839]  task_work_run+0x1d9/0x270
[  153.182546][ T5839]  ? __pfx_task_work_run+0x10/0x10
[  153.182585][ T5839]  exit_to_user_mode_loop+0xed/0x480
[  153.182613][ T5839]  ? rcu_is_watching+0x15/0xb0
[  153.182639][ T5839]  do_syscall_64+0x32d/0xf80
[  153.182663][ T5839]  ? trace_irq_disable+0x3b/0x150
[  153.182687][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.182709][ T5839]  ? clear_bhb_loop+0x40/0x90
[  153.182735][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.182756][ T5839] RIP: 0033:0x7ff71f59d9d7
[  153.182784][ T5839] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  153.182800][ T5839] RSP: 002b:00007ffd39bfa718 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  153.182821][ T5839] RAX: 0000000000000000 RBX: 00007ff71f632050 RCX: 00007ff71f59d9d7
[  153.182834][ T5839] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd39bfa7d0
[  153.182846][ T5839] RBP: 00007ffd39bfa7d0 R08: 00007ffd39bfb7d0 R09: 00000000ffffffff
[  153.182860][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd39bfb860
[  153.182872][ T5839] R13: 00007ff71f632050 R14: 000000000002512b R15: 00007ffd39bfb8a0
[  153.182906][ T5839]  </TASK>
[  153.190554][ T5839] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  153.226288][ T6594] loop8: detected capacity change from 0 to 8
[  153.230727][ T6594] Dev loop8: unable to read RDB block 8
[  153.230772][ T6594]  loop8: unable to read partition table
[  153.231014][ T6594] loop8: partition table beyond EOD, truncated
[  153.231079][ T6594] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[  153.504427][  T995] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  153.507179][ T6503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.526866][  T995] usb 4-1: USB disconnect, device number 6
[  153.735062][ T6603] tmpfs: Bad value for 'mpol'
[  154.471549][ T6503] veth0_vlan: entered promiscuous mode
[  154.510207][ T6503] veth1_vlan: entered promiscuous mode
[  154.521960][ T5852] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  154.625149][ T6620] loop2: detected capacity change from 0 to 256
[  154.669208][ T6503] veth0_macvtap: entered promiscuous mode
[  154.682155][ T5852] usb 2-1: Using ep0 maxpacket: 32
[  154.697901][ T5852] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  154.727750][ T6503] veth1_macvtap: entered promiscuous mode
[  154.728960][ T5852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.780650][ T5852] usb 2-1: config 0 descriptor??
[  154.838383][ T6503] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.878871][ T6503] batman_adv: batadv0: Interface activated: batadv_slave_1
[  154.907443][  T180] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.918788][  T180] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.949007][  T180] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.972627][  T180] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.033848][ T5852] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  155.108119][ T5852] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  155.158025][ T6616] loop3: detected capacity change from 0 to 32768
[  155.175984][ T5852] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  155.190312][ T6616] xfs: Deprecated parameter 'attr2'
[  155.196625][ T5852] usb 2-1: media controller created
[  155.263495][ T6616] XFS: attr2 mount option is deprecated.
[  155.308579][ T5852] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  155.364386][ T6616] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  155.470096][ T6616] XFS (loop3): Ending clean mount
[  155.478832][ T1018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.539860][ T1018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.554089][ T6616] XFS (loop3): Quotacheck needed: Please wait.
[  155.645098][ T5852] DVB: Unable to find symbol dib7000p_attach()
[  155.683693][ T5852] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  155.703218][ T6616] XFS (loop3): Quotacheck: Done.
[  155.714227][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.723799][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.883370][ T5852] rc_core: IR keymap rc-dib0700-rc5 not found
[  155.909377][ T5852] Registered IR keymap rc-empty
[  155.916016][ T5852] dvb-usb: could not initialize remote control.
[  155.934694][ T5852] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  155.976623][ T5852] usb 2-1: USB disconnect, device number 4
[  156.013113][ T5840] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  156.198998][ T6646] loop5: detected capacity change from 0 to 32768
[  156.207302][  T808] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  156.229494][ T6646] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.147 (6646)
[  156.278846][ T6646] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  156.290574][ T6646] BTRFS info (device loop5): using sha256 checksum algorithm
[  156.385890][ T5852] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  156.414180][ T6646] BTRFS info (device loop5): enabling ssd optimizations
[  156.422032][ T6646] BTRFS info (device loop5): turning on async discard
[  156.428896][ T6646] BTRFS info (device loop5): enabling free space tree
[  156.531119][  T808] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  156.611637][  T808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.752853][  T808] usb 3-1: Product: syz
[  156.800477][  T808] usb 3-1: Manufacturer: syz
[  156.885500][  T808] usb 3-1: SerialNumber: syz
[  157.261116][  T808] usb 3-1: config 0 descriptor??
[  157.344594][  T808] hub 3-1:0.0: bad descriptor, ignoring hub
[  157.385120][  T808] hub 3-1:0.0: probe with driver hub failed with error -5
[  157.546706][  T808] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  157.587019][  T808] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  157.619600][  T808] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  157.644656][ T6503] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  157.652162][  T808] usb 3-1: media controller created
[  157.722457][  T808] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  157.747887][ T6643] dib0700: tx buffer length is larger than 4. Not supported.
[  158.008718][  T808] DVB: Unable to find symbol dib7000p_attach()
[  158.040439][  T808] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  158.188401][ T6676] sctp: [Deprecated]: syz.5.186 (pid 6676) Use of int in max_burst socket option deprecated.
[  158.188401][ T6676] Use struct sctp_assoc_value instead
[  158.285955][  T808] rc_core: IR keymap rc-dib0700-rc5 not found
[  158.308502][  T808] Registered IR keymap rc-empty
[  158.346331][  T808] dvb-usb: could not initialize remote control.
[  158.365212][  T808] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  158.892953][ T6674] loop3: detected capacity change from 0 to 32768
[  158.924120][ T6674] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  159.024568][  T808] usb 3-1: USB disconnect, device number 4
[  159.047666][ T6674] XFS (loop3): Ending clean mount
[  159.075888][ T6674] XFS (loop3): Quotacheck needed: Please wait.
[  159.496943][ T6674] XFS (loop3): Quotacheck: Done.
[  159.519907][  T808] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  160.019352][ T5840] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  160.292665][ T5852] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  160.465186][ T5852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.494961][ T5852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.522068][ T5852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  160.559493][ T5852] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  160.596346][ T5852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.608638][ T6717] loop2: detected capacity change from 0 to 4096
[  160.629596][ T5852] usb 2-1: config 0 descriptor??
[  160.638917][ T6717] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  160.863153][ T6717] ntfs3(loop2): ino=19, mi_enum_attr
[  160.895319][ T6717] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  161.389377][ T6726] loop5: detected capacity change from 0 to 2048
[  161.443899][ T6726] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  161.490294][ T5852] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  161.517834][ T5852] usb 2-1: USB disconnect, device number 5
[  161.529152][ T6328] udevd[6328]: incorrect nilfs2 checksum on /dev/loop5
[  161.559674][ T6728] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  161.805527][ T6727] fido_id[6727]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  161.962821][   T30] audit: type=1804 audit(1773982056.464:2): pid=6731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.203" name="/newroot/46/file0/bus" dev="loop2" ino=33 res=1 errno=0
[  162.865107][ T6747] netlink: 16302 bytes leftover after parsing attributes in process `syz.3.212'.
[  162.904200][ T6743] loop0: detected capacity change from 0 to 4096
[  162.948151][ T6743] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.075156][ T5929] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  163.170000][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.271862][ T5929] usb 6-1: Using ep0 maxpacket: 8
[  163.299247][ T5929] usb 6-1: config index 0 descriptor too short (expected 30, got 18)
[  163.339023][ T5929] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  163.372388][ T5929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.398522][ T5929] usb 6-1: Product: syz
[  163.416895][ T5929] usb 6-1: Manufacturer: syz
[  163.436576][ T5929] usb 6-1: SerialNumber: syz
[  163.494510][ T5929] usb 6-1: config 0 descriptor??
[  163.592419][ T5999] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  163.707128][ T5929] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  163.715291][ T5929] usb 6-1: setting power ON
[  163.733409][ T5929] dvb-usb: bulk message failed: -22 (2/0)
[  163.743443][ T5929] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  163.762619][ T5929] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  163.772801][ T5999] usb 1-1: Using ep0 maxpacket: 32
[  163.797182][ T5999] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  163.840137][ T5999] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  163.871866][ T5999] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  163.900707][ T5999] usb 1-1: config 1 has no interface number 0
[  163.924362][ T6741] dvb-usb: bulk message failed: -22 (3/0)
[  163.941176][ T5999] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  163.973449][ T6741] dvb-usb: bulk message failed: -22 (3/0)
[  163.984933][ T5999] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  164.038515][ T5999] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  164.058244][ T5999] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.117831][ T5929] usb 6-1: media controller created
[  164.138554][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  164.156174][ T5999] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  164.169265][ T5929] usb 6-1: selecting invalid altsetting 6
[  164.176439][ T5929] usb 6-1: digital interface selection failed (-22)
[  164.183113][ T5929] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  164.192654][ T5929] usb 6-1: setting power OFF
[  164.214234][ T5929] dvb-usb: bulk message failed: -22 (2/0)
[  164.220152][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  164.242282][ T5929] (NULL device *): no alternate interface
[  164.347125][ T5999] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[  164.435279][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  164.461417][ T5929] usb 6-1: USB disconnect, device number 2
[  164.551191][ T6772] loop3: detected capacity change from 0 to 256
[  164.803720][ T5929] usb 1-1: USB disconnect, device number 5
[  164.843553][ T5929] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  166.100327][ T6789] loop2: detected capacity change from 0 to 256
[  166.846441][ T6789] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d)
[  166.980500][   T30] audit: type=1800 audit(1773982061.504:3): pid=6789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.228" name="file2" dev="loop2" ino=1048628 res=0 errno=0
[  167.111479][ T6799] kernel read not supported for file / 
œ7³ÏüâW)ës“§Ç!Q�öì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|�Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 6799 comm: syz.5.232)
[  167.154553][ T6789] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff)
[  167.169206][   T30] audit: type=1800 audit(1773982061.694:4): pid=6799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.232" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=11164 res=0 errno=0
[  167.211973][ T6789] exFAT-fs (loop2): Filesystem has been set read-only
[  167.588105][ T6781] loop3: detected capacity change from 0 to 32768
[  167.624444][ T6781] btrfs: Deprecated parameter 'usebackuproot'
[  167.673031][ T6781] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  167.728010][ T6781] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.226 (6781)
[  167.861614][ T6781] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  167.875589][ T6781] BTRFS info (device loop3): using crc32c checksum algorithm
[  167.952072][ T5852] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  168.023691][ T6826] syzkaller1: entered promiscuous mode
[  168.030728][ T6790] loop0: detected capacity change from 0 to 40427
[  168.031342][ T6781] BTRFS info (device loop3): rebuilding free space tree
[  168.054529][ T6826] syzkaller1: entered allmulticast mode
[  168.067197][ T6790] F2FS-fs (loop0): invalid crc value
[  168.104073][ T5852] usb 6-1: Using ep0 maxpacket: 16
[  168.135172][ T5852] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  168.193199][ T5852] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  168.241470][ T5852] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  168.265344][ T5852] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.283410][ T5852] usb 6-1: Product: syz
[  168.290919][ T5852] usb 6-1: Manufacturer: syz
[  168.303054][ T5852] usb 6-1: SerialNumber: syz
[  168.340058][ T6781] BTRFS info (device loop3): enabling ssd optimizations
[  168.362944][ T6781] BTRFS info (device loop3): using spread ssd allocation scheme
[  168.374005][ T5852] usb 6-1: config 0 descriptor??
[  168.378971][ T6781] BTRFS info (device loop3): turning on flush-on-commit
[  168.378994][ T6781] BTRFS info (device loop3): enabling free space tree
[  168.379011][ T6781] BTRFS info (device loop3): force clearing of disk cache
[  168.379028][ T6781] BTRFS info (device loop3): trying to use backup root at mount time
[  168.409948][ T6790] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  168.425140][ T6781] BTRFS info (device loop3): force zlib compression, level 3
[  168.434781][ T6790] F2FS-fs (loop0): Start checkpoint disabled!
[  168.451061][ T5852] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  168.487999][ T6790] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  168.499449][ T5852] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  168.512965][ T6790] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  168.652866][   T30] audit: type=1800 audit(1773982063.164:5): pid=6790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.229" name="file1" dev="loop0" ino=10 res=0 errno=0
[  168.709355][ T5840] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  168.730521][  T180] kworker/u8:6: attempt to access beyond end of device
[  168.730521][  T180] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  168.753608][  T180] CPU: 1 UID: 0 PID: 180 Comm: kworker/u8:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  168.753640][  T180] Tainted: [L]=SOFTLOCKUP
[  168.753651][  T180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  168.753663][  T180] Workqueue: writeback wb_workfn (flush-7:0)
[  168.753695][  T180] Call Trace:
[  168.753702][  T180]  <TASK>
[  168.753711][  T180]  dump_stack_lvl+0xe8/0x150
[  168.753745][  T180]  f2fs_handle_critical_error+0x37c/0x540
[  168.753781][  T180]  f2fs_write_end_io+0x1274/0x1740
[  168.753844][  T180]  __submit_merged_bio+0x256/0x700
[  168.753879][  T180]  __submit_merged_write_cond+0x3c9/0x4e0
[  168.753918][  T180]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  168.753975][  T180]  f2fs_write_data_pages+0x287e/0x34f0
[  168.754005][  T180]  ? unwind_next_frame+0xa5/0x23c0
[  168.754024][  T180]  ? lock_release+0x4b/0x3d0
[  168.754098][  T180]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.754145][  T180]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  168.754210][  T180]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  168.754278][  T180]  ? __lock_acquire+0x6b5/0x2cf0
[  168.754330][  T180]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.754362][  T180]  do_writepages+0x32e/0x550
[  168.754398][  T180]  ? reacquire_held_locks+0x104/0x190
[  168.754420][  T180]  ? writeback_sb_inodes+0x477/0x1a20
[  168.754455][  T180]  __writeback_single_inode+0x133/0x11a0
[  168.754485][  T180]  ? do_raw_spin_unlock+0xf5/0x210
[  168.754517][  T180]  writeback_sb_inodes+0x992/0x1a20
[  168.754581][  T180]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  168.754606][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.754683][  T180]  ? rcu_is_watching+0x15/0xb0
[  168.754717][  T180]  wb_writeback+0x456/0xb70
[  168.754749][  T180]  ? queue_io+0x1d1/0x4a0
[  168.754786][  T180]  ? __pfx_wb_writeback+0x10/0x10
[  168.754809][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.754856][  T180]  wb_workfn+0x414/0xf50
[  168.754882][  T180]  ? look_up_lock_class+0x57/0x110
[  168.754926][  T180]  ? __pfx_wb_workfn+0x10/0x10
[  168.754953][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.754983][  T180]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  168.755037][  T180]  ? process_one_work+0x8bb/0x1780
[  168.755067][  T180]  process_one_work+0x9ab/0x1780
[  168.755126][  T180]  ? __pfx_process_one_work+0x10/0x10
[  168.755154][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.755202][  T180]  worker_thread+0xba8/0x11e0
[  168.755262][  T180]  kthread+0x388/0x470
[  168.755288][  T180]  ? __pfx_worker_thread+0x10/0x10
[  168.755306][  T180]  ? __pfx_kthread+0x10/0x10
[  168.755333][  T180]  ret_from_fork+0x51e/0xb90
[  168.755367][  T180]  ? __pfx_ret_from_fork+0x10/0x10
[  168.755395][  T180]  ? __switch_to+0xc7d/0x1450
[  168.755427][  T180]  ? __pfx_kthread+0x10/0x10
[  168.755454][  T180]  ret_from_fork_asm+0x1a/0x30
[  168.755497][  T180]  </TASK>
[  168.758089][  T180] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  168.975646][ T5929] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  168.980740][  T995] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  169.118481][ T5852] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  169.130883][ T5852] em28xx 6-1:0.0: Config register raw data: 0x41
[  169.219606][ T5929] usb 3-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40
[  169.229246][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.253282][ T5929] usb 3-1: Product: syz
[  169.266535][  T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  169.272912][ T5929] usb 3-1: Manufacturer: syz
[  169.281019][  T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  169.303598][ T5929] usb 3-1: SerialNumber: syz
[  169.326465][  T995] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  169.349261][ T5852] usb 6-1: USB disconnect, device number 3
[  169.373290][  T995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.429608][ T5852] em28xx 6-1:0.0: Disconnecting em28xx
[  169.458303][  T995] usb 2-1: config 0 descriptor??
[  169.476675][ T5852] em28xx 6-1:0.0: Freeing device
[  169.560846][ T5929] usb 3-1: unit 8 not found!
[  169.577107][ T5929] usb 3-1: unit 6 not found!
[  169.591495][ T5929] usb 3-1: unit 0 not found!
[  169.700938][ T5929] usb 3-1: USB disconnect, device number 5
[  169.885563][  T995] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  169.894041][  T995] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  169.911324][  T995] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0002/input/input7
[  170.027308][  T995] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  170.161370][  T995] usb 2-1: USB disconnect, device number 6
[  170.463151][ T6848] fido_id[6848]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  170.495617][ T5929] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  171.157896][ T6858] siw: device registration error -23
[  172.774135][ T5929] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  172.802262][ T5929] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  172.838145][ T5929] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  172.851856][ T5972] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  172.859714][ T5929] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  172.882595][ T5929] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 171, setting to 64
[  172.939560][ T5929] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  173.030465][ T5929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.051834][ T5929] usb 6-1: Product: syz
[  173.058629][ T5929] usb 6-1: Manufacturer: syz
[  173.077696][ T5972] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4
[  173.099126][ T5972] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023
[  173.110997][ T5929] usb 6-1: SerialNumber: syz
[  173.120662][ T5972] usb 2-1: config 0 interface 0 has no altsetting 0
[  173.135634][ T5972] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  173.150349][ T5972] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  173.159271][ T5972] usb 2-1: Product: syz
[  173.164641][ T5972] usb 2-1: Manufacturer: syz
[  173.169520][ T5972] usb 2-1: SerialNumber: syz
[  173.180328][ T5972] usb 2-1: config 0 descriptor??
[  173.188117][ T5929] usb 6-1: can't set config #1, error -71
[  173.644160][ T5929] usb 6-1: USB disconnect, device number 4
[  173.773076][ T5972] usb 2-1: selecting invalid altsetting 0
[  173.847904][ T6872] syzkaller1: entered promiscuous mode
[  173.873052][ T6872] syzkaller1: entered allmulticast mode
[  174.065688][ T6874] loop5: detected capacity change from 0 to 4096
[  174.094146][ T5972] usb 2-1: USB disconnect, device number 7
[  174.116614][ T6874] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  174.199511][ T6874] ntfs3(loop5): ino=19, mi_enum_attr
[  174.224415][ T6874] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  174.314254][ T5902] udevd[5902]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  176.533873][   T30] audit: type=1804 audit(1773982071.044:6): pid=6898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.250" name="/newroot/16/file0/bus" dev="loop5" ino=33 res=1 errno=0
[  176.596761][   T30] audit: type=1804 audit(1773982071.054:7): pid=6897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.250" name="/newroot/16/file0/bus" dev="loop5" ino=33 res=1 errno=0
[  176.869276][ T6905] loop2: detected capacity change from 0 to 256
[  177.186463][ T6911] syzkaller1: entered promiscuous mode
[  177.227062][ T6911] syzkaller1: entered allmulticast mode
[  177.294476][ T6914] loop2: detected capacity change from 0 to 1024
[  177.985325][ T6914] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.065469][   T30] audit: type=1800 audit(1773982072.594:8): pid=6914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.264" name="file1" dev="loop2" ino=15 res=0 errno=0
[  178.108601][ T6914] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 25 vs 161808409 free clusters
[  178.135604][ T6914] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  178.150562][ T6914] EXT4-fs (loop2): This should not happen!! Data will be lost
[  178.150562][ T6914] 
[  178.225653][   T30] audit: type=1800 audit(1773982072.734:9): pid=6922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.264" name="file1" dev="loop2" ino=15 res=0 errno=0
[  178.259163][ T6914] EXT4-fs (loop2): Total free blocks count 0
[  178.277988][ T6921] loop5: detected capacity change from 0 to 1024
[  178.302891][ T6914] EXT4-fs (loop2): Free/Dirty block details
[  178.316665][ T6922] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 64 with max blocks 4 with error 28
[  178.337599][ T6914] EXT4-fs (loop2): free_blocks=2588934144
[  178.343526][ T6914] EXT4-fs (loop2): dirty_blocks=80
[  178.348765][ T6914] EXT4-fs (loop2): Block reservation details
[  178.355001][ T6914] EXT4-fs (loop2): i_reserved_data_blocks=5
[  178.426773][ T6921] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.833282][ T6503] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.218195][ T6951] loop2: detected capacity change from 0 to 256
[  179.288265][ T6951] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  179.715194][ T6954] loop5: detected capacity change from 0 to 32768
[  180.026901][ T6954] (syz.5.275,6954,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  180.103381][ T6954] (syz.5.275,6954,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  180.362183][ T6954] JBD2: Ignoring recovery information on journal
[  181.251405][ T6954] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  181.372416][ T6954] (syz.5.275,6954,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC.
[  181.529984][ T6954] ocfs2: Unmounting device (7,5) on (node local)
[  182.353562][ T6996] loop2: detected capacity change from 0 to 128
[  182.805844][ T6996] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  182.896081][ T7000] loop1: detected capacity change from 0 to 512
[  182.913787][ T6996] hpfs: filesystem error: improperly stopped
[  182.941475][ T7000] EXT4-fs error (device loop1): ext4_iget_extra_inode:5028: inode #15: comm syz.1.291: corrupted in-inode xattr: e_value size too large
[  182.959675][ T6996] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  182.972506][ T7000] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  182.973466][ T7000] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.291: couldn't read orphan inode 15 (err -117)
[  182.982751][    C0] EXT4-fs (loop1): error count since last fsck: 1
[  182.982771][    C0] EXT4-fs (loop1): initial error at time 1773982077: ext4_iget_extra_inode:5028: inode 15
[  182.982802][    C0] EXT4-fs (loop1): last error at time 1773982077: ext4_iget_extra_inode:5028: inode 15
[  183.030491][ T6996] hpfs: You really don't want any checks? You are crazy...
[  183.064252][ T6996] hpfs: hpfs_map_sector(): read error
[  183.073168][ T7000] loop1: lost filesystem error report for type 5 error -117
[  183.073329][ T6996] hpfs: code page support is disabled
[  183.092801][ T7000] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.106184][ T6996] hpfs: hpfs_map_4sectors(): unaligned read
[  183.125023][ T6996] hpfs: hpfs_map_4sectors(): unaligned read
[  183.135108][ T7006] loop5: detected capacity change from 0 to 1024
[  183.141939][ T6996] hpfs: filesystem error: unable to find root dir
[  183.167069][ T5841] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.169246][ T7006] EXT4-fs: inline encryption not supported
[  183.186588][ T6996] hpfs: hpfs_map_4sectors(): unaligned read
[  183.203267][ T7006] EXT4-fs: Ignoring removed bh option
[  183.229991][ T6996] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at aib
[  183.249499][ T7006] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.436982][ T7006] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4222: comm syz.5.292: Allocating blocks 449-513 which overlap fs metadata
[  183.766995][ T7013] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4222: comm syz.5.292: Allocating blocks 497-513 which overlap fs metadata
[  184.577363][ T7025] netlink: 40 bytes leftover after parsing attributes in process `syz.1.298'.
[  184.847663][ T6503] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.156970][ T7012] loop3: detected capacity change from 0 to 40427
[  185.199800][ T7012] F2FS-fs (loop3): build fault injection rate: 771
[  185.231166][ T7012] F2FS-fs (loop3): invalid crc value
[  186.385074][ T7012] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  186.429379][ T7012] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  186.665128][ T7059] netlink: 'syz.2.312': attribute type 2 has an invalid length.
[  186.970822][ T7070] syzkaller1: entered promiscuous mode
[  186.976472][ T7070] syzkaller1: entered allmulticast mode
[  187.026820][ T7073] loop0: detected capacity change from 0 to 16
[  187.059190][ T7073] erofs (device loop0): mounted with root inode @ nid 36.
[  187.113972][ T7073] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  188.373543][ T7087] batman_adv: batadv0: Adding interface: ip6gretap1
[  188.422334][ T7087] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.492018][ T7087] batman_adv: batadv0: Interface activated: ip6gretap1
[  188.712033][ T5928] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  188.749098][ T7095] loop5: detected capacity change from 0 to 4096
[  188.876626][ T7095] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  188.915235][ T5928] usb 1-1: Using ep0 maxpacket: 8
[  188.934174][ T5928] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  188.952670][ T5928] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  188.976312][ T7095] ntfs3(loop5): Failed to load $Extend (-22).
[  188.986090][ T5928] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  189.002126][ T7095] ntfs3(loop5): Failed to initialize $Extend.
[  189.023908][ T5928] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  189.071995][ T5928] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  189.108608][ T7083] loop1: detected capacity change from 0 to 40427
[  189.117933][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.149601][ T7083] F2FS-fs (loop1): invalid crc value
[  189.378758][ T5928] usb 1-1: GET_CAPABILITIES returned 0
[  189.398767][ T5928] usbtmc 1-1:16.0: can't read capabilities
[  189.505414][ T7083] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  189.528653][ T7083] F2FS-fs (loop1): Start checkpoint disabled!
[  189.555141][ T7083] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  189.570974][ T7114] loop3: detected capacity change from 0 to 2048
[  189.578584][ T7083] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  189.615472][  T995] usb 1-1: USB disconnect, device number 6
[  189.751185][ T5841] syz-executor: attempt to access beyond end of device
[  189.751185][ T5841] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  189.775600][ T7114] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  189.800506][ T5841] syz-executor: attempt to access beyond end of device
[  189.800506][ T5841] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  190.602084][  T180] kworker/u8:6: attempt to access beyond end of device
[  190.602084][  T180] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  190.710204][  T180] CPU: 0 UID: 0 PID: 180 Comm: kworker/u8:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  190.710236][  T180] Tainted: [L]=SOFTLOCKUP
[  190.710244][  T180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  190.710256][  T180] Workqueue: writeback wb_workfn (flush-7:1)
[  190.710287][  T180] Call Trace:
[  190.710295][  T180]  <TASK>
[  190.710303][  T180]  dump_stack_lvl+0xe8/0x150
[  190.710337][  T180]  f2fs_handle_critical_error+0x37c/0x540
[  190.710372][  T180]  f2fs_write_end_io+0x1274/0x1740
[  190.710416][  T180]  __submit_merged_bio+0x256/0x700
[  190.710452][  T180]  __submit_merged_write_cond+0x3c9/0x4e0
[  190.710491][  T180]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  190.710547][  T180]  f2fs_write_data_pages+0x287e/0x34f0
[  190.710624][  T180]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  190.710672][  T180]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  190.710735][  T180]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  190.710794][  T180]  ? __lock_acquire+0x6b5/0x2cf0
[  190.710844][  T180]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  190.710872][  T180]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  190.710914][  T180]  do_writepages+0x32e/0x550
[  190.710949][  T180]  ? reacquire_held_locks+0x104/0x190
[  190.710972][  T180]  ? writeback_sb_inodes+0x477/0x1a20
[  190.711006][  T180]  __writeback_single_inode+0x133/0x11a0
[  190.711036][  T180]  ? do_raw_spin_unlock+0xf5/0x210
[  190.711068][  T180]  writeback_sb_inodes+0x992/0x1a20
[  190.711119][  T180]  ? __lock_acquire+0x6b5/0x2cf0
[  190.711158][  T180]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  190.711187][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  190.711261][  T180]  ? rcu_is_watching+0x15/0xb0
[  190.711295][  T180]  wb_writeback+0x456/0xb70
[  190.711327][  T180]  ? queue_io+0x1d1/0x4a0
[  190.711364][  T180]  ? __pfx_wb_writeback+0x10/0x10
[  190.711388][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  190.711435][  T180]  wb_workfn+0x414/0xf50
[  190.711462][  T180]  ? look_up_lock_class+0x57/0x110
[  190.711504][  T180]  ? __pfx_wb_workfn+0x10/0x10
[  190.711531][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  190.711559][  T180]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  190.711612][  T180]  ? process_one_work+0x8bb/0x1780
[  190.711641][  T180]  process_one_work+0x9ab/0x1780
[  190.711698][  T180]  ? __pfx_process_one_work+0x10/0x10
[  190.711727][  T180]  ? do_raw_spin_lock+0x12b/0x2f0
[  190.711780][  T180]  worker_thread+0xba8/0x11e0
[  190.711833][  T180]  kthread+0x388/0x470
[  190.711861][  T180]  ? __pfx_worker_thread+0x10/0x10
[  190.711880][  T180]  ? __pfx_kthread+0x10/0x10
[  190.711915][  T180]  ret_from_fork+0x51e/0xb90
[  190.711950][  T180]  ? __pfx_ret_from_fork+0x10/0x10
[  190.711979][  T180]  ? __switch_to+0xc7d/0x1450
[  190.712011][  T180]  ? __pfx_kthread+0x10/0x10
[  190.712038][  T180]  ret_from_fork_asm+0x1a/0x30
[  190.712081][  T180]  </TASK>
[  191.018045][  T180] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  191.929850][  T180] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.984836][ T7146] loop3: detected capacity change from 0 to 8192
[  192.019240][   T30] audit: type=1800 audit(1773982086.544:10): pid=7146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.345" name="file2" dev="loop3" ino=1048633 res=0 errno=0
[  192.096372][ T7131] loop2: detected capacity change from 0 to 40427
[  192.106194][ T7131] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  192.111371][ T7146] syz.3.345: attempt to access beyond end of device
[  192.111371][ T7146] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  192.124808][ T7131] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  192.161011][ T7146] Buffer I/O error on dev loop3, logical block 57847, async page read
[  192.323794][  T180] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.348344][ T7146] syz.3.345: attempt to access beyond end of device
[  192.348344][ T7146] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  192.416012][ T7146] Buffer I/O error on dev loop3, logical block 57847, async page read
[  192.505120][ T7150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  192.558884][ T7150] FAT-fs (loop3): Filesystem has been set read-only
[  192.571542][ T7131] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  192.616882][ T7131] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  192.629413][ T7150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  192.641657][  T180] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.648048][ T7131] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  192.963456][ T5860] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  192.977319][ T5860] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  192.986329][ T5860] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  192.994611][  T180] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.018299][ T5860] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  193.030066][ T5860] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  193.322113][ T7163] syzkaller1: entered promiscuous mode
[  193.347542][ T7163] syzkaller1: entered allmulticast mode
[  193.417524][ T7175] loop3: detected capacity change from 0 to 4096
[  193.449398][ T7175] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  193.519974][ T7175] ntfs3(loop3): ino=19, mi_enum_attr
[  193.551640][ T7175] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  194.212841][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  194.222702][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  194.612530][   T30] audit: type=1804 audit(1773982089.134:11): pid=7191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.352" name="/newroot/71/file0/bus" dev="loop3" ino=33 res=1 errno=0
[  195.076186][  T180] team0: left allmulticast mode
[  195.076230][  T180] team_slave_0: left allmulticast mode
[  195.076259][  T180] team_slave_1: left allmulticast mode
[  195.076303][  T180] team0: left promiscuous mode
[  195.076316][  T180] team_slave_0: left promiscuous mode
[  195.079666][  T180] team_slave_1: left promiscuous mode
[  195.082136][  T180] bridge0: port 3(team0) entered disabled state
[  195.123164][ T5854] Bluetooth: hci3: command tx timeout
[  195.191276][  T180] bridge_slave_1: left allmulticast mode
[  195.209396][  T180] bridge_slave_1: left promiscuous mode
[  195.217485][  T180] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.246347][  T180] bridge_slave_0: left allmulticast mode
[  195.254475][  T180] bridge_slave_0: left promiscuous mode
[  195.264009][  T180] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.317464][  T180] pimreg: left allmulticast mode
[  195.861017][ T7196] loop0: detected capacity change from 0 to 32768
[  195.926115][ T7196] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.368 (7196)
[  196.057090][ T7196] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  196.118179][ T7196] BTRFS info (device loop0): using crc32c checksum algorithm
[  196.390567][ T7196] BTRFS info (device loop0): enabling ssd optimizations
[  196.438946][ T7196] BTRFS info (device loop0): turning on flush-on-commit
[  196.446822][ T7196] BTRFS info (device loop0): enabling free space tree
[  196.454019][ T7196] BTRFS info (device loop0): enabling auto defrag
[  196.495372][ T7196] BTRFS info (device loop0): use lzo compression, level 1
[  196.532071][ T7196] BTRFS info (device loop0): max_inline set to 4096
[  196.661525][  T180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.704320][  T180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.752747][  T180] bond0 (unregistering): Released all slaves
[  197.104367][ T5839] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  197.201907][ T5854] Bluetooth: hci3: command tx timeout
[  197.525856][ T5999] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  197.722208][ T1567] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  197.749025][ T5999] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  197.790186][ T5999] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.827149][ T5999] usb 6-1: Product: syz
[  197.851090][ T5999] usb 6-1: Manufacturer: syz
[  197.880276][ T5999] usb 6-1: SerialNumber: syz
[  197.893843][ T1567] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.925835][ T1567] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.965000][ T1567] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  197.974665][ T1567] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  197.983170][ T1567] usb 1-1: Manufacturer: syz
[  198.002485][ T1567] usb 1-1: config 0 descriptor??
[  198.460756][ T7252] loop5: detected capacity change from 0 to 7
[  198.470384][ T5999] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  198.486535][ T7252] Dev loop5: unable to read RDB block 7
[  198.498369][ T7252]  loop5: AHDI p1 p2
[  198.507258][ T7252] loop5: partition table partially beyond EOD, truncated
[  198.532724][ T7252] loop5: p1 size 150995456 extends beyond EOD, truncated
[  198.565122][ T5999] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  198.644196][ T7162] chnl_net:caif_netlink_parms(): no params data found
[  198.712846][ T6090] udevd[6090]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  199.037496][ T1567] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #100: -71
[  199.067206][ T1567] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71
[  199.089802][ T1567] uclogic 0003:256C:006D.0003: failed probing pen v1 parameters: -71
[  199.101841][  T180] hsr_slave_0: left promiscuous mode
[  199.118896][ T1567] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[  199.140852][  T180] hsr_slave_1: left promiscuous mode
[  199.153685][ T1567] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71
[  199.160684][  T180] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  199.192263][ T1567] usb 1-1: USB disconnect, device number 7
[  199.198401][  T180] batman_adv: batadv0: Removing interface: batadv_slave_0
[  199.225439][ T5999] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  199.245573][  T180] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  199.267116][ T5999] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  199.277256][  T180] batman_adv: batadv0: Removing interface: batadv_slave_1
[  199.307097][ T5860] Bluetooth: hci3: command tx timeout
[  199.360043][ T5999] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  199.409222][ T5999] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71
[  199.439997][ T5999] usb 6-1: USB disconnect, device number 5
[  199.485855][ T7265] loop3: detected capacity change from 0 to 512
[  199.518034][  T180] veth1_macvtap: left promiscuous mode
[  199.523770][ T7265] EXT4-fs: Ignoring removed orlov option
[  199.541231][  T180] veth0_macvtap: left promiscuous mode
[  199.550821][  T180] veth1_vlan: left promiscuous mode
[  199.569618][  T180] veth0_vlan: left promiscuous mode
[  199.591167][ T7265] EXT4-fs (loop3): Test dummy encryption mode enabled
[  199.618188][ T7265] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  199.635459][ T7265] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  199.696387][ T7265] EXT4-fs (loop3): 1 truncate cleaned up
[  199.706189][ T7265] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.732580][ T7265] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  199.808281][   T36] Bluetooth: (null): Invalid header checksum
[  199.872441][ T7275] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  199.990926][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.507152][  T180] team0 (unregistering): Port device team_slave_1 removed
[  200.564185][  T180] team0 (unregistering): Port device team_slave_0 removed
[  201.384015][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  201.390698][ T5161] Bluetooth: hci1: command 0x0406 tx timeout
[  201.396817][   T51] Bluetooth: hci3: command tx timeout
[  201.402329][ T5161] Bluetooth: hci2: command 0x0406 tx timeout
[  201.409066][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  201.867792][ T7162] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.877308][ T7305] loop5: detected capacity change from 0 to 1024
[  201.903564][ T7305] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.914339][ T7162] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.990608][ T7162] bridge_slave_0: entered allmulticast mode
[  202.029960][ T7162] bridge_slave_0: entered promiscuous mode
[  202.058675][ T7162] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.082337][ T7162] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.114420][ T7162] bridge_slave_1: entered allmulticast mode
[  202.145861][ T7162] bridge_slave_1: entered promiscuous mode
[  202.155785][ T7310] loop2: detected capacity change from 0 to 128
[  202.931171][ T7314] bridge_slave_0: left allmulticast mode
[  202.937197][ T7314] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.959806][ T7314] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  203.016158][ T7162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.140936][ T7310] syz.2.382: attempt to access beyond end of device
[  203.140936][ T7310] loop2: rw=2049, sector=145, nr_sectors = 8 limit=128
[  203.179127][ T7310] syz.2.382: attempt to access beyond end of device
[  203.179127][ T7310] loop2: rw=2049, sector=161, nr_sectors = 8 limit=128
[  203.215175][ T7310] syz.2.382: attempt to access beyond end of device
[  203.215175][ T7310] loop2: rw=2049, sector=177, nr_sectors = 8 limit=128
[  203.249331][ T7162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.258657][ T7310] syz.2.382: attempt to access beyond end of device
[  203.258657][ T7310] loop2: rw=2049, sector=193, nr_sectors = 8 limit=128
[  203.302673][ T7298] loop3: detected capacity change from 0 to 40427
[  203.310144][ T7310] syz.2.382: attempt to access beyond end of device
[  203.310144][ T7310] loop2: rw=2049, sector=209, nr_sectors = 8 limit=128
[  203.329986][ T7298] F2FS-fs: heap/no_heap options were deprecated
[  203.337153][ T7162] team0: Port device team_slave_0 added
[  203.345579][ T7310] syz.2.382: attempt to access beyond end of device
[  203.345579][ T7310] loop2: rw=2049, sector=225, nr_sectors = 8 limit=128
[  203.367759][ T7162] team0: Port device team_slave_1 added
[  203.396609][ T7298] F2FS-fs (loop3): build fault injection rate: 19
[  203.419134][ T7298] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  203.439927][ T7310] syz.2.382: attempt to access beyond end of device
[  203.439927][ T7310] loop2: rw=2049, sector=241, nr_sectors = 8 limit=128
[  203.456834][ T7298] F2FS-fs (loop3): invalid crc value
[  203.511603][ T7298] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[  203.515311][ T7310] syz.2.382: attempt to access beyond end of device
[  203.515311][ T7310] loop2: rw=2049, sector=257, nr_sectors = 8 limit=128
[  203.557554][ T7162] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.581212][ T7310] syz.2.382: attempt to access beyond end of device
[  203.581212][ T7310] loop2: rw=2049, sector=273, nr_sectors = 8 limit=128
[  203.600624][ T7162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  203.649253][ T7310] syz.2.382: attempt to access beyond end of device
[  203.649253][ T7310] loop2: rw=2049, sector=289, nr_sectors = 8 limit=128
[  203.697396][ T7162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.756709][ T7162] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.791018][ T7162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  203.834361][ T7298] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  203.898368][ T7298] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  203.913653][ T7162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.940893][ T7298] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  204.025869][ T7298] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060
[  204.069902][ T7330] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80
[  204.113299][ T7298] F2FS-fs (loop3): inject inconsistent footer in f2fs_sanity_check_node_footer of __get_node_folio+0x8b5/0xe90
[  204.142803][ T7298] F2FS-fs (loop3): inconsistent node block, node_type:3, nid:11, node_footer[nid:11,ino:3,ofs:2041,cpver:0,blkaddr:0]
[  204.235985][ T5840] F2FS-fs (loop3): inject inconsistent footer in f2fs_sanity_check_node_footer of __write_node_folio+0x5ba/0x1a50
[  204.236608][ T7162] hsr_slave_0: entered promiscuous mode
[  204.255689][ T5840] F2FS-fs (loop3): inconsistent node block, node_type:0, nid:14, node_footer[nid:14,ino:14,ofs:0,cpver:0,blkaddr:0]
[  204.285449][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  204.285482][ T5840] Tainted: [L]=SOFTLOCKUP
[  204.285489][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  204.285501][ T5840] Call Trace:
[  204.285509][ T5840]  <TASK>
[  204.285518][ T5840]  dump_stack_lvl+0xe8/0x150
[  204.285558][ T5840]  f2fs_handle_critical_error+0x37c/0x540
[  204.285595][ T5840]  __write_node_folio+0x5dd/0x1a50
[  204.285640][ T5840]  ? __pfx___write_node_folio+0x10/0x10
[  204.285678][ T5840]  ? f2fs_inode_chksum_set+0x13e/0x640
[  204.285712][ T5840]  ? folio_clear_dirty_for_io+0x1d4/0x710
[  204.285738][ T5840]  ? folio_clear_dirty_for_io+0x570/0x710
[  204.285764][ T5840]  ? folio_clear_dirty_for_io+0x1d4/0x710
[  204.285794][ T5840]  f2fs_sync_node_pages+0xeb4/0x1680
[  204.285851][ T5840]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  204.285927][ T5840]  f2fs_write_checkpoint+0xeb8/0x26a0
[  204.285986][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  204.286066][ T5840]  kill_f2fs_super+0x314/0x720
[  204.286105][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  204.286151][ T5840]  ? lockdep_hardirqs_on+0x7a/0x110
[  204.286193][ T5840]  deactivate_locked_super+0xbc/0x130
[  204.286226][ T5840]  cleanup_mnt+0x437/0x4d0
[  204.286247][ T5840]  ? _raw_spin_unlock_irq+0x23/0x50
[  204.286274][ T5840]  task_work_run+0x1d9/0x270
[  204.286306][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  204.286345][ T5840]  exit_to_user_mode_loop+0xed/0x480
[  204.286373][ T5840]  ? rcu_is_watching+0x15/0xb0
[  204.286399][ T5840]  do_syscall_64+0x32d/0xf80
[  204.286423][ T5840]  ? trace_irq_disable+0x3b/0x150
[  204.286448][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.286469][ T5840]  ? clear_bhb_loop+0x40/0x90
[  204.286495][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.286516][ T5840] RIP: 0033:0x7f44c359d9d7
[  204.286536][ T5840] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  204.286552][ T5840] RSP: 002b:00007ffe355a8098 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  204.286573][ T5840] RAX: 0000000000000000 RBX: 00007f44c3632050 RCX: 00007f44c359d9d7
[  204.286586][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe355a8150
[  204.286598][ T5840] RBP: 00007ffe355a8150 R08: 00007ffe355a9150 R09: 00000000ffffffff
[  204.286612][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe355a91e0
[  204.286624][ T5840] R13: 00007f44c3632050 R14: 0000000000031d75 R15: 00007ffe355a9220
[  204.286658][ T5840]  </TASK>
[  204.540729][ T5840] F2FS-fs (loop3): Stopped filesystem due to reason: 9
[  204.553698][ T7162] hsr_slave_1: entered promiscuous mode
[  204.560873][ T7162] debugfs: 'hsr0' already exists in 'hsr'
[  204.567885][ T7162] Cannot create hsr debugfs directory
[  205.000277][ T6503] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.081162][ T7329] loop2: detected capacity change from 0 to 32768
[  205.093256][ T7329] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.384 (7329)
[  205.121381][ T7162] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  205.148008][ T7329] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  205.176417][ T7329] BTRFS info (device loop2): using crc32c checksum algorithm
[  205.206612][ T7162] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  205.343293][ T7162] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  205.378791][ T7162] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  205.437770][ T7329] BTRFS info (device loop2): enabling ssd optimizations
[  205.496855][ T7329] BTRFS info (device loop2): turning on flush-on-commit
[  205.546486][ T7329] BTRFS info (device loop2): enabling free space tree
[  205.580620][ T7329] BTRFS info (device loop2): enabling auto defrag
[  205.618790][ T7329] BTRFS info (device loop2): use lzo compression, level 1
[  205.655334][ T7329] BTRFS info (device loop2): max_inline set to 4096
[  205.785938][ T7162] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.936759][ T7162] 8021q: adding VLAN 0 to HW filter on device team0
[  206.177085][  T180] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.184375][  T180] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.400942][ T5842] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  207.352478][  T137] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.359714][  T137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.099022][ T7398] option changes via remount are deprecated (pid=7397 comm=syz.5.397)
[  208.705580][ T7162] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.719049][ T7421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.401'.
[  208.750034][ T7421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.401'.
[  209.247885][ T7426] syzkaller0: entered promiscuous mode
[  209.264249][ T7426] syzkaller0: entered allmulticast mode
[  211.136326][ T5859] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  212.259334][ T7162] veth0_vlan: entered promiscuous mode
[  212.338610][ T7162] veth1_vlan: entered promiscuous mode
[  212.541504][ T7162] veth0_macvtap: entered promiscuous mode
[  212.649422][ T7162] veth1_macvtap: entered promiscuous mode
[  212.798816][ T7162] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.883308][ T7162] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.957179][ T1018] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.986354][ T1018] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.996224][ T1018] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  213.070647][ T1018] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  213.343545][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.375007][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.411906][ T5999] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  213.506991][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.519501][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.620207][ T5999] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  213.663924][ T5999] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  213.707367][ T5999] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  213.747450][ T5999] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  213.789899][ T5999] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  213.837287][ T5999] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  213.874975][ T5999] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  213.911081][ T5999] usb 1-1: Product: syz
[  213.925150][ T5999] usb 1-1: Manufacturer: syz
[  213.976171][ T5999] cdc_wdm 1-1:1.0: skipping garbage
[  214.007902][ T5999] cdc_wdm 1-1:1.0: skipping garbage
[  214.119764][ T5999] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  214.152604][ T5999] cdc_wdm 1-1:1.0: Unknown control protocol
[  214.511987][ T1567] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  214.682950][ T7507] loop3: detected capacity change from 0 to 4096
[  214.723213][ T1567] usb 3-1: Using ep0 maxpacket: 8
[  214.727897][ T1567] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  214.727926][ T1567] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.727940][ T1567] usb 3-1: Product: syz
[  214.727951][ T1567] usb 3-1: Manufacturer: syz
[  214.727961][ T1567] usb 3-1: SerialNumber: syz
[  214.793090][ T1567] usb 3-1: config 0 descriptor??
[  214.807086][ T1567] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  215.228945][ T7525] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[  215.771541][ T7537] Bluetooth: MGMT ver 1.23
[  216.027130][ T1567] gspca_sonixj: reg_w1 err -71
[  216.081930][ T1567] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  216.105512][ T1567] usb 3-1: USB disconnect, device number 6
[  216.169029][  T995] usb 1-1: USB disconnect, device number 8
[  216.432732][ T7539] loop3: detected capacity change from 0 to 32768
[  216.462333][ T7539] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.435 (7539)
[  216.525584][ T7539] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  216.551877][ T7539] BTRFS info (device loop3): using sha256 checksum algorithm
[  216.600009][ T7541] loop5: detected capacity change from 0 to 32768
[  216.656610][ T7541] btrfs: Deprecated parameter 'usebackuproot'
[  216.721002][ T7541] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  216.754125][ T7541] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.434 (7541)
[  216.819650][ T7541] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  216.857449][ T7539] BTRFS info (device loop3): enabling ssd optimizations
[  216.886650][ T7541] BTRFS info (device loop5): using crc32c checksum algorithm
[  216.888294][ T7539] BTRFS info (device loop3): turning on async discard
[  216.950069][ T7539] BTRFS info (device loop3): enabling free space tree
[  216.981116][ T7539] BTRFS info (device loop3): enabling auto defrag
[  217.009760][ T7539] BTRFS info (device loop3): max_inline set to 4096
[  217.096614][ T6539] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  217.231385][ T7541] BTRFS error (device loop5): failed to load root extent
[  217.268374][ T7541] BTRFS warning (device loop5): try to load backup roots slot 1
[  217.294220][ T6539] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  217.346538][ T7541] BTRFS warning (device loop5): couldn't read tree root
[  217.382840][ T7541] BTRFS warning (device loop5): try to load backup roots slot 2
[  217.433899][ T1018] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  217.493448][ T7541] BTRFS warning (device loop5): couldn't read tree root
[  217.510697][ T7541] BTRFS warning (device loop5): try to load backup roots slot 3
[  217.680837][ T7541] BTRFS info (device loop5): rebuilding free space tree
[  217.825734][ T5840] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  217.901657][ T7541] BTRFS info (device loop5): checking UUID tree
[  217.957545][ T7541] BTRFS info (device loop5): enabling ssd optimizations
[  217.995026][ T7541] BTRFS info (device loop5): turning on async discard
[  218.003948][ T7541] BTRFS info (device loop5): enabling free space tree
[  218.023858][ T7541] BTRFS info (device loop5): force clearing of disk cache
[  218.047693][ T7541] BTRFS info (device loop5): enabling auto defrag
[  218.070507][ T7541] BTRFS info (device loop5): trying to use backup root at mount time
[  218.097891][ T7541] BTRFS info (device loop5): use zstd compression, level 3
[  218.717146][ T7613] loop3: detected capacity change from 0 to 128
[  218.750021][ T6503] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  218.766709][ T7613] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  218.837594][ T7613] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  218.918826][ T7615] loop0: detected capacity change from 0 to 512
[  219.018032][   T30] audit: type=1800 audit(1773982113.534:12): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.448" name="bus" dev="loop3" ino=1048640 res=0 errno=0
[  219.193469][   T12] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  219.239067][ T7615] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  219.292124][ T7615] ext4 filesystem being mounted at /85/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  219.428106][   T30] audit: type=1800 audit(1773982113.954:13): pid=7629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.450" name="file2" dev="loop0" ino=16 res=0 errno=0
[  219.430295][ T5999] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  219.532103][   T30] audit: type=1804 audit(1773982113.994:14): pid=7629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.450" name="/newroot/85/bus/file1" dev="loop0" ino=15 res=1 errno=0
[  219.636960][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.712086][ T5999] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  220.485137][ T7633] loop5: detected capacity change from 0 to 32768
[  220.584288][   T30] audit: type=1800 audit(1773982115.114:15): pid=7633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.449" name="file1" dev="loop5" ino=7 res=0 errno=0
[  220.925489][ T7653] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  221.409211][ T7648] loop3: detected capacity change from 0 to 32768
[  221.507846][ T7648] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.459 (7648)
[  221.589601][ T7660] capability: warning: `syz.6.465' uses deprecated v2 capabilities in a way that may be insecure
[  221.614982][ T7648] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.664184][ T7648] BTRFS info (device loop3): using crc32c checksum algorithm
[  221.877923][ T7648] BTRFS info (device loop3): enabling ssd optimizations
[  221.885996][ T7648] BTRFS info (device loop3): turning on flush-on-commit
[  221.893939][ T7648] BTRFS info (device loop3): enabling free space tree
[  221.945078][ T7648] BTRFS info (device loop3): enabling auto defrag
[  221.947905][ T5859] Bluetooth: unknown link type 128
[  221.993534][ T7648] BTRFS info (device loop3): use lzo compression, level 1
[  222.021243][ T7648] BTRFS info (device loop3): max_inline set to 4096
[  222.030589][ T7673] loop2: detected capacity change from 0 to 4096
[  222.098527][ T7673] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  222.271544][ T7673] ntfs3(loop2): ino=3, ntfs_set_state failed, -22.
[  222.442017][ T5928] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  222.499118][   T12] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22.
[  222.538604][ T5842] ntfs3(loop2): ino=3, ntfs_set_state failed, -22.
[  222.581938][ T5842] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  222.618061][ T5840] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  222.643412][ T5842] ntfs3(loop2): ino=3, ntfs_set_state failed, -22.
[  222.668270][ T5928] usb 7-1: Using ep0 maxpacket: 8
[  222.686767][ T5928] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  222.689065][   T12] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22.
[  222.735760][ T5928] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  222.781303][ T5928] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.830988][ T5928] usb 7-1: config 0 descriptor??
[  223.101397][ T5928] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  223.591683][ T1567] usb 7-1: USB disconnect, device number 2
[  224.001803][ T5859] Bluetooth: hci3: command tx timeout
[  226.300692][ T7767] loop6: detected capacity change from 0 to 32768
[  226.434668][ T7767] JBD2: Ignoring recovery information on journal
[  226.542547][ T7767] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  226.905455][ T5999] IPVS: starting estimator thread 0...
[  226.931613][   T30] audit: type=1800 audit(1773982121.454:16): pid=7808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.491" name="file1" dev="loop6" ino=17059 res=0 errno=0
[  227.044965][ T7813] IPVS: using max 26 ests per chain, 62400 per kthread
[  227.057633][ T7815] loop3: detected capacity change from 0 to 512
[  227.326498][ T7162] ocfs2: Unmounting device (7,6) on (node local)
[  227.748694][ T7795] loop0: detected capacity change from 0 to 32768
[  227.818883][ T7795] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  228.109686][ T7795] XFS (loop0): Ending clean mount
[  228.273954][ T7795] XFS (loop0): Quotacheck needed: Please wait.
[  228.456765][ T7795] XFS (loop0): Quotacheck: Done.
[  228.598016][ T7836] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.715997][   T30] audit: type=1800 audit(1773982123.244:17): pid=7849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.499" name="file1" dev="loop0" ino=4422 res=0 errno=0
[  228.900149][ T5839] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  229.327599][ T7864] loop6: detected capacity change from 0 to 4096
[  229.387240][ T7864] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  229.440637][ T7864] EXT4-fs (loop6): Test dummy encryption mode enabled
[  229.529191][ T7864] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.684026][ T7864] EXT4-fs (loop6): shut down requested (1)
[  229.723360][ T7864] EXT4-fs warning (device loop6): ext4_empty_dir:3097: inode #12: comm syz.6.513: directory missing '..'
[  229.896639][ T7162] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.545876][ T7909] netlink: 8 bytes leftover after parsing attributes in process `syz.6.521'.
[  230.578005][ T7869] loop3: detected capacity change from 0 to 32768
[  230.867434][ T7869] read_mapping_page failed!
[  230.918654][ T7869] ERROR: (device loop3): txCommit: 
[  230.918654][ T7869] 
[  230.953893][ T5972] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  231.197047][ T5972] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  231.289246][ T5972] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  231.354238][ T5972] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  231.389018][ T5972] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  231.421889][ T5972] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  231.443825][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.504230][ T5972] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  231.523165][ T5972] usb 1-1: invalid MIDI out EP 0
[  231.652146][ T7897] loop5: detected capacity change from 0 to 32768
[  231.735430][ T7897] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  231.969421][ T7897] XFS (loop5): Ending clean mount
[  232.079583][ T7897] XFS (loop5): Quotacheck needed: Please wait.
[  232.378100][ T7897] XFS (loop5): Quotacheck: Done.
[  232.938999][ T6503] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  233.070547][ T5972] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  233.119940][ T5972] usb 1-1: USB disconnect, device number 9
[  233.420761][ T7981] Bluetooth: hci0: service_discovery: too big uuid_count value 39717
[  233.458459][ T7963] loop2: detected capacity change from 0 to 32768
[  233.553247][ T7963] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  233.679158][ T7963] XFS (loop2): Ending clean mount
[  233.728945][ T7978] loop3: detected capacity change from 0 to 32768
[  233.835445][ T7978] read_mapping_page failed!
[  233.857816][ T7978] ERROR: (device loop3): txCommit: 
[  233.857816][ T7978] 
[  233.959971][ T5842] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  234.129014][ T8001] loop6: detected capacity change from 0 to 1024
[  235.039440][ T7999] loop0: detected capacity change from 0 to 32768
[  235.065963][ T8017] loop5: detected capacity change from 0 to 2048
[  235.090953][ T7999] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.545 (7999)
[  235.199401][ T8017] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  235.234085][ T7999] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  235.303633][ T7999] BTRFS info (device loop0): using crc32c checksum algorithm
[  235.376543][ T8017] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  235.413374][ T8017] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  235.426124][ T8017] EXT4-fs (loop5): This should not happen!! Data will be lost
[  235.426124][ T8017] 
[  235.452902][ T8017] EXT4-fs (loop5): Total free blocks count 0
[  235.489449][ T8017] EXT4-fs (loop5): Free/Dirty block details
[  235.516945][ T7999] BTRFS info (device loop0): enabling ssd optimizations
[  235.524210][ T8017] EXT4-fs (loop5): free_blocks=66060288
[  235.524251][ T8017] EXT4-fs (loop5): dirty_blocks=48
[  235.524266][ T8017] EXT4-fs (loop5): Block reservation details
[  235.524280][ T8017] EXT4-fs (loop5): i_reserved_data_blocks=3
[  235.623594][ T7999] BTRFS info (device loop0): turning on flush-on-commit
[  235.654663][ T7999] BTRFS info (device loop0): enabling free space tree
[  235.690196][ T7999] BTRFS info (device loop0): enabling auto defrag
[  235.729390][ T7999] BTRFS info (device loop0): use lzo compression, level 1
[  235.773890][ T7999] BTRFS info (device loop0): max_inline set to 4096
[  236.287594][ T7924] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[  236.383055][ T5839] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  237.492420][ T8073] netlink: 830 bytes leftover after parsing attributes in process `syz.0.552'.
[  237.518081][ T8073] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.552'.
[  237.534417][ T8073] bridge_slave_1: default FDB implementation only supports local addresses
[  237.572757][ T1567] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  237.756716][ T1567] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  237.786328][ T1567] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  237.823826][ T1567] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  237.856778][ T1567] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.885193][ T1567] usb 6-1: config 0 descriptor??
[  238.287838][ T8085] loop2: detected capacity change from 0 to 32768
[  238.307090][ T8085] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.557 (8085)
[  238.355123][ T1567] elan 0003:04F3:0755.0005: unknown main item tag 0x0
[  238.386146][ T1567] elan 0003:04F3:0755.0005: unknown main item tag 0x0
[  238.407022][ T1567] elan 0003:04F3:0755.0005: unknown main item tag 0x0
[  238.426125][ T8085] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  238.427712][ T1567] elan 0003:04F3:0755.0005: unknown main item tag 0x0
[  238.472694][ T1567] elan 0003:04F3:0755.0005: unknown main item tag 0x0
[  238.473543][ T8085] BTRFS info (device loop2): using sha256 checksum algorithm
[  238.489439][ T1567] elan 0003:04F3:0755.0005: failed to start in urb: -90
[  238.530884][ T1567] elan 0003:04F3:0755.0005: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0
[  238.622606][ T1567] usb 6-1: USB disconnect, device number 6
[  238.654290][ T8085] BTRFS info (device loop2): enabling ssd optimizations
[  238.689521][ T8085] BTRFS info (device loop2): turning on async discard
[  238.739062][ T8085] BTRFS info (device loop2): enabling free space tree
[  238.766013][ T8085] BTRFS info (device loop2): enabling auto defrag
[  238.796709][ T8085] BTRFS info (device loop2): max_inline set to 4096
[  238.974774][ T8090] loop6: detected capacity change from 0 to 32768
[  239.071279][ T8090] read_mapping_page failed!
[  239.105976][ T8090] ERROR: (device loop6): txCommit: 
[  239.105976][ T8090] 
[  239.254355][ T5842] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  239.273773][ T8090] ERROR: (device loop6): diAllocBit: iag inconsistent
[  239.273773][ T8090] 
[  239.302932][ T8090] ialloc: diAlloc returned -5!
[  239.919607][ T8123] loop2: detected capacity change from 0 to 4096
[  240.065662][ T1567] IPVS: starting estimator thread 0...
[  240.172084][ T8126] IPVS: using max 30 ests per chain, 72000 per kthread
[  241.931863][ T5999] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  242.724966][ T5999] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  242.751825][ T5999] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  242.768088][ T5999] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  242.783352][ T5999] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.812140][ T5999] usb 3-1: Product: syz
[  242.824112][ T5999] usb 3-1: Manufacturer: syz
[  242.840692][ T5999] usb 3-1: SerialNumber: syz
[  242.872980][ T5999] usb 3-1: config 0 descriptor??
[  242.897157][ T8150] loop5: detected capacity change from 0 to 1024
[  242.899704][ T8140] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  242.948941][ T8140] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  243.163668][ T8147] loop3: detected capacity change from 0 to 32768
[  243.186713][ T8140] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  243.196228][ T8147] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.571 (8147)
[  243.221538][ T8140] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  243.263172][ T8147] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  243.274690][ T8147] BTRFS info (device loop3): using crc32c checksum algorithm
[  243.339488][ T8147] BTRFS info (device loop3): enabling ssd optimizations
[  243.348311][ T8147] BTRFS info (device loop3): turning on flush-on-commit
[  243.357239][ T8147] BTRFS info (device loop3): enabling free space tree
[  243.366108][ T8147] BTRFS info (device loop3): enabling auto defrag
[  243.374019][ T8147] BTRFS info (device loop3): use lzo compression, level 1
[  243.384261][ T8147] BTRFS info (device loop3): max_inline set to 4096
[  243.451990][ T5929] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  243.513236][ T8173] loop5: detected capacity change from 0 to 256
[  243.565799][ T8173] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d)
[  243.639587][ T5999] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  243.653051][ T5929] usb 7-1: Using ep0 maxpacket: 8
[  243.668883][   T30] audit: type=1800 audit(1773982138.194:18): pid=8173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.576" name="file2" dev="loop5" ino=1048642 res=0 errno=0
[  243.717027][ T5929] usb 7-1: config index 0 descriptor too short (expected 30, got 18)
[  243.755950][ T8173] exFAT-fs (loop5): error, invalid access to FAT (entry 0xffffffff)
[  243.771204][ T5929] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  243.792020][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.802104][ T8173] exFAT-fs (loop5): Filesystem has been set read-only
[  243.812940][ T5929] usb 7-1: Product: syz
[  243.828154][ T5840] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  243.830731][ T5929] usb 7-1: Manufacturer: syz
[  243.878890][ T5929] usb 7-1: SerialNumber: syz
[  243.937980][ T5929] usb 7-1: config 0 descriptor??
[  243.981072][ T5929] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  244.011899][ T5929] usb 7-1: setting power ON
[  244.023384][ T5929] dvb-usb: bulk message failed: -22 (2/0)
[  244.058471][ T5999] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  244.099959][ T5999] usb 3-1: USB disconnect, device number 7
[  244.139647][ T5929] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  244.191697][ T5929] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  244.208001][ T8156] dvb-usb: bulk message failed: -22 (3/0)
[  244.230014][ T5929] usb 7-1: media controller created
[  244.232682][ T8156] dvb-usb: bulk message failed: -22 (3/0)
[  244.269500][ T8177] fuse: root generation should be zero
[  244.310991][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  244.397007][ T5929] usb 7-1: selecting invalid altsetting 6
[  244.435088][ T5929] usb 7-1: digital interface selection failed (-22)
[  244.463163][ T5929] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  244.478184][ T8152] loop0: detected capacity change from 0 to 40427
[  244.486169][ T5929] usb 7-1: setting power OFF
[  244.502931][ T5929] dvb-usb: bulk message failed: -22 (2/0)
[  244.516532][ T8152] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  244.552420][ T8152] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  244.561363][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  244.577069][ T8152] F2FS-fs (loop0): invalid crc value
[  244.582875][ T5929] (NULL device *): no alternate interface
[  244.792311][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  244.812632][ T5999] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  244.886540][ T8152] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  244.899105][ T5929] usb 7-1: USB disconnect, device number 3
[  244.930862][ T8152] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  244.950539][ T8152] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  245.002891][ T5999] usb 6-1: Using ep0 maxpacket: 32
[  245.037514][ T5999] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  245.049984][ T5999] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.091020][ T5999] usb 6-1: config 0 descriptor??
[  245.330478][ T5999] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  245.370586][ T5999] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  245.385997][ T5999] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  245.395221][ T5999] usb 6-1: media controller created
[  245.419795][ T5999] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  245.514867][ T8202] loop3: detected capacity change from 0 to 512
[  245.545745][ T8202] EXT4-fs: Ignoring removed nobh option
[  245.561247][ T5999] DVB: Unable to find symbol dib7000p_attach()
[  245.595178][ T8202] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  245.616569][ T5999] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  245.650388][ T8202] EXT4-fs (loop3): 1 truncate cleaned up
[  245.658765][ T8202] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  245.811883][ T5999] rc_core: IR keymap rc-dib0700-rc5 not found
[  245.821220][ T8187] loop2: detected capacity change from 0 to 32768
[  245.825342][ T5999] Registered IR keymap rc-empty
[  245.843057][ T5999] dvb-usb: could not initialize remote control.
[  245.857687][ T8187] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.581 (8187)
[  245.860605][ T5999] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  245.911431][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.928770][ T5999] usb 6-1: USB disconnect, device number 7
[  245.970138][ T8187] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  246.024555][ T8187] BTRFS info (device loop2): using crc32c checksum algorithm
[  246.058790][ T5999] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  246.272249][ T8187] BTRFS info (device loop2): enabling ssd optimizations
[  246.304557][ T8199] loop6: detected capacity change from 0 to 32768
[  246.318090][ T8187] BTRFS info (device loop2): turning on flush-on-commit
[  246.348298][ T8187] BTRFS info (device loop2): enabling free space tree
[  246.389793][ T8187] BTRFS info (device loop2): enabling auto defrag
[  246.419750][ T8187] BTRFS info (device loop2): use lzo compression, level 1
[  246.433085][ T8199] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  246.478140][ T8187] BTRFS info (device loop2): max_inline set to 4096
[  246.533547][ T8199] XFS (loop6): Ending clean mount
[  246.748803][ T5842] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  247.058306][ T7162] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  248.990930][ T8260] loop0: detected capacity change from 0 to 128
[  249.062939][ T8260] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  249.112496][ T8260] hpfs: filesystem error: improperly stopped
[  249.132025][ T8260] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  249.164411][ T8260] hpfs: You really don't want any checks? You are crazy...
[  249.207872][ T8260] hpfs: Code page index out of array
[  249.231847][ T8260] hpfs: code page support is disabled
[  249.256188][ T8260] hpfs: hpfs_map_4sectors(): unaligned read
[  249.263332][ T8268] netlink: 40 bytes leftover after parsing attributes in process `syz.6.592'.
[  249.292357][ T8260] hpfs: hpfs_map_4sectors(): unaligned read
[  249.313867][ T8260] hpfs: filesystem error: unable to find root dir
[  249.776545][ T8275] loop6: detected capacity change from 0 to 256
[  251.371151][ T8281] netlink: 830 bytes leftover after parsing attributes in process `syz.6.600'.
[  251.408339][ T8281] netlink: 1047 bytes leftover after parsing attributes in process `syz.6.600'.
[  251.467424][ T8281] bridge_slave_1: default FDB implementation only supports local addresses
[  251.751329][ T8266] loop2: detected capacity change from 0 to 32768
[  251.801896][ T5972] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  251.809963][ T5999] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  251.839996][ T8266] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  252.000604][ T8266] XFS (loop2): Ending clean mount
[  252.002339][ T5972] usb 1-1: Using ep0 maxpacket: 32
[  252.010977][ T5999] usb 4-1: Using ep0 maxpacket: 32
[  252.027013][ T5999] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  252.041039][ T8266] XFS (loop2): Quotacheck needed: Please wait.
[  252.043097][ T5972] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  252.070815][ T5999] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  252.100039][ T5972] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  252.109514][ T5999] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  252.119746][ T5972] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  252.139874][ T5999] usb 4-1: Product: syz
[  252.145335][ T5972] usb 1-1: Product: syz
[  252.151274][ T5999] usb 4-1: Manufacturer: syz
[  252.159508][ T5972] usb 1-1: Manufacturer: syz
[  252.166437][ T5999] usb 4-1: SerialNumber: syz
[  252.171108][ T5972] usb 1-1: SerialNumber: syz
[  252.185820][ T5999] usb 4-1: config 0 descriptor??
[  252.196544][ T5972] usb 1-1: config 0 descriptor??
[  252.209861][ T8285] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  252.220008][ T8283] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  252.238576][ T5999] hub 4-1:0.0: bad descriptor, ignoring hub
[  252.262041][ T5999] hub 4-1:0.0: probe with driver hub failed with error -5
[  252.330805][ T5999] chaoskey 4-1:0.0: Unable to register with hwrng
[  252.375202][ T8266] XFS (loop2): Quotacheck: Done.
[  252.426561][ T5842] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  252.515253][ T5929] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  252.604191][  T995] usb 4-1: USB disconnect, device number 7
[  252.695861][ T5999] usb 1-1: USB disconnect, device number 10
[  252.703988][ T5929] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  252.772376][ T5929] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  252.786985][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  252.807335][ T5929] usb 7-1: Product: syz
[  252.838880][ T5929] usb 7-1: Manufacturer: syz
[  252.853749][ T5929] usb 7-1: SerialNumber: syz
[  252.926596][ T8312] loop5: detected capacity change from 0 to 16
[  252.957364][ T8312] erofs (device loop5): mounted with root inode @ nid 36.
[  252.986258][ T8312] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  253.091438][ T5929] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  253.438210][ T8319] loop3: detected capacity change from 0 to 256
[  253.483376][ T8310] loop0: detected capacity change from 0 to 40427
[  253.505059][ T8310] F2FS-fs (loop0): invalid crc value
[  253.512610][ T8319] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d)
[  253.541384][ T8314] loop2: detected capacity change from 0 to 32768
[  253.595409][ T8314] (syz.2.606,8314,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  253.616649][   T30] audit: type=1800 audit(1773982148.144:19): pid=8319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.612" name="file2" dev="loop3" ino=1048647 res=0 errno=0
[  253.642326][ T8314] (syz.2.606,8314,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  253.670200][ T8319] exFAT-fs (loop3): error, invalid access to FAT (entry 0xffffffff)
[  253.699546][ T8319] exFAT-fs (loop3): Filesystem has been set read-only
[  253.775762][ T8314] JBD2: Ignoring recovery information on journal
[  253.851218][ T8310] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  253.930379][ T8310] F2FS-fs (loop0): Start checkpoint disabled!
[  253.992412][ T8314] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  254.005782][ T8310] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  254.051895][ T8310] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  254.069062][ T8314] (syz.2.606,8314,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC.
[  254.170436][ T8314] ocfs2: Unmounting device (7,2) on (node local)
[  254.264112][ T5839] syz-executor: attempt to access beyond end of device
[  254.264112][ T5839] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  254.302437][ T5839] syz-executor: attempt to access beyond end of device
[  254.302437][ T5839] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  254.543425][ T7924] kworker/u8:12: attempt to access beyond end of device
[  254.543425][ T7924] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  254.590482][ T7924] CPU: 0 UID: 0 PID: 7924 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  254.590517][ T7924] Tainted: [L]=SOFTLOCKUP
[  254.590525][ T7924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  254.590538][ T7924] Workqueue: writeback wb_workfn (flush-7:0)
[  254.590586][ T7924] Call Trace:
[  254.590595][ T7924]  <TASK>
[  254.590604][ T7924]  dump_stack_lvl+0xe8/0x150
[  254.590639][ T7924]  f2fs_handle_critical_error+0x37c/0x540
[  254.590677][ T7924]  f2fs_write_end_io+0x1274/0x1740
[  254.590719][ T7924]  __submit_merged_bio+0x256/0x700
[  254.590756][ T7924]  __submit_merged_write_cond+0x3c9/0x4e0
[  254.590793][ T7924]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  254.590845][ T7924]  f2fs_write_data_pages+0x287e/0x34f0
[  254.590912][ T7924]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  254.590956][ T7924]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  254.591014][ T7924]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  254.591075][ T7924]  ? __lock_acquire+0x6b5/0x2cf0
[  254.591120][ T7924]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  254.591146][ T7924]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  254.591179][ T7924]  do_writepages+0x32e/0x550
[  254.591212][ T7924]  ? reacquire_held_locks+0x104/0x190
[  254.591234][ T7924]  ? writeback_sb_inodes+0x477/0x1a20
[  254.591270][ T7924]  __writeback_single_inode+0x133/0x11a0
[  254.591299][ T7924]  ? do_raw_spin_unlock+0xf5/0x210
[  254.591331][ T7924]  writeback_sb_inodes+0x992/0x1a20
[  254.591379][ T7924]  ? __lock_acquire+0x6b5/0x2cf0
[  254.591417][ T7924]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  254.591442][ T7924]  ? do_raw_spin_lock+0x12b/0x2f0
[  254.591510][ T7924]  ? rcu_is_watching+0x15/0xb0
[  254.591541][ T7924]  wb_writeback+0x456/0xb70
[  254.591573][ T7924]  ? queue_io+0x1d1/0x4a0
[  254.591608][ T7924]  ? __pfx_wb_writeback+0x10/0x10
[  254.591632][ T7924]  ? do_raw_spin_lock+0x12b/0x2f0
[  254.591675][ T7924]  wb_workfn+0x414/0xf50
[  254.591700][ T7924]  ? look_up_lock_class+0x57/0x110
[  254.591739][ T7924]  ? __pfx_wb_workfn+0x10/0x10
[  254.591766][ T7924]  ? do_raw_spin_lock+0x12b/0x2f0
[  254.591796][ T7924]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  254.591846][ T7924]  ? process_one_work+0x8bb/0x1780
[  254.591876][ T7924]  process_one_work+0x9ab/0x1780
[  254.591931][ T7924]  ? __pfx_process_one_work+0x10/0x10
[  254.591960][ T7924]  ? do_raw_spin_lock+0x12b/0x2f0
[  254.592005][ T7924]  worker_thread+0xba8/0x11e0
[  254.592062][ T7924]  kthread+0x388/0x470
[  254.592088][ T7924]  ? __pfx_worker_thread+0x10/0x10
[  254.592106][ T7924]  ? __pfx_kthread+0x10/0x10
[  254.592133][ T7924]  ret_from_fork+0x51e/0xb90
[  254.592168][ T7924]  ? __pfx_ret_from_fork+0x10/0x10
[  254.592196][ T7924]  ? __switch_to+0xc7d/0x1450
[  254.592227][ T7924]  ? __pfx_kthread+0x10/0x10
[  254.592254][ T7924]  ret_from_fork_asm+0x1a/0x30
[  254.592294][ T7924]  </TASK>
[  254.894424][    C0] usblp0: nonzero write bulk status received: -71
[  254.906619][ T1567] usb 7-1: USB disconnect, device number 4
[  254.986538][ T8333] netlink: 212348 bytes leftover after parsing attributes in process `syz.5.621'.
[  255.036561][ T7924] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  255.083211][ T1567] usblp0: removed
[  255.654768][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  255.670723][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  256.045098][ T8345] loop3: detected capacity change from 0 to 16
[  256.055814][ T8345] erofs (device loop3): mounted with root inode @ nid 36.
[  256.080138][ T8345] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  256.483862][ T6000] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.666948][ T6000] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.865559][ T6000] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.915865][ T8363] kernel profiling enabled (shift: 0)
[  256.946826][ T8354] loop5: detected capacity change from 0 to 32768
[  257.089453][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  257.103662][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  257.348627][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  257.376180][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  257.401787][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  257.480949][ T8354] JBD2: Ignoring recovery information on journal
[  257.752168][ T6000] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.947709][ T8354] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  259.107665][ T8354] syz.5.626 (8354) used greatest stack depth: 19104 bytes left
[  259.319962][ T6503] ocfs2: Unmounting device (7,5) on (node local)
[  259.394214][ T6000] bridge_slave_1: left allmulticast mode
[  259.415404][ T6000] bridge_slave_1: left promiscuous mode
[  259.437553][ T6000] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.502678][ T6000] bridge_slave_0: left allmulticast mode
[  259.523916][ T6000] bridge_slave_0: left promiscuous mode
[  259.532249][ T6000] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.568475][ T6000] pimreg: left allmulticast mode
[  259.592612][  T995] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  259.764278][  T995] usb 4-1: Using ep0 maxpacket: 16
[  259.771672][ T5859] Bluetooth: hci0: command tx timeout
[  259.790865][  T995] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.815406][  T995] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  259.825812][  T995] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c08, bcdDevice= 0.00
[  259.835392][  T995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.856821][  T995] usb 4-1: config 0 descriptor??
[  260.102662][  T995] usb 4-1: string descriptor 0 read error: -71
[  260.131555][  T995] usb 4-1: USB disconnect, device number 8
[  260.208155][ T6000] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  260.255653][ T6000] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  260.294403][ T6000] bond0 (unregistering): Released all slaves
[  260.845344][ T8413] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  260.977945][ T8422] loop6: detected capacity change from 0 to 2640
[  261.028720][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.113390][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.126208][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.405981][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.735186][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.801921][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.843027][ T5859] Bluetooth: hci0: command tx timeout
[  261.873685][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.900960][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.915965][ T8422] ldm_validate_partition_table(): Disk read failed.
[  261.968389][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.978680][ T8364] chnl_net:caif_netlink_parms(): no params data found
[  262.017551][ T8422] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.064088][ T8422] Dev loop6: unable to read RDB block 0
[  262.100460][ T8422]  loop6: unable to read partition table
[  262.123789][ T8422] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  262.739913][ T6000] hsr_slave_0: left promiscuous mode
[  262.781615][ T6000] hsr_slave_1: left promiscuous mode
[  262.808111][ T6000] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.841668][ T6000] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.867538][ T6000] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.883648][ T6000] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.921663][ T6000] veth1_macvtap: left promiscuous mode
[  262.943291][ T6000] veth0_macvtap: left promiscuous mode
[  262.962424][ T6000] veth1_vlan: left promiscuous mode
[  262.972408][ T6000] veth0_vlan: left promiscuous mode
[  263.577967][ T7934] smbdirect: ib_dev[syz0] removed
[  263.873956][ T6000] team0 (unregistering): Port device team_slave_1 removed
[  263.888123][ T5929] IPVS: starting estimator thread 0...
[  263.909137][ T6000] team0 (unregistering): Port device team_slave_0 removed
[  263.921914][ T5859] Bluetooth: hci0: command tx timeout
[  263.993258][ T8472] IPVS: using max 27 ests per chain, 64800 per kthread
[  264.968018][ T8476] loop5: detected capacity change from 0 to 128
[  265.109694][ T1567] infiniband syz0: ib_query_port failed (-19)
[  265.181516][ T8469] loop6: detected capacity change from 0 to 32768
[  265.245290][ T8469] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  265.335046][ T8469] XFS (loop6): Ending clean mount
[  265.336874][ T8364] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.365039][ T8469] XFS (loop6): Quotacheck needed: Please wait.
[  265.407798][ T8364] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.457832][ T8364] bridge_slave_0: entered allmulticast mode
[  265.521347][ T8364] bridge_slave_0: entered promiscuous mode
[  265.568940][ T8364] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.591703][ T8469] XFS (loop6): Quotacheck: Done.
[  265.618227][ T8364] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.646226][ T8364] bridge_slave_1: entered allmulticast mode
[  265.690668][ T8364] bridge_slave_1: entered promiscuous mode
[  265.908590][ T8476] syz.5.657: attempt to access beyond end of device
[  265.908590][ T8476] loop5: rw=2049, sector=145, nr_sectors = 8 limit=128
[  265.948280][ T7162] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  265.978521][ T8364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  265.994752][ T8476] syz.5.657: attempt to access beyond end of device
[  265.994752][ T8476] loop5: rw=2049, sector=161, nr_sectors = 8 limit=128
[  266.022022][ T5859] Bluetooth: hci0: command tx timeout
[  266.031045][ T8476] syz.5.657: attempt to access beyond end of device
[  266.031045][ T8476] loop5: rw=2049, sector=177, nr_sectors = 8 limit=128
[  266.046062][ T8364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.059361][ T8476] syz.5.657: attempt to access beyond end of device
[  266.059361][ T8476] loop5: rw=2049, sector=193, nr_sectors = 8 limit=128
[  266.073994][ T8480] loop3: detected capacity change from 0 to 32768
[  266.101085][ T8480] JBD2: Ignoring recovery information on journal
[  266.190843][ T8476] syz.5.657: attempt to access beyond end of device
[  266.190843][ T8476] loop5: rw=2049, sector=209, nr_sectors = 8 limit=128
[  266.220203][ T8480] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  266.292490][ T8476] syz.5.657: attempt to access beyond end of device
[  266.292490][ T8476] loop5: rw=2049, sector=225, nr_sectors = 8 limit=128
[  266.386990][ T6000] IPVS: stop unused estimator thread 0...
[  266.388809][ T8476] syz.5.657: attempt to access beyond end of device
[  266.388809][ T8476] loop5: rw=2049, sector=241, nr_sectors = 8 limit=128
[  266.440891][ T8364] team0: Port device team_slave_0 added
[  266.466908][ T8476] syz.5.657: attempt to access beyond end of device
[  266.466908][ T8476] loop5: rw=2049, sector=257, nr_sectors = 8 limit=128
[  266.505558][ T8364] team0: Port device team_slave_1 added
[  266.587939][ T8476] syz.5.657: attempt to access beyond end of device
[  266.587939][ T8476] loop5: rw=2049, sector=273, nr_sectors = 8 limit=128
[  266.626728][ T8476] syz.5.657: attempt to access beyond end of device
[  266.626728][ T8476] loop5: rw=2049, sector=289, nr_sectors = 8 limit=128
[  266.704659][ T8364] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.736605][ T8364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  266.832254][   T30] audit: type=1800 audit(1773982161.344:20): pid=8499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.658" name="file1" dev="loop3" ino=17059 res=0 errno=0
[  266.870850][ T8364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.916647][ T8364] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.932164][ T8364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  266.959139][ T8364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  267.036944][ T8364] hsr_slave_0: entered promiscuous mode
[  267.046796][ T8364] hsr_slave_1: entered promiscuous mode
[  267.054231][ T8364] debugfs: 'hsr0' already exists in 'hsr'
[  267.060005][ T8364] Cannot create hsr debugfs directory
[  267.219735][ T8480] syz.3.658 (8480) used greatest stack depth: 19048 bytes left
[  267.360382][ T8508] ªªªªªª: renamed from vlan0 (while UP)
[  267.390511][ T5840] ocfs2: Unmounting device (7,3) on (node local)
[  268.172906][ T8530] xt_connbytes: Forcing CT accounting to be enabled
[  268.979564][ T8528] loop3: detected capacity change from 0 to 32768
[  269.282744][ T8528] (syz.3.662,8528,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  269.604631][ T8528] (syz.3.662,8528,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  269.698030][ T8528] JBD2: Ignoring recovery information on journal
[  269.840780][ T8528] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  269.918672][ T8528] (syz.3.662,8528,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC.
[  270.067052][ T8364] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  270.117648][ T8528] ocfs2: Unmounting device (7,3) on (node local)
[  270.149636][ T8364] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  270.238055][ T8364] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  270.307896][ T8364] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  270.361283][ T8560] syzkaller1: entered promiscuous mode
[  270.367336][ T8566] loop2: detected capacity change from 0 to 2048
[  270.375255][ T8560] syzkaller1: entered allmulticast mode
[  270.409769][ T8566] EXT4-fs: Ignoring removed mblk_io_submit option
[  270.474714][ T8566] EXT4-fs: Ignoring removed i_version option
[  270.535207][ T8566] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.804866][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.980072][ T8364] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.117693][ T8364] 8021q: adding VLAN 0 to HW filter on device team0
[  271.220838][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.228062][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.307329][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.314556][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  271.827312][ T8568] loop6: detected capacity change from 0 to 32768
[  271.878983][ T8568] JBD2: Ignoring recovery information on journal
[  271.904956][ T8364] 8021q: adding VLAN 0 to HW filter on device batadv0
[  271.990212][ T8568] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  272.053914][ T1567] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  272.262094][ T1567] usb 4-1: Using ep0 maxpacket: 8
[  272.294394][ T1567] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  272.329713][ T1567] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.357932][ T1567] usb 4-1: Product: syz
[  272.373395][ T1567] usb 4-1: Manufacturer: syz
[  272.379056][ T1567] usb 4-1: SerialNumber: syz
[  272.416567][ T1567] usb 4-1: config 0 descriptor??
[  272.442944][ T1567] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  272.840597][ T7162] ocfs2: Unmounting device (7,6) on (node local)
[  273.138380][ T8633] loop2: detected capacity change from 0 to 512
[  273.178871][ T8633] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.681: inode has both inline data and extents flags
[  273.246232][ T8364] veth0_vlan: entered promiscuous mode
[  273.256719][ T8633] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  273.257135][ T8633] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.681: couldn't read orphan inode 15 (err -117)
[  273.266405][    C1] EXT4-fs (loop2): error count since last fsck: 1
[  273.266435][    C1] EXT4-fs (loop2): initial error at time 1773982167: ext4_orphan_get:1391: inode 15
[  273.266469][    C1] EXT4-fs (loop2): last error at time 1773982167: ext4_orphan_get:1391: inode 15
[  273.299860][ T8364] veth1_vlan: entered promiscuous mode
[  273.380873][ T8364] veth0_macvtap: entered promiscuous mode
[  273.392371][ T8633] loop2: lost filesystem error report for type 5 error -117
[  273.395023][ T8633] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.422892][ T8364] veth1_macvtap: entered promiscuous mode
[  273.511627][ T8364] batman_adv: batadv0: Interface activated: batadv_slave_0
[  273.548218][ T8364] batman_adv: batadv0: Interface activated: batadv_slave_1
[  273.584771][ T7924] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  273.607578][ T8641] loop6: detected capacity change from 0 to 1024
[  273.625226][ T7924] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  273.659896][ T1567] gspca_sonixj: reg_w1 err -71
[  273.681582][ T8641] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  273.700584][ T7924] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  273.712297][ T1567] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[  273.731153][ T1567] usb 4-1: USB disconnect, device number 9
[  273.739857][ T7924] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  273.755326][ T8641] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  274.015077][ T8647] EXT4-fs error (device loop6): ext4_free_blocks:6724: comm syz.6.678: Freeing blocks not in datazone - block = 0, count = 16
[  274.051264][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.068489][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  274.137615][ T7924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.153560][ T8639] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.678: bg 0: block 112: padding at end of block bitmap is not set
[  274.159127][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.172831][ T7924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  274.231636][ T8639] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 128 with max blocks 64 with error 28
[  274.274612][ T8639] EXT4-fs (loop6): This should not happen!! Data will be lost
[  274.274612][ T8639] 
[  274.304095][ T8639] EXT4-fs (loop6): Total free blocks count 0
[  274.314702][    C1] vcan0: j1939_tp_rxtimer: 0xffff888055309000: rx timeout, send abort
[  274.327455][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888055309000: 0x20000: (3) A timeout occurred and this is the connection abort to close the session.
[  274.375660][ T8639] EXT4-fs (loop6): Free/Dirty block details
[  274.409682][ T8639] EXT4-fs (loop6): free_blocks=0
[  274.438345][ T8639] EXT4-fs (loop6): dirty_blocks=64
[  274.458495][ T8639] EXT4-fs (loop6): Block reservation details
[  274.467949][ T8654] loop3: detected capacity change from 0 to 16
[  274.490174][ T8639] EXT4-fs (loop6): i_reserved_data_blocks=4
[  274.514886][ T8654] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  274.544578][   T30] audit: type=1326 audit(1773982169.074:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8649 comm="syz.2.682" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f181639c799 code=0x0
[  274.624355][ T7162] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  274.653686][ T8654] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  276.147553][ T8688] binder: 8687:8688 ioctl 4018620d 0 returned -22
[  276.188964][ T8690] loop7: detected capacity change from 0 to 256
[  276.209138][ T8690] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  276.269445][ T8691] binder: 8687:8691 ioctl c0306201 0 returned -14
[  276.341472][ T8690] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  276.413722][ T8694] loop2: detected capacity change from 0 to 1024
[  276.506579][ T8694] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  276.560478][ T8699] netlink: 4 bytes leftover after parsing attributes in process `syz.6.697'.
[  276.623023][ T8694] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  276.709173][ T8702] loop5: detected capacity change from 0 to 16
[  276.720881][ T8702] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  276.774179][ T8702] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  276.798459][ T8703] EXT4-fs error (device loop2): ext4_free_blocks:6724: comm syz.2.698: Freeing blocks not in datazone - block = 0, count = 16
[  276.831663][ T8692] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.698: bg 0: block 112: padding at end of block bitmap is not set
[  276.871538][ T8692] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 128 with max blocks 64 with error 28
[  276.931907][ T8692] EXT4-fs (loop2): This should not happen!! Data will be lost
[  276.931907][ T8692] 
[  276.952318][ T8692] EXT4-fs (loop2): Total free blocks count 0
[  276.989243][ T8692] EXT4-fs (loop2): Free/Dirty block details
[  277.027117][ T8692] EXT4-fs (loop2): free_blocks=0
[  277.050074][ T8692] EXT4-fs (loop2): dirty_blocks=64
[  277.073692][ T8708] netlink: 4 bytes leftover after parsing attributes in process `syz.5.702'.
[  277.086291][ T8692] EXT4-fs (loop2): Block reservation details
[  277.111189][ T8692] EXT4-fs (loop2): i_reserved_data_blocks=4
[  277.838065][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  278.642727][   T31] INFO: task syz.4.121:6392 blocked for more than 143 seconds.
[  278.668225][   T31]       Tainted: G             L      syzkaller #0
[  278.690051][   T31]       Blocked by coredump.
[  278.703154][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  278.722692][   T31] task:syz.4.121       state:D stack:27400 pid:6392  tgid:6391  ppid:5843   task_flags:0x40054c flags:0x00080002
[  278.741827][   T31] Call Trace:
[  278.745280][   T31]  <TASK>
[  278.749851][   T31]  __schedule+0x1665/0x5590
[  278.758460][   T31]  ? __pfx___schedule+0x10/0x10
[  278.770324][   T31]  ? schedule+0x90/0x360
[  278.781814][   T31]  schedule+0x164/0x360
[  278.801925][   T31]  schedule_preempt_disabled+0x13/0x30
[  278.825465][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  278.840287][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  278.857095][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  278.881154][   T31]  ? do_futex+0x395/0x420
[  278.904139][ T8744] netlink: 4 bytes leftover after parsing attributes in process `syz.3.712'.
[  278.913114][   T31]  down_read+0x99/0x2e0
[  278.918984][   T31]  ? exit_mm+0x64/0x250
[  278.927453][   T31]  exit_mm+0x73/0x250
[  278.933402][   T31]  ? unwind_deferred_task_exit+0x67/0xa0
[  278.945383][   T31]  do_exit+0x8b9/0x2490
[  278.961604][   T31]  ? __pfx_do_exit+0x10/0x10
[  278.976341][   T31]  do_group_exit+0x21b/0x2d0
[  278.991810][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  279.008109][   T31]  get_signal+0x1284/0x1330
[  279.027048][   T31]  arch_do_signal_or_restart+0xbc/0x830
[  279.041379][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  279.070284][   T31]  exit_to_user_mode_loop+0x86/0x480
[  279.081835][   T31]  ? rcu_is_watching+0x15/0xb0
[  279.094631][   T31]  do_syscall_64+0x32d/0xf80
[  279.117175][   T31]  ? trace_irq_disable+0x3b/0x150
[  279.131852][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.141855][   T31]  ? clear_bhb_loop+0x40/0x90
[  279.149731][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.155827][ T5915] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  279.171822][   T31] RIP: 0033:0x7f089c59c799
[  279.182808][   T31] RSP: 002b:00007f089d4f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  279.201183][   T31] RAX: 000000000000000b RBX: 00007f089c815fa0 RCX: 00007f089c59c799
[  279.228239][   T31] RDX: 0000000000000318 RSI: 00002000000bd000 RDI: 000000000000000c
[  279.240910][   T31] RBP: 00007f089c632c99 R08: 0000000000000000 R09: 0000000000000000
[  279.259238][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  279.269034][   T31] R13: 00007f089c816038 R14: 00007f089c815fa0 R15: 00007fff0efeb438
[  279.291288][   T31]  </TASK>
[  279.298946][   T31] 
[  279.298946][   T31] Showing all locks held in the system:
[  279.313968][   T31] 1 lock held by khungtaskd/31:
[  279.322811][ T5915] usb 8-1: Using ep0 maxpacket: 8
[  279.328887][   T31]  #0: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  279.374928][ T5915] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  279.387929][   T31] 2 locks held by getty/5596:
[  279.394899][   T31]  #0: ffff8880376770a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  279.405992][ T5915] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  279.416283][   T31]  #1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[  279.428331][ T5915] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  279.439418][   T31] 3 locks held by kworker/1:4/5915:
[  279.445542][ T5915] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  279.458926][   T31] 1 lock held by syz.4.121/6392:
[  279.466573][   T31]  #0: ffff88807aaf1c38 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250
[  279.478857][ T5915] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  279.494145][   T31] 3 locks held by syz.3.690/8681:
[  279.503297][ T5915] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.516267][   T31] 2 locks held by syz.2.706/8723:
[  279.522581][   T31] 1 lock held by syz.3.712/8743:
[  279.529230][   T31]  #0: ffffffff8fbd4c00 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  279.539237][   T31] 2 locks held by dhcpcd/8747:
[  279.553262][   T31]  #0: ffff888058b3e260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe70
[  279.578445][   T31]  #1: ffffffff8e7638e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  279.606678][   T31] 1 lock held by dhcpcd/8751:
[  279.613763][   T31]  #0: ffff888053acc260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe70
[  279.635804][   T31] 1 lock held by dhcpcd/8753:
[  279.647780][   T31]  #0: ffff888034506260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe70
[  279.676277][   T31] 
[  279.695642][   T31] =============================================
[  279.695642][   T31] 
[  279.718188][   T31] NMI backtrace for cpu 1
[  279.718210][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  279.718238][   T31] Tainted: [L]=SOFTLOCKUP
[  279.718246][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  279.718258][   T31] Call Trace:
[  279.718269][   T31]  <TASK>
[  279.718278][   T31]  dump_stack_lvl+0xe8/0x150
[  279.718314][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[  279.718353][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  279.718386][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  279.718421][   T31]  sys_info+0x135/0x170
[  279.718449][   T31]  watchdog+0x1002/0x1060
[  279.718483][   T31]  ? watchdog+0x1da/0x1060
[  279.718514][   T31]  kthread+0x388/0x470
[  279.718541][   T31]  ? __pfx_watchdog+0x10/0x10
[  279.718563][   T31]  ? __pfx_kthread+0x10/0x10
[  279.718589][   T31]  ret_from_fork+0x51e/0xb90
[  279.718623][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  279.718651][   T31]  ? __switch_to+0xc7d/0x1450
[  279.718681][   T31]  ? __pfx_kthread+0x10/0x10
[  279.718708][   T31]  ret_from_fork_asm+0x1a/0x30
[  279.718745][   T31]  </TASK>
[  279.718777][   T31] Sending NMI from CPU 1 to CPUs 0:
[  279.844687][    C0] NMI backtrace for cpu 0
[  279.844707][    C0] CPU: 0 UID: 0 PID: 8681 Comm: syz.3.690 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  279.844730][    C0] Tainted: [L]=SOFTLOCKUP
[  279.844737][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  279.844748][    C0] RIP: 0010:unwind_next_frame+0x1db/0x23c0
[  279.844771][    C0] Code: c2 c0 a4 c9 8b 49 29 dc 0f 84 b2 02 00 00 49 81 fc 00 00 00 81 0f 92 c0 49 81 fc d0 93 b8 8b 0f 93 c1 08 c1 0f 85 05 01 00 00 <48> c7 c0 00 00 00 81 4d 89 e7 49 29 c7 49 c1 ef 08 8b 15 fe 4f a8
[  279.844786][    C0] RSP: 0018:ffffc9000dd35af8 EFLAGS: 00000246
[  279.844801][    C0] RAX: 1ffff92001ba6b00 RBX: 0000000000000001 RCX: 0000000080000000
[  279.844813][    C0] RDX: ffffffff8bc9a4c0 RSI: ffffffff8c2871e0 RDI: ffffffff8c2871a0
[  279.844832][    C0] RBP: dffffc0000000000 R08: ffffffff81774bb5 R09: ffffffff8e75d6a0
[  279.844845][    C0] R10: ffffc9000dd35c18 R11: ffffffff81b1db20 R12: ffffffff81b1dab8
[  279.844857][    C0] R13: ffffc9000dd35c18 R14: ffffc9000dd35bc8 R15: ffffc9000dd35c10
[  279.844869][    C0] FS:  0000000000000000(0000) GS:ffff888125436000(0000) knlGS:0000000000000000
[  279.844884][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  279.844895][    C0] CR2: 00007ffd4f0057b0 CR3: 00000000589aa000 CR4: 00000000003526f0
[  279.844910][    C0] Call Trace:
[  279.844934][    C0]  <TASK>
[  279.844945][    C0]  ? unwind_next_frame+0xa5/0x23c0
[  279.844963][    C0]  ? __unwind_start+0x5b8/0x760
[  279.844979][    C0]  ? stack_trace_save+0xa9/0x100
[  279.845001][    C0]  ? stack_trace_save+0xa9/0x100
[  279.845023][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  279.845045][    C0]  arch_stack_walk+0x11b/0x150
[  279.845066][    C0]  ? stack_trace_save+0xa9/0x100
[  279.845090][    C0]  stack_trace_save+0xa9/0x100
[  279.845110][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  279.845138][    C0]  save_stack+0x122/0x230
[  279.845156][    C0]  ? __pfx_save_stack+0x10/0x10
[  279.845183][    C0]  __set_page_owner+0x8d/0x4c0
[  279.845201][    C0]  ? __pfx___set_page_owner+0x10/0x10
[  279.845223][    C0]  post_alloc_hook+0x231/0x280
[  279.845252][    C0]  get_page_from_freelist+0x2418/0x24b0
[  279.845295][    C0]  __alloc_frozen_pages_noprof+0x233/0x3d0
[  279.845317][    C0]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  279.845341][    C0]  ? __pfx_policy_nodemask+0x10/0x10
[  279.845358][    C0]  ? rcu_is_watching+0x15/0xb0
[  279.845376][    C0]  ? __filemap_add_folio+0xf38/0x13a0
[  279.845403][    C0]  alloc_pages_mpol+0x235/0x490
[  279.845425][    C0]  alloc_pages_noprof+0xac/0x2a0
[  279.845445][    C0]  folio_alloc_noprof+0x1e/0x30
[  279.845465][    C0]  filemap_alloc_folio_noprof+0x111/0x470
[  279.845489][    C0]  ? xa_load+0x60/0x210
[  279.845510][    C0]  ? xa_load+0x60/0x210
[  279.845529][    C0]  ? xa_load+0x60/0x210
[  279.845550][    C0]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  279.845573][    C0]  ? xa_load+0x1db/0x210
[  279.845601][    C0]  page_cache_ra_unbounded+0x39b/0xa50
[  279.845636][    C0]  page_cache_ra_order+0xaf2/0xeb0
[  279.845672][    C0]  filemap_fault+0x656/0x1320
[  279.845703][    C0]  ? __pfx_filemap_fault+0x10/0x10
[  279.845737][    C0]  __do_fault+0x3e7/0x590
[  279.845756][    C0]  ? do_pte_missing+0x125b/0x33f0
[  279.845772][    C0]  do_pte_missing+0x2093/0x33f0
[  279.845795][    C0]  ? handle_mm_fault+0xee/0x3170
[  279.845827][    C0]  handle_mm_fault+0x1bd7/0x3170
[  279.845860][    C0]  ? handle_mm_fault+0xee/0x3170
[  279.845887][    C0]  ? __pfx_handle_mm_fault+0x10/0x10
[  279.845918][    C0]  ? __pfx_follow_page_pte+0x10/0x10
[  279.845946][    C0]  __get_user_pages+0x1683/0x2720
[  279.845984][    C0]  get_dump_page+0x1b5/0x410
[  279.846007][    C0]  ? __pfx_get_dump_page+0x10/0x10
[  279.846028][    C0]  ? dump_user_range+0x1c5/0x12c0
[  279.846047][    C0]  ? down_read_killable+0x1bb/0x340
[  279.846070][    C0]  ? iov_iter_bvec+0xb8/0x180
[  279.846090][    C0]  dump_user_range+0x20a/0x12c0
[  279.846117][    C0]  ? __pfx_dump_user_range+0x10/0x10
[  279.846137][    C0]  ? elf_coredump_extra_notes_write+0x441/0x4d0
[  279.846167][    C0]  ? __pfx_elf_coredump_extra_notes_write+0x10/0x10
[  279.846200][    C0]  elf_core_dump+0x34c2/0x3ad0
[  279.846230][    C0]  ? __pfx_elf_core_dump+0x10/0x10
[  279.846250][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  279.846266][    C0]  ? __kvmalloc_node_noprof+0x528/0x8a0
[  279.846283][    C0]  ? coredump_write+0x387/0x1910
[  279.846300][    C0]  ? vfs_coredump+0x36a9/0x4280
[  279.846317][    C0]  ? get_signal+0x1107/0x1330
[  279.846342][    C0]  ? arch_do_signal_or_restart+0xbc/0x830
[  279.846364][    C0]  ? irqentry_exit+0x188/0x700
[  279.846384][    C0]  ? asm_exc_page_fault+0x26/0x30
[  279.846404][    C0]  ? mas_ascend+0x304/0x890
[  279.846448][    C0]  ? 0xffffffffff600000
[  279.846469][    C0]  coredump_write+0x1216/0x1910
[  279.846499][    C0]  ? __pfx_coredump_write+0x10/0x10
[  279.846527][    C0]  ? unshare_files+0xa8/0x140
[  279.846547][    C0]  vfs_coredump+0x36a9/0x4280
[  279.846577][    C0]  ? __pfx_vfs_coredump+0x10/0x10
[  279.846596][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  279.846624][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  279.846655][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  279.846684][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  279.846711][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  279.846742][    C0]  ? unwind_next_frame+0xa5/0x23c0
[  279.846769][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  279.846797][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  279.846826][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  279.846851][    C0]  ? kernel_text_address+0xa5/0xe0
[  279.846874][    C0]  ? __kernel_text_address+0xd/0x30
[  279.846896][    C0]  ? unwind_get_return_address+0x4d/0x90
[  279.846913][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  279.846935][    C0]  ? arch_stack_walk+0xfb/0x150
[  279.846958][    C0]  ? stack_trace_save+0xa9/0x100
[  279.846979][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  279.847002][    C0]  ? stack_depot_save_flags+0x33/0x810
[  279.847021][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  279.847048][    C0]  ? kasan_save_track+0x4f/0x80
[  279.847072][    C0]  ? kasan_save_track+0x3e/0x80
[  279.847097][    C0]  ? kasan_save_free_info+0x46/0x50
[  279.847118][    C0]  ? __kasan_slab_free+0x5c/0x80
[  279.847133][    C0]  ? kmem_cache_free+0x189/0x640
[  279.847149][    C0]  ? get_signal+0xa4a/0x1330
[  279.847171][    C0]  ? arch_do_signal_or_restart+0xbc/0x830
[  279.847193][    C0]  ? irqentry_exit+0x188/0x700
[  279.847212][    C0]  ? asm_exc_page_fault+0x26/0x30
[  279.847258][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  279.847279][    C0]  get_signal+0x1107/0x1330
[  279.847315][    C0]  arch_do_signal_or_restart+0xbc/0x830
[  279.847340][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  279.847374][    C0]  irqentry_exit+0x188/0x700
[  279.847394][    C0]  ? trace_irq_disable+0x3b/0x150
[  279.847419][    C0]  asm_exc_page_fault+0x26/0x30
[  279.847435][    C0] RIP: 0033:0x7f44c3452777
[  279.847450][    C0] Code: e8 8e fa ff ff 89 f2 48 8d 3d 0d 41 1b 00 48 8d 35 f4 fa 1d 00 31 c0 e8 e7 f8 ff ff 0f 1f 80 00 00 00 00 53 89 fb 48 83 ec 10 <64> 8b 04 25 a4 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  279.847464][    C0] RSP: 002b:00007f44c44a5120 EFLAGS: 00010202
[  279.847478][    C0] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f44c359c799
[  279.847489][    C0] RDX: 00007f44c44a5140 RSI: 00007f44c44a5270 RDI: 000000000000000b
[  279.847501][    C0] RBP: 00007f44c3632c99 R08: 0000000000000000 R09: 0000000000000000
[  279.847511][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  279.847521][    C0] R13: 00007f44c3816038 R14: 00007f44c3815fa0 R15: 00007ffe355a8e28
[  279.847543][    C0]  </TASK>
[  280.598182][ T5915] usb 8-1: GET_CAPABILITIES returned 0
[  280.604109][ T5915] usbtmc 8-1:16.0: can't read capabilities
[  280.806688][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  280.813615][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  280.824325][   T31] Tainted: [L]=SOFTLOCKUP
[  280.828678][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  280.838775][   T31] Call Trace:
[  280.842082][   T31]  <TASK>
[  280.845039][   T31]  vpanic+0x56c/0xa60
[  280.849065][   T31]  ? __pfx___schedule+0x10/0x10
[  280.853953][   T31]  ? __pfx_vpanic+0x10/0x10
[  280.858509][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f4/0x300
[  280.864729][   T31]  panic+0xc5/0xd0
[  280.868502][   T31]  ? __pfx_panic+0x10/0x10
[  280.872961][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  280.878375][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  280.884558][   T31]  watchdog+0x105b/0x1060
[  280.888915][   T31]  ? watchdog+0x1da/0x1060
[  280.893357][   T31]  kthread+0x388/0x470
[  280.897444][   T31]  ? __pfx_watchdog+0x10/0x10
[  280.902139][   T31]  ? __pfx_kthread+0x10/0x10
[  280.906753][   T31]  ret_from_fork+0x51e/0xb90
[  280.911367][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  280.916506][   T31]  ? __switch_to+0xc7d/0x1450
[  280.921240][   T31]  ? __pfx_kthread+0x10/0x10
[  280.925852][   T31]  ret_from_fork_asm+0x1a/0x30
[  280.930646][   T31]  </TASK>
[  280.934526][   T31] Kernel Offset: disabled
[  280.938857][   T31] Rebooting in 86400 seconds..